diff --git a/api/v1alpha1/policy_helpers.go b/api/v1alpha1/policy_helpers.go index f1bc16e178..054ca72f71 100644 --- a/api/v1alpha1/policy_helpers.go +++ b/api/v1alpha1/policy_helpers.go @@ -6,6 +6,7 @@ package v1alpha1 import ( + gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2" ) @@ -30,10 +31,10 @@ type TargetSelector struct { // Group is the group that this selector targets. Defaults to gateway.networking.k8s.io // // +kubebuilder:default:="gateway.networking.k8s.io" - Group *gwapiv1a2.Group `json:"group,omitempty"` + Group *gwapiv1.Group `json:"group,omitempty"` // Kind is the resource kind that this selector targets. - Kind gwapiv1a2.Kind `json:"kind"` + Kind gwapiv1.Kind `json:"kind"` // MatchLabels are the set of label selectors for identifying the targeted resource MatchLabels map[string]string `json:"matchLabels"` diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index ee36c4ef02..2f09746391 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -1956,7 +1956,7 @@ func (in *EnvoyPatchPolicySpec) DeepCopyInto(out *EnvoyPatchPolicySpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - out.TargetRef = in.TargetRef + in.TargetRef.DeepCopyInto(&out.TargetRef) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EnvoyPatchPolicySpec. diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml index ec95618f86..8b6103a30a 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.17.1 name: backends.gateway.envoyproxy.io spec: group: gateway.envoyproxy.io diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml index e0c56b6406..381e120f9d 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backendtrafficpolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.17.1 name: backendtrafficpolicies.gateway.envoyproxy.io spec: group: gateway.envoyproxy.io diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml index d3afb65b30..ebeba3ae17 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.17.1 name: clienttrafficpolicies.gateway.envoyproxy.io spec: group: gateway.envoyproxy.io diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml index a0740148a1..419ae6db01 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.17.1 name: envoyextensionpolicies.gateway.envoyproxy.io spec: group: gateway.envoyproxy.io diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoypatchpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoypatchpolicies.yaml index 591e61a4e5..bb6a1da996 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoypatchpolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoypatchpolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.17.1 name: envoypatchpolicies.gateway.envoyproxy.io spec: group: gateway.envoyproxy.io diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml index d6dcc22d9c..793d66fadd 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.17.1 name: envoyproxies.gateway.envoyproxy.io spec: group: gateway.envoyproxy.io diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_httproutefilters.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_httproutefilters.yaml index 195bf24ece..491de3a72d 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_httproutefilters.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_httproutefilters.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.17.1 name: httproutefilters.gateway.envoyproxy.io spec: group: gateway.envoyproxy.io diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml index 103d1fb7ca..d65906093d 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.17.1 name: securitypolicies.gateway.envoyproxy.io spec: group: gateway.envoyproxy.io diff --git a/examples/envoy-als/Dockerfile b/examples/envoy-als/Dockerfile index 835a820071..6c72376c08 100644 --- a/examples/envoy-als/Dockerfile +++ b/examples/envoy-als/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 AS builder +FROM golang:1.23.6 AS builder ARG GO_LDFLAGS="" diff --git a/examples/envoy-als/go.mod b/examples/envoy-als/go.mod index 22ac595d19..fd0ed24dce 100644 --- a/examples/envoy-als/go.mod +++ b/examples/envoy-als/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway-envoy-als -go 1.23.3 +go 1.23.6 require ( github.com/envoyproxy/go-control-plane v0.13.1 diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod index 52f8ff8690..7559b26c89 100644 --- a/examples/extension-server/go.mod +++ b/examples/extension-server/go.mod @@ -1,6 +1,6 @@ module github.com/exampleorg/envoygateway-extension -go 1.23.3 +go 1.23.6 require ( github.com/envoyproxy/gateway v1.0.2 @@ -9,8 +9,8 @@ require ( github.com/urfave/cli/v2 v2.27.5 google.golang.org/grpc v1.69.4 google.golang.org/protobuf v1.36.3 - k8s.io/apimachinery v0.32.1 - sigs.k8s.io/controller-runtime v0.20.0 + k8s.io/apimachinery v0.32.2 + sigs.k8s.io/controller-runtime v0.20.2 sigs.k8s.io/gateway-api v1.2.1 ) @@ -32,9 +32,9 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect - golang.org/x/net v0.34.0 // indirect - golang.org/x/sys v0.29.0 // indirect - golang.org/x/text v0.21.0 // indirect + golang.org/x/net v0.35.0 // indirect + golang.org/x/sys v0.30.0 // indirect + golang.org/x/text v0.22.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/examples/extension-server/go.sum b/examples/extension-server/go.sum index 94c545a47b..9850c58481 100644 --- a/examples/extension-server/go.sum +++ b/examples/extension-server/go.sum @@ -50,10 +50,10 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= -github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= +github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= +github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -98,26 +98,26 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= -golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= +golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= -golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= +golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY= +golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -137,16 +137,16 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= -k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= -k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= -k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw= +k8s.io/api v0.32.2/go.mod h1:hKlhk4x1sJyYnHENsrdCWw31FEmCijNGPJO5WzHiJ6Y= +k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= +k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.20.0 h1:jjkMo29xEXH+02Md9qaVXfEIaMESSpy3TBWPrsfQkQs= -sigs.k8s.io/controller-runtime v0.20.0/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU= +sigs.k8s.io/controller-runtime v0.20.2 h1:/439OZVxoEc02psi1h4QO3bHzTgu49bb347Xp4gW1pc= +sigs.k8s.io/controller-runtime v0.20.2/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= sigs.k8s.io/gateway-api v1.2.1 h1:fZZ/+RyRb+Y5tGkwxFKuYuSRQHu9dZtbjenblleOLHM= sigs.k8s.io/gateway-api v1.2.1/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= diff --git a/examples/extension-server/tools/src/controller-gen/go.mod b/examples/extension-server/tools/src/controller-gen/go.mod index 8b2966e84f..8b0032bce8 100644 --- a/examples/extension-server/tools/src/controller-gen/go.mod +++ b/examples/extension-server/tools/src/controller-gen/go.mod @@ -1,6 +1,6 @@ module local -go 1.22.7 +go 1.23.6 require sigs.k8s.io/controller-tools v0.15.0 diff --git a/examples/grpc-ext-auth/Dockerfile b/examples/grpc-ext-auth/Dockerfile index f90bb04d8c..50613d15d6 100644 --- a/examples/grpc-ext-auth/Dockerfile +++ b/examples/grpc-ext-auth/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 AS builder +FROM golang:1.23.6 AS builder ARG GO_LDFLAGS="" diff --git a/examples/grpc-ext-auth/go.mod b/examples/grpc-ext-auth/go.mod index 126191e183..2d5cc5fc21 100644 --- a/examples/grpc-ext-auth/go.mod +++ b/examples/grpc-ext-auth/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway-grcp-ext-auth -go 1.23.3 +go 1.23.6 require ( github.com/envoyproxy/go-control-plane v0.13.1 diff --git a/examples/grpc-ext-proc/Dockerfile b/examples/grpc-ext-proc/Dockerfile index cd0f7db820..dcb44244aa 100644 --- a/examples/grpc-ext-proc/Dockerfile +++ b/examples/grpc-ext-proc/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 AS builder +FROM golang:1.23.6 AS builder ARG GO_LDFLAGS="" diff --git a/examples/grpc-ext-proc/go.mod b/examples/grpc-ext-proc/go.mod index 29a01e6ffa..0ebcf6c69b 100644 --- a/examples/grpc-ext-proc/go.mod +++ b/examples/grpc-ext-proc/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway-grpc-ext-proc -go 1.23.3 +go 1.23.6 require ( github.com/envoyproxy/go-control-plane v0.13.1 diff --git a/examples/preserve-case-backend/Dockerfile b/examples/preserve-case-backend/Dockerfile index 46d71ff22b..db35e5288e 100644 --- a/examples/preserve-case-backend/Dockerfile +++ b/examples/preserve-case-backend/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 AS builder +FROM golang:1.23.6 AS builder ARG GO_LDFLAGS="" diff --git a/examples/preserve-case-backend/go.mod b/examples/preserve-case-backend/go.mod index 22c616a7ba..2cb70a9089 100644 --- a/examples/preserve-case-backend/go.mod +++ b/examples/preserve-case-backend/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway-preserve-case-backend -go 1.23.3 +go 1.23.6 require github.com/valyala/fasthttp v1.51.0 diff --git a/examples/static-file-server/Dockerfile b/examples/static-file-server/Dockerfile index 1f1268a219..46d61bf287 100644 --- a/examples/static-file-server/Dockerfile +++ b/examples/static-file-server/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3 AS builder +FROM golang:1.23.6 AS builder ARG GO_LDFLAGS="" diff --git a/examples/static-file-server/go.mod b/examples/static-file-server/go.mod index 69cc2a932d..e99c5fe7f7 100644 --- a/examples/static-file-server/go.mod +++ b/examples/static-file-server/go.mod @@ -1,3 +1,3 @@ module github.com/envoyproxy/static-file-server -go 1.23.3 +go 1.23.6 diff --git a/go.mod b/go.mod index 1993b7d139..bbb1ff92c2 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway -go 1.23.3 +go 1.23.6 replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.16 @@ -21,12 +21,15 @@ require ( github.com/envoyproxy/go-control-plane/ratelimit v0.1.0 github.com/envoyproxy/ratelimit v1.4.1-0.20230427142404-e2a87f41d3a7 github.com/evanphx/json-patch v5.9.0+incompatible - github.com/evanphx/json-patch/v5 v5.9.0 + github.com/evanphx/json-patch/v5 v5.9.11 github.com/fatih/color v1.18.0 github.com/fsnotify/fsnotify v1.8.0 github.com/go-logfmt/logfmt v0.6.0 github.com/go-logr/logr v1.4.2 github.com/go-logr/zapr v1.3.0 + github.com/go-openapi/spec v0.21.0 + github.com/go-openapi/strfmt v0.23.0 + github.com/go-openapi/validate v0.24.0 github.com/golang/protobuf v1.5.4 github.com/google/cel-go v0.22.1 github.com/google/go-cmp v0.6.0 @@ -56,22 +59,23 @@ require ( go.opentelemetry.io/proto/otlp v1.5.0 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e - golang.org/x/net v0.34.0 - golang.org/x/sys v0.29.0 + golang.org/x/net v0.35.0 + golang.org/x/sys v0.30.0 google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f google.golang.org/grpc v1.69.4 google.golang.org/protobuf v1.36.3 gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.16.4 - k8s.io/api v0.32.1 - k8s.io/apiextensions-apiserver v0.32.1 - k8s.io/apimachinery v0.32.1 - k8s.io/cli-runtime v0.32.1 - k8s.io/client-go v0.32.1 + k8s.io/api v0.32.2 + k8s.io/apiextensions-apiserver v0.32.2 + k8s.io/apimachinery v0.32.2 + k8s.io/cli-runtime v0.32.2 + k8s.io/client-go v0.32.2 k8s.io/klog/v2 v2.130.1 - k8s.io/kubectl v0.32.1 + k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 + k8s.io/kubectl v0.32.2 k8s.io/utils v0.0.0-20241210054802-24370beab758 - sigs.k8s.io/controller-runtime v0.20.0 + sigs.k8s.io/controller-runtime v0.20.2 sigs.k8s.io/gateway-api v1.2.1 sigs.k8s.io/kubectl-validate v0.0.5-0.20241223122011-eb064d2f92d5 sigs.k8s.io/mcs-api v0.1.0 @@ -139,8 +143,11 @@ require ( github.com/go-gorp/gorp/v3 v3.1.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.3.0 // indirect + github.com/go-openapi/analysis v0.23.0 // indirect + github.com/go-openapi/errors v0.22.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/loads v0.22.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect github.com/go-redis/redis/v7 v7.4.1 // indirect github.com/go-sql-driver/mysql v1.8.1 // indirect @@ -211,6 +218,7 @@ require ( github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect + github.com/oklog/ulid v1.3.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0 // indirect github.com/opencontainers/runtime-spec v1.2.0 // indirect @@ -257,6 +265,7 @@ require ( go.etcd.io/etcd/api/v3 v3.5.16 // indirect go.etcd.io/etcd/client/pkg/v3 v3.5.16 // indirect go.etcd.io/etcd/client/v3 v3.5.16 // indirect + go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect @@ -265,25 +274,24 @@ require ( go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.34.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.32.0 // indirect + golang.org/x/crypto v0.35.0 // indirect golang.org/x/crypto/x509roots/fallback v0.0.0-20240904212608-c9da6b9a4008 // indirect - golang.org/x/mod v0.22.0 // indirect - golang.org/x/oauth2 v0.25.0 // indirect - golang.org/x/sync v0.10.0 // indirect - golang.org/x/term v0.28.0 // indirect - golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.7.0 // indirect - golang.org/x/tools v0.29.0 // indirect + golang.org/x/mod v0.23.0 // indirect + golang.org/x/oauth2 v0.27.0 // indirect + golang.org/x/sync v0.11.0 // indirect + golang.org/x/term v0.29.0 // indirect + golang.org/x/text v0.22.0 // indirect + golang.org/x/time v0.9.0 // indirect + golang.org/x/tools v0.30.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/apiserver v0.32.1 // indirect - k8s.io/component-base v0.32.1 // indirect - k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect - k8s.io/metrics v0.32.1 // indirect + k8s.io/apiserver v0.32.2 // indirect + k8s.io/component-base v0.32.2 // indirect + k8s.io/metrics v0.32.2 // indirect oras.land/oras-go v1.2.6 // indirect periph.io/x/host/v3 v3.8.2 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.1 // indirect diff --git a/go.sum b/go.sum index 35e6872946..ffb75d6685 100644 --- a/go.sum +++ b/go.sum @@ -242,8 +242,8 @@ github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLi github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.0.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= -github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= -github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= +github.com/evanphx/json-patch/v5 v5.9.11/go.mod h1:3j+LviiESTElxA4p3EMKAB9HXj3/XEtnUf6OZxqIQTM= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f h1:Wl78ApPPB2Wvf/TIe2xdyJxTlb6obmF18d8QdkxNDu4= github.com/exponent-io/jsonpath v0.0.0-20210407135951-1de76d718b3f/go.mod h1:OSYXu++VVOHnXeitef/D8n/6y4QV8uLHSFXX4NeXMGc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= @@ -293,9 +293,13 @@ github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpR github.com/go-openapi/analysis v0.18.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.19.2/go.mod h1:3P1osvZa9jKjb8ed2TPng3f0i/UY9snX6gxi44djMjk= github.com/go-openapi/analysis v0.19.5/go.mod h1:hkEAkxagaIvIP7VTn8ygJNkd4kAYON2rCu0v0ObL0AU= +github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= +github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= github.com/go-openapi/errors v0.17.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.18.0/go.mod h1:LcZQpmvG4wyF5j4IhA73wkLFQg+QJXOQHVjmcZxhka0= github.com/go-openapi/errors v0.19.2/go.mod h1:qX0BLWsyaKfvhluLejVpVNwNRdXZhEbTA4kxxpKBC94= +github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w= +github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE= github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= @@ -315,6 +319,8 @@ github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.19.2/go.mod h1:QAskZPMX5V0C2gvfkGZzJlINuP7Hx/4+ix5jWFxsNPs= github.com/go-openapi/loads v0.19.4/go.mod h1:zZVHonKd8DXyxyw4yfnVjPzBjIQcLt0CCsn0N0ZrQsk= +github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= +github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= github.com/go-openapi/runtime v0.0.0-20180920151709-4f900dc2ade9/go.mod h1:6v9a6LTXWQCdL8k1AO3cvqx5OtZY/Y9wKTgaoP6YRfA= github.com/go-openapi/runtime v0.19.0/go.mod h1:OwNfisksmmaZse4+gpV3Ne9AyMOlP1lt4sK4FXt0O64= github.com/go-openapi/runtime v0.19.4/go.mod h1:X277bwSUBxVlCYR3r7xgZZGKVvBd/29gLDlFGtJ8NL4= @@ -323,10 +329,14 @@ github.com/go-openapi/spec v0.17.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsd github.com/go-openapi/spec v0.18.0/go.mod h1:XkF/MOi14NmjsfZ8VtAKf8pIlbZzyoTvZsdfssdxcBI= github.com/go-openapi/spec v0.19.2/go.mod h1:sCxk3jxKgioEJikev4fgkNmwS+3kuYdJtcsZsD5zxMY= github.com/go-openapi/spec v0.19.3/go.mod h1:FpwSN1ksY1eteniUU7X0N/BgJ7a4WvBFVA8Lj9mJglo= +github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= +github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= github.com/go-openapi/strfmt v0.17.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= github.com/go-openapi/strfmt v0.18.0/go.mod h1:P82hnJI0CXkErkXi8IKjPbNBM6lV6+5pLP5l494TcyU= github.com/go-openapi/strfmt v0.19.0/go.mod h1:+uW+93UVvGGq2qGaZxdDeJqSAqBqBdl+ZPMF/cC8nDY= github.com/go-openapi/strfmt v0.19.3/go.mod h1:0yX7dbo8mKIvc3XSKp7MNfxw4JytCfCD6+bY1AVL9LU= +github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= +github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= @@ -337,6 +347,8 @@ github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= +github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58= +github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ= github.com/go-quicktest/qt v1.101.0 h1:O1K29Txy5P2OK0dGo59b7b0LR6wKfIhttaAhHUyn7eI= github.com/go-quicktest/qt v1.101.0/go.mod h1:14Bz/f7NwaXPtdYEgzsx46kqSxVwTbzVZsDC26tQJow= github.com/go-redis/redis/v7 v7.4.1 h1:PASvf36gyUpr2zdOUS/9Zqc80GbM+9BDyiJSJDDOrTI= @@ -634,6 +646,7 @@ github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= github.com/ohler55/ojg v1.26.0 h1:oDZZGGkBUa/g/pu58RijTUP2QXiXsNsEnlopvoupJS8= github.com/ohler55/ojg v1.26.0/go.mod h1:gQhDVpQLqrmnd2eqGAvJtn+NfKoYJbe/A4Sj3/Vro4o= +github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -643,15 +656,15 @@ github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+ github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.14.0 h1:2mOpI4JVVPBN+WQRa0WKH2eXR+Ey+uK4n7Zj0aYpIQA= github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= -github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= +github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= +github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug= @@ -890,6 +903,8 @@ go.etcd.io/etcd/server/v3 v3.5.16/go.mod h1:ynhyZZpdDp1Gq49jkUg5mfkDWZwXnn3eIqCq go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= +go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= +go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= @@ -949,8 +964,8 @@ golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc= -golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc= +golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs= +golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ= golang.org/x/crypto/x509roots/fallback v0.0.0-20240904212608-c9da6b9a4008 h1:vKHSxFhPLnBEYu9R8DcQ4gXq9EqU0VVhC9pq9wmtYsg= golang.org/x/crypto/x509roots/fallback v0.0.0-20240904212608-c9da6b9a4008/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -962,8 +977,8 @@ golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= -golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.23.0 h1:Zb7khfcRGKk+kqfxFaP5tZqCnDZMjC5VtUBs87Hr6QM= +golang.org/x/mod v0.23.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -987,13 +1002,13 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0= -golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k= +golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= +golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= -golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M= +golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1001,8 +1016,8 @@ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= -golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= +golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1039,22 +1054,22 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= -golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= +golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= +golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= +golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= -golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1071,8 +1086,8 @@ golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= -golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= +golang.org/x/tools v0.30.0 h1:BgcpHewrV5AUp2G9MebG4XPFI1E2W41zU1SaqVA9vJY= +golang.org/x/tools v0.30.0/go.mod h1:c347cR/OJfw5TI+GfX7RUPNMdDRRbjvYTS0jPyvsVtY= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1162,32 +1177,32 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.18.2/go.mod h1:SJCWI7OLzhZSvbY7U8zwNl9UA4o1fizoug34OV/2r78= k8s.io/api v0.18.4/go.mod h1:lOIQAKYgai1+vz9J7YcDZwC26Z0zQewYOGWdyIPUUQ4= -k8s.io/api v0.32.1 h1:f562zw9cy+GvXzXf0CKlVQ7yHJVYzLfL6JAS4kOAaOc= -k8s.io/api v0.32.1/go.mod h1:/Yi/BqkuueW1BgpoePYBRdDYfjPF5sgTr5+YqDZra5k= +k8s.io/api v0.32.2 h1:bZrMLEkgizC24G9eViHGOPbW+aRo9duEISRIJKfdJuw= +k8s.io/api v0.32.2/go.mod h1:hKlhk4x1sJyYnHENsrdCWw31FEmCijNGPJO5WzHiJ6Y= k8s.io/apiextensions-apiserver v0.18.2/go.mod h1:q3faSnRGmYimiocj6cHQ1I3WpLqmDgJFlKL37fC4ZvY= k8s.io/apiextensions-apiserver v0.18.4/go.mod h1:NYeyeYq4SIpFlPxSAB6jHPIdvu3hL0pc36wuRChybio= -k8s.io/apiextensions-apiserver v0.32.1 h1:hjkALhRUeCariC8DiVmb5jj0VjIc1N0DREP32+6UXZw= -k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto= +k8s.io/apiextensions-apiserver v0.32.2 h1:2YMk285jWMk2188V2AERy5yDwBYrjgWYggscghPCvV4= +k8s.io/apiextensions-apiserver v0.32.2/go.mod h1:GPwf8sph7YlJT3H6aKUWtd0E+oyShk/YHWQHf/OOgCA= k8s.io/apimachinery v0.18.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= k8s.io/apimachinery v0.18.4/go.mod h1:OaXp26zu/5J7p0f92ASynJa1pZo06YlV9fG7BoWbCko= -k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs= -k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/apimachinery v0.32.2 h1:yoQBR9ZGkA6Rgmhbp/yuT9/g+4lxtsGYwW6dR6BDPLQ= +k8s.io/apimachinery v0.32.2/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= k8s.io/apiserver v0.18.2/go.mod h1:Xbh066NqrZO8cbsoenCwyDJ1OSi8Ag8I2lezeHxzwzw= k8s.io/apiserver v0.18.4/go.mod h1:q+zoFct5ABNnYkGIaGQ3bcbUNdmPyOCoEBcg51LChY8= -k8s.io/apiserver v0.32.1 h1:oo0OozRos66WFq87Zc5tclUX2r0mymoVHRq8JmR7Aak= -k8s.io/apiserver v0.32.1/go.mod h1:UcB9tWjBY7aryeI5zAgzVJB/6k7E97bkr1RgqDz0jPw= -k8s.io/cli-runtime v0.32.1 h1:19nwZPlYGJPUDbhAxDIS2/oydCikvKMHsxroKNGA2mM= -k8s.io/cli-runtime v0.32.1/go.mod h1:NJPbeadVFnV2E7B7vF+FvU09mpwYlZCu8PqjzfuOnkY= +k8s.io/apiserver v0.32.2 h1:WzyxAu4mvLkQxwD9hGa4ZfExo3yZZaYzoYvvVDlM6vw= +k8s.io/apiserver v0.32.2/go.mod h1:PEwREHiHNU2oFdte7BjzA1ZyjWjuckORLIK/wLV5goM= +k8s.io/cli-runtime v0.32.2 h1:aKQR4foh9qeyckKRkNXUccP9moxzffyndZAvr+IXMks= +k8s.io/cli-runtime v0.32.2/go.mod h1:a/JpeMztz3xDa7GCyyShcwe55p8pbcCVQxvqZnIwXN8= k8s.io/client-go v0.18.2/go.mod h1:Xcm5wVGXX9HAA2JJ2sSBUn3tCJ+4SVlCbl2MNNv+CIU= k8s.io/client-go v0.18.4/go.mod h1:f5sXwL4yAZRkAtzOxRWUhA/N8XzGCb+nPZI8PfobZ9g= -k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU= -k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg= +k8s.io/client-go v0.32.2 h1:4dYCD4Nz+9RApM2b/3BtVvBHw54QjMFUl1OLcJG5yOA= +k8s.io/client-go v0.32.2/go.mod h1:fpZ4oJXclZ3r2nDOv+Ux3XcJutfrwjKTCHz2H3sww94= k8s.io/code-generator v0.18.2/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= k8s.io/code-generator v0.18.4/go.mod h1:TgNEVx9hCyPGpdtCWA34olQYLkh3ok9ar7XfSsr8b6c= k8s.io/component-base v0.18.2/go.mod h1:kqLlMuhJNHQ9lz8Z7V5bxUUtjFZnrypArGl58gmDfUM= k8s.io/component-base v0.18.4/go.mod h1:7jr/Ef5PGmKwQhyAz/pjByxJbC58mhKAhiaDu0vXfPk= -k8s.io/component-base v0.32.1 h1:/5IfJ0dHIKBWysGV0yKTFfacZ5yNV1sulPh3ilJjRZk= -k8s.io/component-base v0.32.1/go.mod h1:j1iMMHi/sqAHeG5z+O9BFNCF698a1u0186zkjMZQ28w= +k8s.io/component-base v0.32.2 h1:1aUL5Vdmu7qNo4ZsE+569PV5zFatM9hl+lb3dEea2zU= +k8s.io/component-base v0.32.2/go.mod h1:PXJ61Vx9Lg+P5mS8TLd7bCIr+eMJRQTyXe8KvkrvJq0= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= @@ -1196,16 +1211,16 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kms v0.32.1 h1:TW6cswRI/fawoQRFGWLmEceO37rZXupdoRdmO019jCc= -k8s.io/kms v0.32.1/go.mod h1:Bk2evz/Yvk0oVrvm4MvZbgq8BD34Ksxs2SRHn4/UiOM= +k8s.io/kms v0.32.2 h1:7Ff23ht7W40gTcDwUC8G5WjX5W/nxD8WxbNhIYYNZCI= +k8s.io/kms v0.32.2/go.mod h1:Bk2evz/Yvk0oVrvm4MvZbgq8BD34Ksxs2SRHn4/UiOM= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas= -k8s.io/kubectl v0.32.1 h1:/btLtXLQUU1rWx8AEvX9jrb9LaI6yeezt3sFALhB8M8= -k8s.io/kubectl v0.32.1/go.mod h1:sezNuyWi1STk4ZNPVRIFfgjqMI6XMf+oCVLjZen/pFQ= -k8s.io/metrics v0.32.1 h1:Ou4nrEtZS2vFf7OJCf9z3+2kr0A00kQzfoSwxg0gXps= -k8s.io/metrics v0.32.1/go.mod h1:cLnai9XKYby1tNMX+xe8p9VLzTqrxYPcmqfCBoWObcM= +k8s.io/kubectl v0.32.2 h1:TAkag6+XfSBgkqK9I7ZvwtF0WVtUAvK8ZqTt+5zi1Us= +k8s.io/kubectl v0.32.2/go.mod h1:+h/NQFSPxiDZYX/WZaWw9fwYezGLISP0ud8nQKg+3g8= +k8s.io/metrics v0.32.2 h1:7t/rZzTHFrGa9f94XcgLlm3ToAuJtdlHANcJEHlYl9g= +k8s.io/metrics v0.32.2/go.mod h1:VL3nJpzcgB6L5nSljkkzoE0nilZhVgcjCfNRgoylaIQ= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20200603063816-c1c6865ac451/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= @@ -1218,8 +1233,8 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.1 h1:uOuSLOMBWkJH0TWa9X6l+mj5nZdm6Ay6Bli8HL8rNfk= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.1/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.6.1/go.mod h1:XRYBPdbf5XJu9kpS84VJiZ7h/u1hF3gEORz0efEja7A= -sigs.k8s.io/controller-runtime v0.20.0 h1:jjkMo29xEXH+02Md9qaVXfEIaMESSpy3TBWPrsfQkQs= -sigs.k8s.io/controller-runtime v0.20.0/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU= +sigs.k8s.io/controller-runtime v0.20.2 h1:/439OZVxoEc02psi1h4QO3bHzTgu49bb347Xp4gW1pc= +sigs.k8s.io/controller-runtime v0.20.2/go.mod h1:xg2XB0K5ShQzAgsoujxuKN4LNXR2LfwwHsPj7Iaw+XY= sigs.k8s.io/controller-tools v0.3.0/go.mod h1:enhtKGfxZD1GFEoMgP8Fdbu+uKQ/cq1/WGJhdVChfvI= sigs.k8s.io/gateway-api v1.2.1 h1:fZZ/+RyRb+Y5tGkwxFKuYuSRQHu9dZtbjenblleOLHM= sigs.k8s.io/gateway-api v1.2.1/go.mod h1:EpNfEXNjiYfUJypf0eZ0P5iXA9ekSGWaS1WgPaM42X0= diff --git a/internal/cmd/egctl/testdata/translate/out/backend-endpoint.all.yaml b/internal/cmd/egctl/testdata/translate/out/backend-endpoint.all.yaml index d3f3ed2c77..0841f84877 100644 --- a/internal/cmd/egctl/testdata/translate/out/backend-endpoint.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/backend-endpoint.all.yaml @@ -40,7 +40,10 @@ gateways: spec: gatewayClassName: eg listeners: - - name: http + - allowedRoutes: + namespaces: + from: Same + name: http port: 80 protocol: HTTP status: @@ -78,12 +81,15 @@ httpRoutes: hostnames: - www.example.com parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg rules: - backendRefs: - group: gateway.envoyproxy.io kind: Backend name: backend + weight: 1 matches: - path: type: PathPrefix @@ -103,4 +109,6 @@ httpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml index 8b486afbf1..f2c84a1edc 100644 --- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml @@ -210,13 +210,22 @@ gateways: spec: gatewayClassName: eg listeners: - - name: tcp + - allowedRoutes: + namespaces: + from: Same + name: tcp port: 1234 protocol: TCP - - name: udp + - allowedRoutes: + namespaces: + from: Same + name: udp port: 1234 protocol: UDP - - hostname: foo.com + - allowedRoutes: + namespaces: + from: Same + hostname: foo.com name: tls-passthrough port: 8443 protocol: TLS @@ -226,6 +235,8 @@ gateways: kinds: - group: gateway.networking.k8s.io kind: HTTPRoute + namespaces: + from: Same name: http port: 80 protocol: HTTP @@ -233,6 +244,8 @@ gateways: kinds: - group: gateway.networking.k8s.io kind: GRPCRoute + namespaces: + from: Same name: grpc port: 8080 protocol: HTTP @@ -353,7 +366,9 @@ grpcRoutes: hostnames: - www.grpc-example.com parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: grpc rules: - backendRefs: @@ -366,6 +381,7 @@ grpcRoutes: - method: method: DoThing service: com.example.Things + type: Exact status: parents: - conditions: @@ -381,6 +397,8 @@ grpcRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: grpc httpRoutes: @@ -393,7 +411,9 @@ httpRoutes: hostnames: - www.example.com parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg rules: - backendRefs: - group: "" @@ -420,6 +440,8 @@ httpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg tcpRoutes: - kind: TCPRoute @@ -429,7 +451,9 @@ tcpRoutes: namespace: default spec: parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: tcp rules: - backendRefs: @@ -453,6 +477,8 @@ tcpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: tcp tlsRoutes: @@ -463,7 +489,9 @@ tlsRoutes: namespace: default spec: parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: tls-passthrough rules: - backendRefs: @@ -487,6 +515,8 @@ tlsRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: tls-passthrough udpRoutes: @@ -497,7 +527,9 @@ udpRoutes: namespace: default spec: parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: udp rules: - backendRefs: @@ -521,6 +553,8 @@ udpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: udp xds: diff --git a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml index de5d16949b..8d819d6120 100644 --- a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml +++ b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml @@ -22,7 +22,10 @@ gateways: spec: gatewayClassName: eg listeners: - - name: http + - allowedRoutes: + namespaces: + from: Same + name: http port: 80 protocol: HTTP status: @@ -60,7 +63,9 @@ httpRoutes: hostnames: - www.example.com parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg rules: - backendRefs: - group: "" @@ -87,6 +92,8 @@ httpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg xds: envoy-gateway-system/eg: diff --git a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.route.json b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.route.json index f069c670af..cb22c731ea 100644 --- a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.route.json +++ b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.route.json @@ -35,7 +35,12 @@ { "name": "http", "port": 80, - "protocol": "HTTP" + "protocol": "HTTP", + "allowedRoutes": { + "namespaces": { + "from": "Same" + } + } } ] }, @@ -93,6 +98,8 @@ "spec": { "parentRefs": [ { + "group": "gateway.networking.k8s.io", + "kind": "Gateway", "name": "eg" } ], @@ -125,6 +132,8 @@ "parents": [ { "parentRef": { + "group": "gateway.networking.k8s.io", + "kind": "Gateway", "name": "eg" }, "controllerName": "gateway.envoyproxy.io/gatewayclass-controller", diff --git a/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml b/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml index bd4ac1d198..b51220df31 100644 --- a/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/invalid-envoyproxy.all.yaml @@ -18,7 +18,9 @@ envoyProxyForGatewayClass: socket_address: address: 127.0.0.1 port_value: 19000 - logging: {} + logging: + level: + default: warn status: {} gatewayClass: kind: GatewayClass @@ -49,13 +51,22 @@ gateways: spec: gatewayClassName: eg listeners: - - name: tcp + - allowedRoutes: + namespaces: + from: Same + name: tcp port: 1234 protocol: TCP - - name: udp + - allowedRoutes: + namespaces: + from: Same + name: udp port: 1234 protocol: UDP - - hostname: foo.com + - allowedRoutes: + namespaces: + from: Same + hostname: foo.com name: tls-passthrough port: 8443 protocol: TLS @@ -65,6 +76,8 @@ gateways: kinds: - group: gateway.networking.k8s.io kind: HTTPRoute + namespaces: + from: Same name: http port: 80 protocol: HTTP @@ -72,6 +85,8 @@ gateways: kinds: - group: gateway.networking.k8s.io kind: GRPCRoute + namespaces: + from: Same name: grpc port: 8080 protocol: HTTP @@ -192,7 +207,9 @@ grpcRoutes: hostnames: - www.grpc-example.com parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: grpc rules: - backendRefs: @@ -205,6 +222,7 @@ grpcRoutes: - method: method: DoThing service: com.example.Things + type: Exact status: parents: - conditions: @@ -220,6 +238,8 @@ grpcRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: grpc httpRoutes: @@ -232,7 +252,9 @@ httpRoutes: hostnames: - www.example.com parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg rules: - backendRefs: - group: "" @@ -259,6 +281,8 @@ httpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg tcpRoutes: - kind: TCPRoute @@ -268,7 +292,9 @@ tcpRoutes: namespace: default spec: parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: tcp rules: - backendRefs: @@ -292,6 +318,8 @@ tcpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: tcp tlsRoutes: @@ -302,7 +330,9 @@ tlsRoutes: namespace: default spec: parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: tls-passthrough rules: - backendRefs: @@ -326,6 +356,8 @@ tlsRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: tls-passthrough udpRoutes: @@ -336,7 +368,9 @@ udpRoutes: namespace: default spec: parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: udp rules: - backendRefs: @@ -360,5 +394,7 @@ udpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: udp diff --git a/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml b/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml index d41db55077..441a9ce098 100644 --- a/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml @@ -7,7 +7,10 @@ gateways: spec: gatewayClassName: eg listeners: - - name: http + - allowedRoutes: + namespaces: + from: Same + name: http port: 80 protocol: HTTP status: @@ -45,7 +48,9 @@ httpRoutes: hostnames: - www.example.com parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg rules: - backendRefs: - group: "" @@ -72,6 +77,8 @@ httpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg infraIR: envoy-gateway-system/eg: diff --git a/internal/cmd/egctl/testdata/translate/out/rejected-http-route.route.yaml b/internal/cmd/egctl/testdata/translate/out/rejected-http-route.route.yaml index 18e5910acc..cff3a5f335 100644 --- a/internal/cmd/egctl/testdata/translate/out/rejected-http-route.route.yaml +++ b/internal/cmd/egctl/testdata/translate/out/rejected-http-route.route.yaml @@ -22,7 +22,10 @@ gateways: spec: gatewayClassName: eg listeners: - - name: tls + - allowedRoutes: + namespaces: + from: Same + name: tls port: 8443 protocol: TLS status: @@ -53,7 +56,9 @@ httpRoutes: namespace: envoy-gateway-system spec: parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg rules: - backendRefs: - group: "" @@ -80,4 +85,6 @@ httpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg diff --git a/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml b/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml index fe1b452f29..7ba42aa75e 100644 --- a/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml +++ b/internal/cmd/egctl/testdata/translate/out/valid-envoyproxy.all.yaml @@ -5,12 +5,16 @@ envoyProxyForGatewayClass: name: example namespace: default spec: - logging: {} + logging: + level: + default: warn provider: kubernetes: envoyService: annotations: custom1: svc-annotation1 + externalTrafficPolicy: Local + type: LoadBalancer type: Kubernetes status: {} gatewayClass: @@ -42,13 +46,22 @@ gateways: spec: gatewayClassName: eg listeners: - - name: tcp + - allowedRoutes: + namespaces: + from: Same + name: tcp port: 1234 protocol: TCP - - name: udp + - allowedRoutes: + namespaces: + from: Same + name: udp port: 1234 protocol: UDP - - hostname: foo.com + - allowedRoutes: + namespaces: + from: Same + hostname: foo.com name: tls-passthrough port: 8443 protocol: TLS @@ -58,6 +71,8 @@ gateways: kinds: - group: gateway.networking.k8s.io kind: HTTPRoute + namespaces: + from: Same name: http port: 80 protocol: HTTP @@ -65,6 +80,8 @@ gateways: kinds: - group: gateway.networking.k8s.io kind: GRPCRoute + namespaces: + from: Same name: grpc port: 8080 protocol: HTTP @@ -185,7 +202,9 @@ grpcRoutes: hostnames: - www.grpc-example.com parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: grpc rules: - backendRefs: @@ -198,6 +217,7 @@ grpcRoutes: - method: method: DoThing service: com.example.Things + type: Exact status: parents: - conditions: @@ -213,6 +233,8 @@ grpcRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: grpc httpRoutes: @@ -225,7 +247,9 @@ httpRoutes: hostnames: - www.example.com parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg rules: - backendRefs: - group: "" @@ -252,6 +276,8 @@ httpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg tcpRoutes: - kind: TCPRoute @@ -261,7 +287,9 @@ tcpRoutes: namespace: default spec: parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: tcp rules: - backendRefs: @@ -285,6 +313,8 @@ tcpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: tcp tlsRoutes: @@ -295,7 +325,9 @@ tlsRoutes: namespace: default spec: parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: tls-passthrough rules: - backendRefs: @@ -319,6 +351,8 @@ tlsRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: tls-passthrough udpRoutes: @@ -329,7 +363,9 @@ udpRoutes: namespace: default spec: parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg sectionName: udp rules: - backendRefs: @@ -353,5 +389,7 @@ udpRoutes: type: ResolvedRefs controllerName: gateway.envoyproxy.io/gatewayclass-controller parentRef: + group: gateway.networking.k8s.io + kind: Gateway name: eg sectionName: udp diff --git a/internal/gatewayapi/conformance/suite.go b/internal/gatewayapi/conformance/suite.go index 90181246b6..b3804f06b6 100644 --- a/internal/gatewayapi/conformance/suite.go +++ b/internal/gatewayapi/conformance/suite.go @@ -18,6 +18,12 @@ var SkipTests = []suite.ConformanceTest{ tests.GatewayInfrastructure, } +// SkipFeatures is a list of features that are skipped in the conformance report. +var SkipFeatures = sets.New[features.FeatureName]( + features.GatewayStaticAddressesFeature.Name, + features.GatewayInfrastructurePropagationFeature.Name, +) + func skipTestsShortNames(skipTests []suite.ConformanceTest) []string { shortNames := make([]string, len(skipTests)) for i, test := range skipTests { @@ -36,7 +42,10 @@ var EnvoyGatewaySuite = suite.ConformanceOptions{ func allFeatures() sets.Set[features.FeatureName] { allFeatures := sets.New[features.FeatureName]() for _, feature := range features.AllFeatures.UnsortedList() { - allFeatures.Insert(feature.Name) + // Dont add skipped features in the conformance report. + if !SkipFeatures.Has(feature.Name) { + allFeatures.Insert(feature.Name) + } } return allFeatures } diff --git a/internal/gatewayapi/resource/defaulter.go b/internal/gatewayapi/resource/defaulter.go new file mode 100644 index 0000000000..9a380c48e1 --- /dev/null +++ b/internal/gatewayapi/resource/defaulter.go @@ -0,0 +1,270 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package resource + +import ( + "encoding/json" + "errors" + "fmt" + "path" + "sort" + "strings" + + gospec "github.com/go-openapi/spec" + "github.com/go-openapi/strfmt" + "github.com/go-openapi/validate" + "github.com/go-openapi/validate/post" + "golang.org/x/exp/maps" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/client-go/openapi" + "k8s.io/kube-openapi/pkg/spec3" + kubespec "k8s.io/kube-openapi/pkg/validation/spec" + "sigs.k8s.io/kubectl-validate/pkg/openapiclient" + "sigs.k8s.io/kubectl-validate/pkg/utils" + "sigs.k8s.io/kubectl-validate/pkg/validator" +) + +// This file contains code derived from kubectl-validate, +// https://github.com/kubernetes-sigs/kubectl-validate +// from the source file +// https://github.com/kubernetes-sigs/kubectl-validate/blob/main/pkg/validator/validator.go +// and is provided here subject to the following: +// Copyright Project kubectl-validate Authors +// SPDX-License-Identifier: Apache-2.0 +// +// The Defaulter in this file is derived from Validator in kubectl-validate, +// since the Validator field `validatorCache` is not exposed and we would like +// to use the parsed schema for our CRD from it, we build this Defaulter that +// meets our needs. +// TODO: remove this file once can directly get schema from the Validator in kubectl-validate. + +var gatewaySchemaDefaulter, _ = newDefaulter(openapiclient.NewLocalCRDFiles(gatewayCRDsFS)) + +// Defaulter can set default values for crd object according to their schema. +type Defaulter struct { + gvs map[string]openapi.GroupVersion + schemaCache map[schema.GroupVersionKind]*kubespec.Schema +} + +func newDefaulter(client openapi.Client) (*Defaulter, error) { + gvs, err := client.Paths() + if err != nil { + return nil, err + } + + return &Defaulter{ + gvs: gvs, + schemaCache: map[schema.GroupVersionKind]*kubespec.Schema{}, + }, nil +} + +// ApplyDefault applies default values for input object, and return the object with default values. +func (d *Defaulter) ApplyDefault(obj *unstructured.Unstructured) (*unstructured.Unstructured, error) { + if obj == nil || obj.Object == nil { + return nil, fmt.Errorf("passed object cannot be nil") + } + + // shallow copy input object, this method can modify apiVersion, kind, or metadata. + obj = &unstructured.Unstructured{Object: maps.Clone(obj.UnstructuredContent())} + // deep copy metadata object. + obj.Object["metadata"] = runtime.DeepCopyJSONValue(obj.Object["metadata"]) + gvk := obj.GroupVersionKind() + schema, err := d.parseSchema(gvk) + if err != nil { + return nil, fmt.Errorf("failed to retrieve validator: %w", err) + } + + // convert kube-openapi spec to go-openapi spec via JSON format. + schemaBytes, err := schema.MarshalJSON() + if err != nil { + return nil, fmt.Errorf("failed to marshal schema: %w", err) + } + var goSchema gospec.Schema + err = goSchema.UnmarshalJSON(schemaBytes) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal schema: %w", err) + } + + v := validate.NewSchemaValidator(&goSchema, nil, "", strfmt.Default) + rs := v.Validate(obj.Object) + post.ApplyDefaults(rs) + // convert output object into unstructured one. + output, ok := rs.Data().(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("failed to convert output object") + } + + return &unstructured.Unstructured{Object: output}, nil +} + +func (d *Defaulter) parseSchema(gvk schema.GroupVersionKind) (*kubespec.Schema, error) { + if existing, ok := d.schemaCache[gvk]; ok { + return existing, nil + } + + // Otherwise, fetch the open API schema for this GV and do the above + // Lookup gvk in client + // Guess the rest mapping since we don't have a rest mapper for the target + // cluster + gvPath := "apis/" + gvk.Group + "/" + gvk.Version + if len(gvk.Group) == 0 { + gvPath = "api/" + gvk.Version + } + gvFetcher, exists := d.gvs[gvPath] + if !exists { + return nil, fmt.Errorf("failed to locate OpenAPI spec for GV: %v", gvk.GroupVersion()) + } + + documentBytes, err := gvFetcher.Schema("application/json") + if err != nil { + return nil, fmt.Errorf("error fetching openapi at path %s: %w", gvPath, err) + } + + openapiSpec := spec3.OpenAPI{} + if err := json.Unmarshal(documentBytes, &openapiSpec); err != nil { + return nil, fmt.Errorf("error parsing openapi spec: %w", err) + } + + // Apply our transformations to workaround known k8s schema deficiencies + for name, def := range openapiSpec.Components.Schemas { + //!TODO: would be useful to know which version of k8s each schema is believed + // to come from. + openapiSpec.Components.Schemas[name] = validator.ApplySchemaPatches(0, gvk.GroupVersion(), name, def) + } + + // Remove all references/indirection. + // This is kinda hacky because we still do allow recursive schemas via + // pointer trickery. + // No need for stack/queue approach since we mutate same dictionary/slice instances + // destructively. + // Replaces subschemas that contain refs with copy of the thing they refer to + // !TODO validate that no cyces are created by this process. If so, do not + // allow structural schema creation via JSON + // !TODO: track unresolved references? + // !TODO: Once Declarative Validation for native types lands we will be + // able to validate against the spec.Schema directly rather than + // StructuralSchema, so this will be able to be removed + var referenceErrors []error + for name, def := range openapiSpec.Components.Schemas { + // This hack only works because top level schemas never have references + // so we can reliably copy them knowing they won't change and pointer-share + // their subfields. The only schemas being modified here should be sub-fields. + openapiSpec.Components.Schemas[name] = utils.VisitSchema(name, def, utils.PreorderVisitor(func(ctx utils.VisitingContext, sch *kubespec.Schema) (*kubespec.Schema, bool) { + defName := sch.Ref.String() + + if len(sch.AllOf) == 1 && len(sch.AllOf[0].Ref.String()) > 0 { + // SPECIAL CASE + // OpenAPIV3 does not support having Refs in schemas with fields like + // Description, Default filled in. So k8s stuffs the Ref into a standalone + // AllOf in these cases. + // But structural schema doesn't like schemas that specify fields inside AllOf + // SO in the case of + // Properties + // -> AllOf + // -> Ref + defName = sch.AllOf[0].Ref.String() + } + + if len(defName) == 0 { + // Nothing to do for no references + return sch, true + } + + defName = path.Base(defName) + resolved, ok := openapiSpec.Components.Schemas[defName] + if !ok { + // Can't resolve schema. This is an error. + var path []string + for cursor := &ctx; cursor != nil; cursor = cursor.Parent { + if len(cursor.Key) == 0 { + path = append(path, fmt.Sprint(cursor.Index)) + } else { + path = append(path, cursor.Key) + } + } + sort.Stable(sort.Reverse(sort.StringSlice(path))) + referenceErrors = append(referenceErrors, fmt.Errorf("cannot resolve reference %v in %v.%v", defName, name, strings.Join(path, "."))) + return sch, true + } + + resolvedCopy := *resolved + + if sch.Default != nil { + resolvedCopy.Default = sch.Default + } + + // NOTE: No way to tell if field overrides nullable + // or if it is unset. Right now if the referred schema is + // nullable we will resolve to a nullable schema. + // There are no upstream schemas where nullable is used as a field + // level override, so we will assume `false` means `unset`. + // But this should be fixed in kube-openapi. + resolvedCopy.Nullable = resolvedCopy.Nullable || sch.Nullable + + if len(sch.Type) > 0 { + resolvedCopy.Type = sch.Type + } + + if len(sch.Description) > 0 { + resolvedCopy.Description = sch.Description + } + + newExtensions := kubespec.Extensions{} + for k, v := range resolvedCopy.Extensions { + newExtensions.Add(k, v) + } + for k, v := range sch.Extensions { + newExtensions.Add(k, v) + } + if len(newExtensions) > 0 { + resolvedCopy.Extensions = newExtensions + } + + // Don't explore children. This was a reference node and shares + // pointers with its schema which will be traversed in this loop. + return &resolvedCopy, false + })) + } + + if len(referenceErrors) > 0 { + return nil, errors.Join(referenceErrors...) + } + + namespaced := sets.New[schema.GroupVersionKind]() + if openapiSpec.Paths != nil { + for path, pathInfo := range openapiSpec.Paths.Paths { + for _, gvk := range utils.ExtractPathGVKs(pathInfo) { + if !namespaced.Has(gvk) { + if strings.Contains(path, "namespaces/{namespace}") { + namespaced.Insert(gvk) + } + } + } + } + } + + for _, def := range openapiSpec.Components.Schemas { + gvks := utils.ExtractExtensionGVKs(def.Extensions) + if len(gvks) == 0 { + continue + } + + for _, specGVK := range gvks { + d.schemaCache[specGVK] = def + } + } + + // Check again to see if the desired GVK was added to the spec cache. + // If so, create validator for it + if existing, ok := d.schemaCache[gvk]; ok { + return existing, nil + } + + return nil, fmt.Errorf("kind %v not found in %v groupversion", gvk.Kind, gvk.GroupVersion()) +} diff --git a/internal/gatewayapi/resource/defaulter_test.go b/internal/gatewayapi/resource/defaulter_test.go new file mode 100644 index 0000000000..79014e9520 --- /dev/null +++ b/internal/gatewayapi/resource/defaulter_test.go @@ -0,0 +1,157 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package resource + +import ( + "os" + "testing" + + "github.com/stretchr/testify/require" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "sigs.k8s.io/kubectl-validate/pkg/openapiclient" +) + +func TestApplyDefault(t *testing.T) { + defaulter, err := newDefaulter(openapiclient.NewLocalCRDFiles(os.DirFS("testdata/schema"))) + require.NoError(t, err) + + testCases := []struct { + name string + error bool + input map[string]interface{} + expect map[string]interface{} + }{ + { + name: "empty object with nested field", + input: map[string]interface{}{ + "apiVersion": "example.com/v1", + "kind": "TestCR", + "metadata": map[string]interface{}{ + "name": "test-cr", + "namespace": "default", + }, + "spec": map[string]interface{}{ + "objectField": map[string]interface{}{}, + }, + }, + expect: map[string]interface{}{ + "apiVersion": "example.com/v1", + "kind": "TestCR", + "metadata": map[string]interface{}{ + "name": "test-cr", + "namespace": "default", + }, + "spec": map[string]interface{}{ + "stringField": "defaultString", + "integerField": 42., + "floatField": 3.14, + "booleanField": true, + "enumField": "option1", + "objectField": map[string]interface{}{ + "nestedString": "nestedDefault", + "nestedInteger": 10., + }, + "mapField": map[string]interface{}{ + "key1": "value1", + "key2": "value2", + }, + }, + }, + error: false, + }, + { + name: "empty object without nested field", + input: map[string]interface{}{ + "apiVersion": "example.com/v1", + "kind": "TestCR", + "metadata": map[string]interface{}{ + "name": "test-cr", + "namespace": "default", + }, + "spec": map[string]interface{}{}, + }, + expect: map[string]interface{}{ + "apiVersion": "example.com/v1", + "kind": "TestCR", + "metadata": map[string]interface{}{ + "name": "test-cr", + "namespace": "default", + }, + "spec": map[string]interface{}{ + "stringField": "defaultString", + "integerField": 42., + "floatField": 3.14, + "booleanField": true, + "enumField": "option1", + "mapField": map[string]interface{}{ + "key1": "value1", + "key2": "value2", + }, + }, + }, + error: false, + }, + { + name: "object with few field unset", + input: map[string]interface{}{ + "apiVersion": "example.com/v1", + "kind": "TestCR", + "metadata": map[string]interface{}{ + "name": "test-cr", + "namespace": "default", + }, + "spec": map[string]interface{}{ + "stringField": "exampleString", + "booleanField": false, + "objectField": map[string]interface{}{ + "nestedString": "nestedExample", + }, + }, + }, + expect: map[string]interface{}{ + "apiVersion": "example.com/v1", + "kind": "TestCR", + "metadata": map[string]interface{}{ + "name": "test-cr", + "namespace": "default", + }, + "spec": map[string]interface{}{ + "stringField": "exampleString", + "integerField": 42., + "floatField": 3.14, + "booleanField": false, + "enumField": "option1", + "objectField": map[string]interface{}{ + "nestedString": "nestedExample", + "nestedInteger": 10., + }, + "mapField": map[string]interface{}{ + "key1": "value1", + "key2": "value2", + }, + }, + }, + error: false, + }, + { + name: "nil input", + input: nil, + error: true, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + got, err := defaulter.ApplyDefault(&unstructured.Unstructured{Object: tc.input}) + if tc.error { + require.Error(t, err) + } else { + require.NoError(t, err) + require.Equal(t, tc.expect, got.Object) + } + }) + } +} diff --git a/internal/gatewayapi/resource/load.go b/internal/gatewayapi/resource/load.go index 7c87ffb791..e9c9965bc3 100644 --- a/internal/gatewayapi/resource/load.go +++ b/internal/gatewayapi/resource/load.go @@ -45,11 +45,9 @@ func LoadResourcesFromYAMLBytes(yamlBytes []byte, addMissingResources bool) (*Re // loadKubernetesYAMLToResources converts a Kubernetes YAML string into GatewayAPI Resources. // TODO: add support for kind: // - EnvoyExtensionPolicy (gateway.envoyproxy.io/v1alpha1) -// - HTTPRouteFilter (gateway.envoyproxy.io/v1alpha1) // - BackendLPPolicy (gateway.networking.k8s.io/v1alpha2) // - BackendTLSPolicy (gateway.networking.k8s.io/v1alpha3) // - ReferenceGrant (gateway.networking.k8s.io/v1alpha2) -// - TLSRoute (gateway.networking.k8s.io/v1alpha2) func loadKubernetesYAMLToResources(input []byte, addMissingResources bool) (*Resources, error) { resources := NewResources() var useDefaultNamespace bool @@ -64,7 +62,7 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool) (*Res return err } - un := unstructured.Unstructured{Object: obj} + un := &unstructured.Unstructured{Object: obj} gvk := un.GroupVersionKind() name, namespace := un.GetName(), un.GetNamespace() if len(namespace) == 0 { @@ -72,11 +70,16 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool) (*Res namespace = config.DefaultNamespace } - // Perform local validation for gateway-api related resources only. + // Perform local validation and apply default values for gateway-api related resources only. if gvk.Group == egv1a1.GroupName || gvk.Group == gwapiv1.GroupName { if err = defaultValidator.Validate(yamlByte); err != nil { return fmt.Errorf("local validation error: %w", err) } + + un, err = gatewaySchemaDefaulter.ApplyDefault(un) + if err != nil { + return fmt.Errorf("failed to apply default values for %s/%s: %w", un.GetKind(), un.GetName(), err) + } } requiredNamespaceMap.Insert(namespace) @@ -84,7 +87,7 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool) (*Res if err != nil { return err } - err = combinedScheme.Convert(&un, kobj, nil) + err = combinedScheme.Convert(un, kobj, nil) if err != nil { return err } @@ -95,6 +98,8 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool) (*Res } kobjVal := reflect.ValueOf(kobj).Elem() spec := kobjVal.FieldByName("Spec") + data := kobjVal.FieldByName("Data") + stringData := kobjVal.FieldByName("StringData") switch gvk.Kind { case KindEnvoyProxy: @@ -307,6 +312,34 @@ func loadKubernetesYAMLToResources(input []byte, addMissingResources bool) (*Res Spec: typedSpec.(egv1a1.BackendSpec), } resources.Backends = append(resources.Backends, backend) + case KindSecret: + typedData := data.Interface() + typedStringData := stringData.Interface() + secret := &corev1.Secret{ + TypeMeta: metav1.TypeMeta{ + Kind: KindSecret, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + }, + Data: typedData.(map[string][]byte), + StringData: typedStringData.(map[string]string), + } + resources.Secrets = append(resources.Secrets, secret) + case KindConfigMap: + typedData := data.Interface() + configMap := &corev1.ConfigMap{ + TypeMeta: metav1.TypeMeta{ + Kind: KindConfigMap, + }, + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: namespace, + }, + Data: typedData.(map[string]string), + } + resources.ConfigMaps = append(resources.ConfigMaps, configMap) } return nil diff --git a/internal/gatewayapi/resource/load_test.go b/internal/gatewayapi/resource/load_test.go index df3629251e..534730608e 100644 --- a/internal/gatewayapi/resource/load_test.go +++ b/internal/gatewayapi/resource/load_test.go @@ -6,12 +6,22 @@ package resource import ( + "flag" + "fmt" + "os" + "path/filepath" "testing" + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/require" "sigs.k8s.io/yaml" + + "github.com/envoyproxy/gateway/internal/utils/file" ) +var overrideTestData = flag.Bool("override-testdata", true, "if override the test output data.") + func TestIterYAMLBytes(t *testing.T) { inputs := `test: foo1 --- @@ -37,3 +47,36 @@ test: foo3 require.NoError(t, err) require.ElementsMatch(t, names, []string{"foo1", "foo2", "foo3"}) } + +func TestLoadAllSupportedResourcesFromYAMLBytes(t *testing.T) { + inFile := requireTestDataFile(t, "all-resources", "in") + got, err := loadKubernetesYAMLToResources(inFile, true) + require.NoError(t, err) + + if *overrideTestData { + out, err := yaml.Marshal(got) + require.NoError(t, err) + require.NoError(t, file.Write(string(out), filepath.Join("testdata", "all-resources.out.yaml"))) + } + + want := &Resources{} + outFile := requireTestDataFile(t, "all-resources", "out") + mustUnmarshal(t, outFile, want) + + opts := []cmp.Option{ + cmpopts.IgnoreFields(Resources{}, "serviceMap"), + cmpopts.EquateEmpty(), + } + require.Empty(t, cmp.Diff(want, got, opts...)) +} + +func requireTestDataFile(t *testing.T, name, ioType string) []byte { + t.Helper() + content, err := os.ReadFile(filepath.Join("testdata", fmt.Sprintf("%s.%s.yaml", name, ioType))) + require.NoError(t, err) + return content +} + +func mustUnmarshal(t *testing.T, val []byte, out interface{}) { + require.NoError(t, yaml.UnmarshalStrict(val, out, yaml.DisallowUnknownFields)) +} diff --git a/internal/gatewayapi/resource/testdata/all-resources.in.yaml b/internal/gatewayapi/resource/testdata/all-resources.in.yaml new file mode 100644 index 0000000000..6bb5994374 --- /dev/null +++ b/internal/gatewayapi/resource/testdata/all-resources.in.yaml @@ -0,0 +1,268 @@ +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: EnvoyProxy +metadata: + name: example + namespace: default +spec: + provider: + type: Kubernetes + kubernetes: + envoyService: + annotations: + custom1: svc-annotation1 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GatewayClass +metadata: + name: eg +spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: Gateway +metadata: + name: eg +spec: + gatewayClassName: eg + listeners: + - name: http + protocol: HTTP + port: 80 +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: TCPRoute +metadata: + name: backend + namespace: default +spec: + parentRefs: + - name: eg + sectionName: tcp + rules: + - backendRefs: + - name: backend + port: 3000 +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: UDPRoute +metadata: + name: backend + namespace: default +spec: + parentRefs: + - name: eg + sectionName: udp + rules: + - backendRefs: + - name: backend + port: 3000 +--- +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: TLSRoute +metadata: + name: backend + namespace: default +spec: + parentRefs: + - name: eg + sectionName: tls-passthrough + rules: + - backendRefs: + - name: backend + port: 3000 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: backend + namespace: default +spec: + parentRefs: + - name: eg + hostnames: + - "www.example.com" + rules: + - backendRefs: + - name: providedBackend + port: 8000 +--- +apiVersion: gateway.networking.k8s.io/v1 +kind: GRPCRoute +metadata: + name: backend + namespace: default +spec: + parentRefs: + - name: eg + sectionName: grpc + hostnames: + - "www.grpc-example.com" + rules: + - matches: + - method: + service: com.example.Things + method: DoThing + headers: + - name: com.example.Header + value: foobar + backendRefs: + - name: providedBackend + port: 9000 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: EnvoyPatchPolicy +metadata: + name: ratelimit-patch-policy + namespace: default +spec: + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: eg + type: JSONPatch + jsonPatches: + - type: "type.googleapis.com/envoy.config.listener.v3.Listener" + # The listener name is of the form // + name: default/eg/http + operation: + op: add + path: "/default_filter_chain/filters/0/typed_config/http_filters/0" + value: + name: "envoy.filters.http.ratelimit" + typed_config: + "@type": "type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit" + domain: "eag-ratelimit" + failure_mode_deny: true + timeout: 1s + rate_limit_service: + grpc_service: + envoy_grpc: + cluster_name: rate-limit-cluster + transport_api_version: V3 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: SecurityPolicy +metadata: + name: jwt-example +spec: + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: backend + apiKeyAuth: + credentialRefs: + - name: foobar + extractFrom: + - headers: + - foobar + jwt: + providers: + - name: example + remoteJWKS: + uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: BackendTrafficPolicy +metadata: + name: cookie-lb-policy + namespace: gateway-conformance-infra +spec: + targetRefs: + - group: gateway.networking.k8s.io + kind: HTTPRoute + name: cookie-lb-route + loadBalancer: + type: ConsistentHash + consistentHash: + type: Cookie + cookie: + name: "Lb-Test-Cookie" + ttl: 60s + attributes: + SameSite: Strict + retry: + retryOn: + httpStatusCodes: + - 200 + - 404 + healthCheck: + active: + type: HTTP + http: + path: "/" + method: GET + circuitBreaker: + maxRequestsPerConnection: 123 +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: ClientTrafficPolicy +metadata: + name: client-timeout + namespace: gateway-conformance-infra +spec: + targetRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: same-namespace + timeout: + http: + requestReceivedTimeout: 50ms +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: HTTPRouteFilter +metadata: + name: direct-response-inline + namespace: default +spec: + directResponse: + contentType: text/plain + body: + type: Inline + inline: "OK" +--- +apiVersion: gateway.envoyproxy.io/v1alpha1 +kind: Backend +metadata: + name: backend +spec: + endpoints: + - ip: + address: 0.0.0.0 + port: 4321 +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-with-data-and-string-data + namespace: default +data: + .secret-file: dmFsdWUtMg0KDQo= +stringData: + secret: "literal value" +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-with-data + namespace: default +data: + .secret-file: dmFsdWUtMg0KDQo= +--- +apiVersion: v1 +kind: Secret +metadata: + name: secret-with-string-data + namespace: default +stringData: + secret: "literal value" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: configmap + namespace: default +data: + player_initial_lives: "3" + game.properties: | + enemy.types=aliens,monsters + player.maximum-lives=5 diff --git a/internal/gatewayapi/resource/testdata/all-resources.out.yaml b/internal/gatewayapi/resource/testdata/all-resources.out.yaml new file mode 100644 index 0000000000..00f0bf210c --- /dev/null +++ b/internal/gatewayapi/resource/testdata/all-resources.out.yaml @@ -0,0 +1,395 @@ +backendTrafficPolicies: +- kind: BackendTrafficPolicy + metadata: + creationTimestamp: null + name: cookie-lb-policy + namespace: gateway-conformance-infra + spec: + circuitBreaker: + maxConnections: 1024 + maxParallelRequests: 1024 + maxParallelRetries: 1024 + maxPendingRequests: 1024 + maxRequestsPerConnection: 123 + healthCheck: + active: + healthyThreshold: 1 + http: + method: GET + path: / + interval: 3s + timeout: 1s + type: HTTP + unhealthyThreshold: 3 + loadBalancer: + consistentHash: + cookie: + attributes: + SameSite: Strict + name: Lb-Test-Cookie + ttl: 1m0s + tableSize: 65537 + type: Cookie + type: ConsistentHash + retry: + numRetries: 2 + retryOn: + httpStatusCodes: + - 200 + - 404 + targetRefs: + - group: gateway.networking.k8s.io + kind: HTTPRoute + name: cookie-lb-route + status: + ancestors: null +backends: +- kind: Backend + metadata: + creationTimestamp: null + name: backend + namespace: envoy-gateway-system + spec: + endpoints: + - ip: + address: 0.0.0.0 + port: 4321 + status: {} +clientTrafficPolicies: +- kind: ClientTrafficPolicy + metadata: + creationTimestamp: null + name: client-timeout + namespace: gateway-conformance-infra + spec: + targetRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: same-namespace + timeout: + http: + requestReceivedTimeout: 50ms + status: + ancestors: null +configMaps: +- data: + game.properties: | + enemy.types=aliens,monsters + player.maximum-lives=5 + player_initial_lives: "3" + kind: ConfigMap + metadata: + creationTimestamp: null + name: configmap + namespace: default +envoyPatchPolicies: +- kind: EnvoyPatchPolicy + metadata: + creationTimestamp: null + name: ratelimit-patch-policy + namespace: default + spec: + jsonPatches: + - name: default/eg/http + operation: + op: add + path: /default_filter_chain/filters/0/typed_config/http_filters/0 + value: + name: envoy.filters.http.ratelimit + typed_config: + '@type': type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit + domain: eag-ratelimit + failure_mode_deny: true + rate_limit_service: + grpc_service: + envoy_grpc: + cluster_name: rate-limit-cluster + transport_api_version: V3 + timeout: 1s + type: type.googleapis.com/envoy.config.listener.v3.Listener + targetRef: + group: gateway.networking.k8s.io + kind: Gateway + name: eg + type: JSONPatch + status: + ancestors: null +envoyProxyForGatewayClass: + kind: EnvoyProxy + metadata: + creationTimestamp: null + name: example + namespace: default + spec: + logging: + level: + default: warn + provider: + kubernetes: + envoyService: + annotations: + custom1: svc-annotation1 + externalTrafficPolicy: Local + type: LoadBalancer + type: Kubernetes + status: {} +gatewayClass: + kind: GatewayClass + metadata: + creationTimestamp: null + name: eg + namespace: envoy-gateway-system + spec: + controllerName: gateway.envoyproxy.io/gatewayclass-controller + status: {} +gateways: +- kind: Gateway + metadata: + creationTimestamp: null + name: eg + namespace: envoy-gateway-system + spec: + gatewayClassName: eg + listeners: + - allowedRoutes: + namespaces: + from: Same + name: http + port: 80 + protocol: HTTP + status: {} +grpcRoutes: +- kind: GRPCRoute + metadata: + creationTimestamp: null + name: backend + namespace: default + spec: + hostnames: + - www.grpc-example.com + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: eg + sectionName: grpc + rules: + - backendRefs: + - group: "" + kind: Service + name: providedBackend + port: 9000 + weight: 1 + matches: + - headers: + - name: com.example.Header + type: Exact + value: foobar + method: + method: DoThing + service: com.example.Things + type: Exact + status: + parents: null +httpFilters: +- apiVersion: gateway.envoyproxy.io/v1alpha1 + kind: HTTPRouteFilter + metadata: + creationTimestamp: null + name: direct-response-inline + namespace: default + spec: + directResponse: + body: + inline: OK + type: Inline + contentType: text/plain +httpRoutes: +- kind: HTTPRoute + metadata: + creationTimestamp: null + name: backend + namespace: default + spec: + hostnames: + - www.example.com + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: eg + rules: + - backendRefs: + - group: "" + kind: Service + name: providedBackend + port: 8000 + weight: 1 + matches: + - path: + type: PathPrefix + value: / + status: + parents: null +namespaces: +- metadata: + creationTimestamp: null + name: envoy-gateway-system + spec: {} + status: {} +- metadata: + creationTimestamp: null + name: default + spec: {} + status: {} +- metadata: + creationTimestamp: null + name: gateway-conformance-infra + spec: {} + status: {} +secrets: +- data: + .secret-file: dmFsdWUtMg0KDQo= + kind: Secret + metadata: + creationTimestamp: null + name: secret-with-data-and-string-data + namespace: default + stringData: + secret: literal value +- data: + .secret-file: dmFsdWUtMg0KDQo= + kind: Secret + metadata: + creationTimestamp: null + name: secret-with-data + namespace: default +- kind: Secret + metadata: + creationTimestamp: null + name: secret-with-string-data + namespace: default + stringData: + secret: literal value +securityPolicies: +- kind: SecurityPolicy + metadata: + creationTimestamp: null + name: jwt-example + namespace: envoy-gateway-system + spec: + apiKeyAuth: + credentialRefs: + - group: "" + kind: Secret + name: foobar + extractFrom: + - headers: + - foobar + jwt: + providers: + - name: example + remoteJWKS: + uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json + targetRef: + group: gateway.networking.k8s.io + kind: HTTPRoute + name: backend + status: + ancestors: null +services: +- metadata: + creationTimestamp: null + name: backend + namespace: default + spec: + clusterIP: 1.2.3.4 + ports: + - name: TCP-3000 + port: 3000 + protocol: TCP + targetPort: 0 + - name: UDP-3000 + port: 3000 + protocol: UDP + targetPort: 0 + status: + loadBalancer: {} +- metadata: + creationTimestamp: null + name: providedBackend + namespace: default + spec: + clusterIP: 1.2.3.4 + ports: + - name: TCP-8000 + port: 8000 + protocol: TCP + targetPort: 0 + - name: TCP-9000 + port: 9000 + protocol: TCP + targetPort: 0 + status: + loadBalancer: {} +tcpRoutes: +- kind: TCPRoute + metadata: + creationTimestamp: null + name: backend + namespace: default + spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: eg + sectionName: tcp + rules: + - backendRefs: + - group: "" + kind: Service + name: backend + port: 3000 + weight: 1 + status: + parents: null +tlsRoutes: +- kind: TLSRoute + metadata: + creationTimestamp: null + name: backend + namespace: default + spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: eg + sectionName: tls-passthrough + rules: + - backendRefs: + - group: "" + kind: Service + name: backend + port: 3000 + weight: 1 + status: + parents: null +udpRoutes: +- kind: UDPRoute + metadata: + creationTimestamp: null + name: backend + namespace: default + spec: + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: eg + sectionName: udp + rules: + - backendRefs: + - group: "" + kind: Service + name: backend + port: 3000 + weight: 1 + status: + parents: null diff --git a/internal/gatewayapi/resource/testdata/schema/crd.yaml b/internal/gatewayapi/resource/testdata/schema/crd.yaml new file mode 100644 index 0000000000..69c42f323e --- /dev/null +++ b/internal/gatewayapi/resource/testdata/schema/crd.yaml @@ -0,0 +1,79 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: testcrs.example.com +spec: + group: example.com + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + stringField: + type: string + default: "defaultString" + minLength: 3 + maxLength: 10 + integerField: + type: integer + default: 42 + minimum: 0 + maximum: 100 + floatField: + type: number + default: 3.14 + minimum: 0.0 + maximum: 10.0 + booleanField: + type: boolean + default: true + enumField: + type: string + enum: + - option1 + - option2 + - option3 + default: "option1" + arrayField: + type: array + items: + type: string + minItems: 1 + maxItems: 5 + objectField: + type: object + properties: + nestedString: + type: string + default: "nestedDefault" + nestedInteger: + type: integer + default: 10 + minimum: 1 + maximum: 20 + required: + - nestedString + mapField: + type: object + additionalProperties: + type: string + default: + key1: "value1" + key2: "value2" + required: + - stringField + - integerField + - booleanField + scope: Namespaced + names: + plural: testcrs + singular: testcr + kind: TestCR + shortNames: + - tc diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go index 2afdf86dc6..e960370398 100644 --- a/internal/gatewayapi/route.go +++ b/internal/gatewayapi/route.go @@ -1034,7 +1034,11 @@ func (t *Translator) processUDPRouteParentRefs(udpRoute *UDPRouteContext, resour ) continue } - destSettings = append(destSettings, ds) + + // Skip nil destination settings + if ds != nil { + destSettings = append(destSettings, ds) + } } // If no negative condition has been set for ResolvedRefs, set "ResolvedRefs=True" @@ -1176,7 +1180,10 @@ func (t *Translator) processTCPRouteParentRefs(tcpRoute *TCPRouteContext, resour ) continue } - destSettings = append(destSettings, ds) + // Skip nil destination settings + if ds != nil { + destSettings = append(destSettings, ds) + } } // If no negative condition has been set for ResolvedRefs, set "ResolvedRefs=True" diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go index 9d35053181..0bbd78fd7f 100644 --- a/internal/gatewayapi/securitypolicy.go +++ b/internal/gatewayapi/securitypolicy.go @@ -1152,6 +1152,7 @@ func (t *Translator) buildExtAuth( switch { case http != nil: protocol = ir.HTTP + backendSettings = http.BackendSettings switch { case len(http.BackendRefs) > 0: backendRefs = http.BackendCluster.BackendRefs @@ -1167,6 +1168,7 @@ func (t *Translator) buildExtAuth( } case grpc != nil: protocol = ir.GRPC + backendSettings = grpc.BackendSettings switch { case len(grpc.BackendCluster.BackendRefs) > 0: backendRefs = grpc.BackendRefs diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.in.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.in.yaml index 1c24de65ef..93a6223fa7 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.in.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.in.yaml @@ -169,3 +169,9 @@ securityPolicies: headersToBackend: - header1 - header2 + backendSettings: + circuitBreaker: + maxConnections: 30001 + maxParallelRequests: 1022 + maxParallelRetries: 1023 + maxPendingRequests: 1024 diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml index a53d14e408..15ab332ea1 100644 --- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml +++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml @@ -188,6 +188,12 @@ securityPolicies: - name: http-backend namespace: envoy-gateway port: 80 + backendSettings: + circuitBreaker: + maxConnections: 30001 + maxParallelRequests: 1022 + maxParallelRetries: 1023 + maxPendingRequests: 1024 headersToBackend: - header1 - header2 @@ -352,3 +358,9 @@ xdsIR: - header2 path: /auth name: securitypolicy/default/policy-for-gateway-1 + traffic: + circuitBreaker: + maxConnections: 30001 + maxParallelRequests: 1022 + maxParallelRetries: 1023 + maxPendingRequests: 1024 diff --git a/internal/gatewayapi/testdata/tcproute-rule-with-multiple-backends-and-zero-weights.in.yaml b/internal/gatewayapi/testdata/tcproute-rule-with-multiple-backends-and-zero-weights.in.yaml new file mode 100644 index 0000000000..af361628fa --- /dev/null +++ b/internal/gatewayapi/testdata/tcproute-rule-with-multiple-backends-and-zero-weights.in.yaml @@ -0,0 +1,39 @@ +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: tcp + protocol: TCP + port: 90 + allowedRoutes: + namespaces: + from: All +tcpRoutes: + - apiVersion: gateway.networking.k8s.io/v1alpha2 + kind: TCPRoute + metadata: + namespace: default + name: tcproute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + rules: + - backendRefs: + - name: service-1 + port: 8080 + weight: 1 + - name: service-2 + port: 8080 + weight: 2 + - name: service-3 + port: 8080 + weight: 3 + - name: service-4 + port: 8080 + weight: 0 diff --git a/internal/gatewayapi/testdata/tcproute-rule-with-multiple-backends-and-zero-weights.out.yaml b/internal/gatewayapi/testdata/tcproute-rule-with-multiple-backends-and-zero-weights.out.yaml new file mode 100644 index 0000000000..ee87a58396 --- /dev/null +++ b/internal/gatewayapi/testdata/tcproute-rule-with-multiple-backends-and-zero-weights.out.yaml @@ -0,0 +1,129 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: All + name: tcp + port: 90 + protocol: TCP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: tcp + supportedKinds: + - group: gateway.networking.k8s.io + kind: TCPRoute +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: null + name: envoy-gateway/gateway-1/tcp + ports: + - containerPort: 10090 + name: tcp-90 + protocol: TCP + servicePort: 90 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +tcpRoutes: +- apiVersion: gateway.networking.k8s.io/v1alpha2 + kind: TCPRoute + metadata: + creationTimestamp: null + name: tcproute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + rules: + - backendRefs: + - name: service-1 + port: 8080 + weight: 1 + - name: service-2 + port: 8080 + weight: 2 + - name: service-3 + port: 8080 + weight: 3 + - name: service-4 + port: 8080 + weight: 0 + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway +xdsIR: + envoy-gateway/gateway-1: + accessLog: + json: + - path: /dev/stdout + tcp: + - address: 0.0.0.0 + name: envoy-gateway/gateway-1/tcp + port: 10090 + routes: + - destination: + name: tcproute/default/tcproute-1/rule/-1 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: TCP + weight: 1 + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: TCP + weight: 2 + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8080 + protocol: TCP + weight: 3 + name: tcproute/default/tcproute-1 diff --git a/internal/gatewayapi/testdata/udproute-rule-with-multiple-backends-and-zero-weights.in.yaml b/internal/gatewayapi/testdata/udproute-rule-with-multiple-backends-and-zero-weights.in.yaml new file mode 100644 index 0000000000..53851284ee --- /dev/null +++ b/internal/gatewayapi/testdata/udproute-rule-with-multiple-backends-and-zero-weights.in.yaml @@ -0,0 +1,39 @@ +gateways: + - apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + namespace: envoy-gateway + name: gateway-1 + spec: + gatewayClassName: envoy-gateway-class + listeners: + - name: udp + protocol: UDP + port: 90 + allowedRoutes: + namespaces: + from: All +udpRoutes: + - apiVersion: gateway.networking.k8s.io/v1alpha2 + kind: UDPRoute + metadata: + namespace: default + name: udproute-1 + spec: + parentRefs: + - namespace: envoy-gateway + name: gateway-1 + rules: + - backendRefs: + - name: service-1 + port: 8162 + weight: 1 + - name: service-2 + port: 8162 + weight: 2 + - name: service-3 + port: 8162 + weight: 3 + - name: service-4 + port: 8162 + weight: 0 diff --git a/internal/gatewayapi/testdata/udproute-rule-with-multiple-backends-and-zero-weights.out.yaml b/internal/gatewayapi/testdata/udproute-rule-with-multiple-backends-and-zero-weights.out.yaml new file mode 100644 index 0000000000..c266691269 --- /dev/null +++ b/internal/gatewayapi/testdata/udproute-rule-with-multiple-backends-and-zero-weights.out.yaml @@ -0,0 +1,129 @@ +gateways: +- apiVersion: gateway.networking.k8s.io/v1 + kind: Gateway + metadata: + creationTimestamp: null + name: gateway-1 + namespace: envoy-gateway + spec: + gatewayClassName: envoy-gateway-class + listeners: + - allowedRoutes: + namespaces: + from: All + name: udp + port: 90 + protocol: UDP + status: + listeners: + - attachedRoutes: 1 + conditions: + - lastTransitionTime: null + message: Sending translated listener configuration to the data plane + reason: Programmed + status: "True" + type: Programmed + - lastTransitionTime: null + message: Listener has been successfully translated + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Listener references have been resolved + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + name: udp + supportedKinds: + - group: gateway.networking.k8s.io + kind: UDPRoute +infraIR: + envoy-gateway/gateway-1: + proxy: + listeners: + - address: null + name: envoy-gateway/gateway-1/udp + ports: + - containerPort: 10090 + name: udp-90 + protocol: UDP + servicePort: 90 + metadata: + labels: + gateway.envoyproxy.io/owning-gateway-name: gateway-1 + gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway + name: envoy-gateway/gateway-1 +udpRoutes: +- apiVersion: gateway.networking.k8s.io/v1alpha2 + kind: UDPRoute + metadata: + creationTimestamp: null + name: udproute-1 + namespace: default + spec: + parentRefs: + - name: gateway-1 + namespace: envoy-gateway + rules: + - backendRefs: + - name: service-1 + port: 8162 + weight: 1 + - name: service-2 + port: 8162 + weight: 2 + - name: service-3 + port: 8162 + weight: 3 + - name: service-4 + port: 8162 + weight: 0 + status: + parents: + - conditions: + - lastTransitionTime: null + message: Route is accepted + reason: Accepted + status: "True" + type: Accepted + - lastTransitionTime: null + message: Resolved all the Object references for the Route + reason: ResolvedRefs + status: "True" + type: ResolvedRefs + controllerName: gateway.envoyproxy.io/gatewayclass-controller + parentRef: + name: gateway-1 + namespace: envoy-gateway +xdsIR: + envoy-gateway/gateway-1: + accessLog: + json: + - path: /dev/stdout + udp: + - address: 0.0.0.0 + name: envoy-gateway/gateway-1/udp + port: 10090 + route: + destination: + name: udproute/default/udproute-1/rule/-1 + settings: + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8162 + protocol: UDP + weight: 1 + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8162 + protocol: UDP + weight: 2 + - addressType: IP + endpoints: + - host: 7.7.7.7 + port: 8162 + protocol: UDP + weight: 3 + name: udproute/default/udproute-1 diff --git a/internal/ir/xds.go b/internal/ir/xds.go index f428297ace..63e60e3dfd 100644 --- a/internal/ir/xds.go +++ b/internal/ir/xds.go @@ -254,12 +254,9 @@ type CoreListenerDetails struct { // Metadata is used to enrich envoy resource metadata with user and provider-specific information Metadata *ResourceMetadata `json:"metadata,omitempty" yaml:"metadata,omitempty"` // IPFamily specifies the IP address family used by the Gateway for its listening ports. - IPFamily *IPFamily `json:"ipFamily,omitempty" yaml:"ipFamily,omitempty"` + IPFamily *egv1a1.IPFamily `json:"ipFamily,omitempty" yaml:"ipFamily,omitempty"` } -// IPFamily specifies the IP address family used by the Gateway for its listening ports. -type IPFamily = egv1a1.IPFamily - func (l CoreListenerDetails) GetName() string { return l.Name } @@ -1437,7 +1434,7 @@ type DestinationSetting struct { AddressType *DestinationAddressType `json:"addressType,omitempty" yaml:"addressType,omitempty"` // IPFamily specifies the IP family (IPv4 or IPv6) to use for this destination's endpoints. // This is derived from the backend service and endpoint slice information. - IPFamily *IPFamily `json:"ipFamily,omitempty" yaml:"ipFamily,omitempty"` + IPFamily *egv1a1.IPFamily `json:"ipFamily,omitempty" yaml:"ipFamily,omitempty"` TLS *TLSUpstreamConfig `json:"tls,omitempty" yaml:"tls,omitempty"` Filters *DestinationFilters `json:"filters,omitempty" yaml:"filters,omitempty"` } diff --git a/internal/provider/file/testdata/resources.all.yaml b/internal/provider/file/testdata/resources.all.yaml index 079647dc6c..19d93d0c2b 100644 --- a/internal/provider/file/testdata/resources.all.yaml +++ b/internal/provider/file/testdata/resources.all.yaml @@ -28,7 +28,10 @@ gateways: spec: gatewayClassName: eg listeners: - - name: http + - allowedRoutes: + namespaces: + from: Same + name: http port: 8888 protocol: HTTP status: {} @@ -42,12 +45,15 @@ httpRoutes: hostnames: - www.example.com parentRefs: - - name: eg + - group: gateway.networking.k8s.io + kind: Gateway + name: eg rules: - backendRefs: - group: gateway.envoyproxy.io kind: Backend name: backend + weight: 1 matches: - path: type: PathPrefix diff --git a/internal/utils/proto/proto.go b/internal/utils/proto/proto.go index ff05e3a715..96800b0b34 100644 --- a/internal/utils/proto/proto.go +++ b/internal/utils/proto/proto.go @@ -10,10 +10,12 @@ package proto import ( "bytes" + "errors" "github.com/golang/protobuf/jsonpb" protov1 "github.com/golang/protobuf/proto" "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/anypb" "sigs.k8s.io/yaml" ) @@ -38,3 +40,34 @@ func FromJSON(content []byte, out proto.Message) error { unmarshaler := &jsonpb.Unmarshaler{AllowUnknownFields: true} return unmarshaler.Unmarshal(bytes.NewReader(content), protov1.MessageV1(out)) } + +func ToAnyWithValidation(msg proto.Message) (*anypb.Any, error) { + if msg == nil { + return nil, errors.New("empty message received") + } + + // If the message has a ValidateAll method, call it before marshaling. + if err := Validate(msg); err != nil { + return nil, err + } + + any, err := anypb.New(msg) + if err != nil { + return nil, err + } + return any, nil +} + +// Validate validates the given message by calling its ValidateAll or Validate methods. +func Validate(msg proto.Message) error { + // If the message has a ValidateAll method, call it + if validator, ok := msg.(interface{ ValidateAll() error }); ok { + return validator.ValidateAll() + } + + // If the message has a Validate method, call it + if validator, ok := msg.(interface{ Validate() error }); ok { + return validator.Validate() + } + return nil +} diff --git a/internal/utils/protocov/protocov.go b/internal/utils/protocov/protocov.go deleted file mode 100644 index c7b3de2263..0000000000 --- a/internal/utils/protocov/protocov.go +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright Envoy Gateway Authors -// SPDX-License-Identifier: Apache-2.0 -// The full text of the Apache license is available in the LICENSE file at -// the root of the repo. - -package protocov - -import ( - "errors" - - "google.golang.org/protobuf/proto" - "google.golang.org/protobuf/types/known/anypb" -) - -func ToAnyWithValidation(msg proto.Message) (*anypb.Any, error) { - if msg == nil { - return nil, errors.New("empty message received") - } - - // If the message has a ValidateAll method, call it before marshaling. - if validator, ok := msg.(interface{ ValidateAll() error }); ok { - if err := validator.ValidateAll(); err != nil { - return nil, err - } - } - - any, err := anypb.New(msg) - if err != nil { - return nil, err - } - return any, nil -} diff --git a/internal/xds/cache/snapshotcache.go b/internal/xds/cache/snapshotcache.go index 633021aa16..a9922ae2fa 100644 --- a/internal/xds/cache/snapshotcache.go +++ b/internal/xds/cache/snapshotcache.go @@ -231,6 +231,10 @@ func (s *snapshotCache) OnStreamRequest(streamID int64, req *discoveryv3.Discove nodeID, nodeVersion, req.ResourceNames, req.GetTypeUrl(), errorCode, errorMessage) + if errorCode != 0 { + s.log.Errorf("Envoy rejected the last update with code %d and message %s", errorCode, errorMessage) + } + return nil } @@ -336,6 +340,10 @@ func (s *snapshotCache) OnStreamDeltaRequest(streamID int64, req *discoveryv3.De req.GetTypeUrl(), errorCode, errorMessage) + if errorCode != 0 { + s.log.Errorf("Envoy rejected the last update with code %d and message %s", errorCode, errorMessage) + } + return nil } diff --git a/internal/xds/filters/wellknown.go b/internal/xds/filters/wellknown.go index 524b932fe5..bea9b80eff 100644 --- a/internal/xds/filters/wellknown.go +++ b/internal/xds/filters/wellknown.go @@ -13,13 +13,13 @@ import ( "github.com/envoyproxy/go-control-plane/pkg/wellknown" "google.golang.org/protobuf/types/known/wrapperspb" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" ) var GRPCWeb, GRPCStats *hcm.HttpFilter func init() { - any, err := protocov.ToAnyWithValidation(&grpcweb.GrpcWeb{}) + any, err := proto.ToAnyWithValidation(&grpcweb.GrpcWeb{}) if err != nil { panic(err) } @@ -30,7 +30,7 @@ func init() { }, } - any, err = protocov.ToAnyWithValidation(&grpcstats.FilterConfig{ + any, err = proto.ToAnyWithValidation(&grpcstats.FilterConfig{ EmitFilterState: true, PerMethodStatSpecifier: &grpcstats.FilterConfig_StatsForAllMethods{ StatsForAllMethods: &wrapperspb.BoolValue{Value: true}, @@ -48,7 +48,7 @@ func init() { } func GenerateRouterFilter(enableEnvoyHeaders bool) (*hcm.HttpFilter, error) { - any, err := protocov.ToAnyWithValidation(&httprouter.Router{ + anyCfg, err := proto.ToAnyWithValidation(&httprouter.Router{ SuppressEnvoyHeaders: !enableEnvoyHeaders, }) if err != nil { @@ -57,7 +57,7 @@ func GenerateRouterFilter(enableEnvoyHeaders bool) (*hcm.HttpFilter, error) { return &hcm.HttpFilter{ Name: wellknown.Router, ConfigType: &hcm.HttpFilter_TypedConfig{ - TypedConfig: any, + TypedConfig: anyCfg, }, }, nil } diff --git a/internal/xds/translator/accesslog.go b/internal/xds/translator/accesslog.go index da6f93d1e7..991c8e342c 100644 --- a/internal/xds/translator/accesslog.go +++ b/internal/xds/translator/accesslog.go @@ -26,7 +26,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -90,7 +90,7 @@ var ( ) func init() { - any, err := protocov.ToAnyWithValidation(&reqwithoutqueryformatter.ReqWithoutQuery{}) + any, err := proto.ToAnyWithValidation(&reqwithoutqueryformatter.ReqWithoutQuery{}) if err != nil { panic(err) } @@ -99,7 +99,7 @@ func init() { TypedConfig: any, } - any, err = protocov.ToAnyWithValidation(&metadataformatter.Metadata{}) + any, err = proto.ToAnyWithValidation(&metadataformatter.Metadata{}) if err != nil { panic(err) } @@ -108,7 +108,7 @@ func init() { TypedConfig: any, } - any, err = protocov.ToAnyWithValidation(&celformatter.Cel{}) + any, err = proto.ToAnyWithValidation(&celformatter.Cel{}) if err != nil { panic(err) } @@ -163,7 +163,7 @@ func buildXdsAccessLog(al *ir.AccessLog, accessLogType ir.ProxyAccessLogType) ([ filelog.GetLogFormat().Formatters = formatters } - accesslogAny, err := protocov.ToAnyWithValidation(filelog) + accesslogAny, err := proto.ToAnyWithValidation(filelog) if err != nil { return nil, err } @@ -223,7 +223,7 @@ func buildXdsAccessLog(al *ir.AccessLog, accessLogType ir.ProxyAccessLogType) ([ filelog.GetLogFormat().Formatters = formatters } - accesslogAny, err := protocov.ToAnyWithValidation(filelog) + accesslogAny, err := proto.ToAnyWithValidation(filelog) if err != nil { return nil, err } @@ -273,7 +273,7 @@ func buildXdsAccessLog(al *ir.AccessLog, accessLogType ir.ProxyAccessLogType) ([ alCfg.AdditionalResponseTrailersToLog = als.HTTP.ResponseTrailers } - accesslogAny, err := protocov.ToAnyWithValidation(alCfg) + accesslogAny, err := proto.ToAnyWithValidation(alCfg) if err != nil { return nil, err } @@ -293,7 +293,7 @@ func buildXdsAccessLog(al *ir.AccessLog, accessLogType ir.ProxyAccessLogType) ([ CommonConfig: cc, } - accesslogAny, err := protocov.ToAnyWithValidation(alCfg) + accesslogAny, err := proto.ToAnyWithValidation(alCfg) if err != nil { return nil, err } @@ -356,7 +356,7 @@ func buildXdsAccessLog(al *ir.AccessLog, accessLogType ir.ProxyAccessLogType) ([ al.Formatters = formatters } - accesslogAny, err := protocov.ToAnyWithValidation(al) + accesslogAny, err := proto.ToAnyWithValidation(al) if err != nil { return nil, err } @@ -380,7 +380,7 @@ func celAccessLogFilter(expr string) (*accesslog.AccessLogFilter, error) { fl := &cel.ExpressionFilter{ Expression: expr, } - any, err := protocov.ToAnyWithValidation(fl) + any, err := proto.ToAnyWithValidation(fl) if err != nil { return nil, err } diff --git a/internal/xds/translator/api_key_auth.go b/internal/xds/translator/api_key_auth.go index 93f5d02873..0c017f6d6c 100644 --- a/internal/xds/translator/api_key_auth.go +++ b/internal/xds/translator/api_key_auth.go @@ -16,7 +16,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -69,11 +69,7 @@ func (*apiKeyAuth) patchHCM(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTT // buildHCMAPIKeyAuthFilter returns a api_key_auth HTTP filter from the provided IR HTTPRoute. func buildHCMAPIKeyAuthFilter(apiKeyAuth *ir.APIKeyAuth) (*hcmv3.HttpFilter, error) { apiKeyAuthProto := buildAPIKeyAuthFilterConfig(apiKeyAuth) - if err := apiKeyAuthProto.ValidateAll(); err != nil { - return nil, err - } - - apiKeyAuthAny, err := protocov.ToAnyWithValidation(apiKeyAuthProto) + apiKeyAuthAny, err := proto.ToAnyWithValidation(apiKeyAuthProto) if err != nil { return nil, err } @@ -114,11 +110,7 @@ func (*apiKeyAuth) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error // Overwrite the HCM level filter config with the per route filter config. apiKeyAuthProto := buildAPIKeyAuthFilterPerRouteConfig(irRoute.Security.APIKeyAuth) - if err := apiKeyAuthProto.ValidateAll(); err != nil { - return err - } - - apiKeyAuthAny, err := protocov.ToAnyWithValidation(apiKeyAuthProto) + apiKeyAuthAny, err := proto.ToAnyWithValidation(apiKeyAuthProto) if err != nil { return err } diff --git a/internal/xds/translator/authorization.go b/internal/xds/translator/authorization.go index e19d1dbaf5..4112d2aed1 100644 --- a/internal/xds/translator/authorization.go +++ b/internal/xds/translator/authorization.go @@ -26,7 +26,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -76,7 +76,7 @@ func (*rbac) patchHCM( // buildHCMRBACFilter returns a RBAC filter from the provided IR listener. func buildHCMRBACFilter() (*hcmv3.HttpFilter, error) { rbacProto := &rbacv3.RBAC{} - rbacAny, err := protocov.ToAnyWithValidation(rbacProto) + rbacAny, err := proto.ToAnyWithValidation(rbacProto) if err != nil { return nil, err } @@ -134,7 +134,7 @@ func (*rbac) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error { return err } - if cfgAny, err = protocov.ToAnyWithValidation(rbacPerRoute); err != nil { + if cfgAny, err = proto.ToAnyWithValidation(rbacPerRoute); err != nil { return err } @@ -160,7 +160,7 @@ func buildRBACPerRoute(authorization *ir.Authorization) (*rbacv3.RBACPerRoute, e Name: "ALLOW", Action: rbacconfigv3.RBAC_ALLOW, } - if allowAction, err = protocov.ToAnyWithValidation(allow); err != nil { + if allowAction, err = proto.ToAnyWithValidation(allow); err != nil { return nil, err } @@ -168,7 +168,7 @@ func buildRBACPerRoute(authorization *ir.Authorization) (*rbacv3.RBACPerRoute, e Name: "DENY", Action: rbacconfigv3.RBAC_DENY, } - if denyAction, err = protocov.ToAnyWithValidation(deny); err != nil { + if denyAction, err = proto.ToAnyWithValidation(deny); err != nil { return nil, err } @@ -312,11 +312,11 @@ func buildIPPredicate(clientCIDRs []*ir.CIDRMatch) (*matcherv3.Matcher_MatcherLi }) } - if ipMatcher, err = protocov.ToAnyWithValidation(ipRangeMatcher); err != nil { + if ipMatcher, err = proto.ToAnyWithValidation(ipRangeMatcher); err != nil { return nil, err } - if sourceIPInput, err = protocov.ToAnyWithValidation(&networkinput.SourceIPInput{}); err != nil { + if sourceIPInput, err = proto.ToAnyWithValidation(&networkinput.SourceIPInput{}); err != nil { return nil, err } @@ -385,11 +385,11 @@ func buildJWTPredicate(jwt egv1a1.JWTPrincipal) ([]*matcherv3.Matcher_MatcherLis }, } - if inputPb, err = protocov.ToAnyWithValidation(input); err != nil { + if inputPb, err = proto.ToAnyWithValidation(input); err != nil { return nil, err } - if matcherPb, err = protocov.ToAnyWithValidation(scopeMatcher); err != nil { + if matcherPb, err = proto.ToAnyWithValidation(scopeMatcher); err != nil { return nil, err } @@ -450,7 +450,7 @@ func buildJWTPredicate(jwt egv1a1.JWTPrincipal) ([]*matcherv3.Matcher_MatcherLis Path: path, } - if inputPb, err = protocov.ToAnyWithValidation(input); err != nil { + if inputPb, err = proto.ToAnyWithValidation(input); err != nil { return nil, err } @@ -488,7 +488,7 @@ func buildJWTPredicate(jwt egv1a1.JWTPrincipal) ([]*matcherv3.Matcher_MatcherLis } } - if matcherPb, err = protocov.ToAnyWithValidation(&metadatav3.Metadata{ + if matcherPb, err = proto.ToAnyWithValidation(&metadatav3.Metadata{ Value: valueMatcher, }); err != nil { return nil, err diff --git a/internal/xds/translator/basicauth.go b/internal/xds/translator/basicauth.go index 31a421ae8a..4d22377c74 100644 --- a/internal/xds/translator/basicauth.go +++ b/internal/xds/translator/basicauth.go @@ -17,7 +17,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -82,10 +82,8 @@ func buildHCMBasicAuthFilter(basicAuth *ir.BasicAuth) (*hcmv3.HttpFilter, error) }, }, } - if err = basicAuthProto.ValidateAll(); err != nil { - return nil, err - } - if basicAuthAny, err = protocov.ToAnyWithValidation(basicAuthProto); err != nil { + + if basicAuthAny, err = proto.ToAnyWithValidation(basicAuthProto); err != nil { return nil, err } @@ -131,11 +129,7 @@ func (*basicAuth) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error // Overwrite the HCM level filter config with the per route filter config. basicAuthProto := basicAuthPerRouteConfig(irRoute.Security.BasicAuth) - if err = basicAuthProto.ValidateAll(); err != nil { - return err - } - - if basicAuthAny, err = protocov.ToAnyWithValidation(basicAuthProto); err != nil { + if basicAuthAny, err = proto.ToAnyWithValidation(basicAuthProto); err != nil { return err } diff --git a/internal/xds/translator/cluster.go b/internal/xds/translator/cluster.go index 39a1f9a4f2..21e7619fb5 100644 --- a/internal/xds/translator/cluster.go +++ b/internal/xds/translator/cluster.go @@ -30,7 +30,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" ) const ( @@ -524,7 +524,7 @@ func buildTypedExtensionProtocolOptions(args *xdsClusterArgs) map[string]*anypb. if args.http1Settings != nil { http1opts.EnableTrailers = args.http1Settings.EnableTrailers if args.http1Settings.PreserveHeaderCase { - preservecaseAny, _ := protocov.ToAnyWithValidation(&preservecasev3.PreserveCaseFormatterConfig{}) + preservecaseAny, _ := proto.ToAnyWithValidation(&preservecasev3.PreserveCaseFormatterConfig{}) http1opts.HeaderKeyFormat = &corev3.Http1ProtocolOptions_HeaderKeyFormat{ HeaderFormat: &corev3.Http1ProtocolOptions_HeaderKeyFormat_StatefulFormatter{ StatefulFormatter: &corev3.TypedExtensionConfig{ @@ -577,7 +577,7 @@ func buildTypedExtensionProtocolOptions(args *xdsClusterArgs) map[string]*anypb. } } - anyProtocolOptions, _ := protocov.ToAnyWithValidation(&protocolOptions) + anyProtocolOptions, _ := proto.ToAnyWithValidation(&protocolOptions) extensionOptions := map[string]*anypb.Any{ extensionOptionsKey: anyProtocolOptions, @@ -608,7 +608,7 @@ func buildProxyProtocolSocket(proxyProtocol *ir.ProxyProtocol, tSocket *corev3.T // If existing transport socket does not exist wrap around raw buffer if tSocket == nil { rawCtx := &rawbufferv3.RawBuffer{} - rawCtxAny, err := protocov.ToAnyWithValidation(rawCtx) + rawCtxAny, err := proto.ToAnyWithValidation(rawCtx) if err != nil { return nil } @@ -623,7 +623,7 @@ func buildProxyProtocolSocket(proxyProtocol *ir.ProxyProtocol, tSocket *corev3.T ppCtx.TransportSocket = tSocket } - ppCtxAny, err := protocov.ToAnyWithValidation(ppCtx) + ppCtxAny, err := proto.ToAnyWithValidation(ppCtx) if err != nil { return nil } diff --git a/internal/xds/translator/compressor.go b/internal/xds/translator/compressor.go index a5af6363f1..56dec069ad 100644 --- a/internal/xds/translator/compressor.go +++ b/internal/xds/translator/compressor.go @@ -16,12 +16,12 @@ import ( gzipv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/compressor/v3" compressorv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/compressor/v3" hcmv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - "google.golang.org/protobuf/proto" + protobuf "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -98,7 +98,7 @@ func buildCompressorFilter(compressionType egv1a1.CompressorType) (*hcmv3.HttpFi var ( compressorProto *compressorv3.Compressor extensionName string - extensionMsg proto.Message + extensionMsg protobuf.Message extensionAny *anypb.Any compressorAny *anypb.Any err error @@ -113,7 +113,7 @@ func buildCompressorFilter(compressionType egv1a1.CompressorType) (*hcmv3.HttpFi extensionMsg = &gzipv3.Gzip{} } - if extensionAny, err = protocov.ToAnyWithValidation(extensionMsg); err != nil { + if extensionAny, err = proto.ToAnyWithValidation(extensionMsg); err != nil { return nil, err } @@ -124,7 +124,7 @@ func buildCompressorFilter(compressionType egv1a1.CompressorType) (*hcmv3.HttpFi }, } - if compressorAny, err = protocov.ToAnyWithValidation(compressorProto); err != nil { + if compressorAny, err = proto.ToAnyWithValidation(compressorProto); err != nil { return nil, err } @@ -182,7 +182,7 @@ func (*compressor) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error } compressorProto := compressorPerRouteConfig() - if compressorAny, err = protocov.ToAnyWithValidation(compressorProto); err != nil { + if compressorAny, err = proto.ToAnyWithValidation(compressorProto); err != nil { return err } diff --git a/internal/xds/translator/custom_response.go b/internal/xds/translator/custom_response.go index 8b7f320d71..259144e6be 100644 --- a/internal/xds/translator/custom_response.go +++ b/internal/xds/translator/custom_response.go @@ -25,7 +25,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -78,16 +78,11 @@ func (c *customResponse) patchHCM(mgr *hcmv3.HttpConnectionManager, irListener * // buildHCMCustomResponseFilter returns an OAuth2 HTTP filter from the provided IR HTTPRoute. func (c *customResponse) buildHCMCustomResponseFilter(ro *ir.ResponseOverride) (*hcmv3.HttpFilter, error) { - proto, err := c.customResponseConfig(ro) + config, err := c.customResponseConfig(ro) if err != nil { return nil, err } - - if err := proto.ValidateAll(); err != nil { - return nil, err - } - - any, err := protocov.ToAnyWithValidation(proto) + any, err := proto.ToAnyWithValidation(config) if err != nil { return nil, err } @@ -239,7 +234,7 @@ func (c *customResponse) buildHTTPAttributeCELInput() (*cncfv3.TypedExtensionCon err error ) - if pb, err = protocov.ToAnyWithValidation(&matcherv3.HttpAttributesCelMatchInput{}); err != nil { + if pb, err = proto.ToAnyWithValidation(&matcherv3.HttpAttributesCelMatchInput{}); err != nil { return nil, err } @@ -255,7 +250,7 @@ func (c *customResponse) buildStatusCodeInput() (*cncfv3.TypedExtensionConfig, e err error ) - if pb, err = protocov.ToAnyWithValidation(&envoymatcherv3.HttpResponseStatusCodeMatchInput{}); err != nil { + if pb, err = proto.ToAnyWithValidation(&envoymatcherv3.HttpResponseStatusCodeMatchInput{}); err != nil { return nil, err } @@ -362,11 +357,7 @@ func (c *customResponse) buildStatusCodeCELMatcher(codeRange ir.StatusCodeRange) }, }, } - if err := matcher.ValidateAll(); err != nil { - return nil, err - } - - if pb, err = protocov.ToAnyWithValidation(matcher); err != nil { + if pb, err = proto.ToAnyWithValidation(matcher); err != nil { return nil, err } @@ -405,11 +396,7 @@ func (c *customResponse) buildAction(r ir.ResponseOverrideRule) (*matcherv3.Matc err error ) - if err := response.ValidateAll(); err != nil { - return nil, err - } - - if pb, err = protocov.ToAnyWithValidation(response); err != nil { + if pb, err = proto.ToAnyWithValidation(response); err != nil { return nil, err } diff --git a/internal/xds/translator/extauth.go b/internal/xds/translator/extauth.go index f65cc0875f..954d674636 100644 --- a/internal/xds/translator/extauth.go +++ b/internal/xds/translator/extauth.go @@ -72,10 +72,6 @@ func (*extAuth) patchHCM(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTTPLi // buildHCMExtAuthFilter returns an ext_authz HTTP filter from the provided IR HTTPRoute. func buildHCMExtAuthFilter(extAuth *ir.ExtAuth) (*hcmv3.HttpFilter, error) { extAuthProto := extAuthConfig(extAuth) - if err := extAuthProto.ValidateAll(); err != nil { - return nil, err - } - extAuthAny, err := anypb.New(extAuthProto) if err != nil { return nil, err diff --git a/internal/xds/translator/extproc.go b/internal/xds/translator/extproc.go index 3f576f0839..d416e90748 100644 --- a/internal/xds/translator/extproc.go +++ b/internal/xds/translator/extproc.go @@ -69,10 +69,6 @@ func (*extProc) patchHCM(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTTPLi // buildHCMExtProcFilter returns an ext_proc HTTP filter from the provided IR HTTPRoute. func buildHCMExtProcFilter(extProc ir.ExtProc) (*hcmv3.HttpFilter, error) { extAuthProto := extProcConfig(extProc) - if err := extAuthProto.ValidateAll(); err != nil { - return nil, err - } - extAuthAny, err := anypb.New(extAuthProto) if err != nil { return nil, err diff --git a/internal/xds/translator/fault.go b/internal/xds/translator/fault.go index 192ce5bf8e..2647264d96 100644 --- a/internal/xds/translator/fault.go +++ b/internal/xds/translator/fault.go @@ -20,7 +20,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -67,12 +67,7 @@ func (*fault) patchHCM(mgr *hcmv3.HttpConnectionManager, irListener *ir.HTTPList // buildHCMFaultFilter returns a basic_auth HTTP filter from the provided IR HTTPRoute. func buildHCMFaultFilter() (*hcmv3.HttpFilter, error) { faultProto := &xdshttpfaultv3.HTTPFault{} - - if err := faultProto.ValidateAll(); err != nil { - return nil, err - } - - faultAny, err := protocov.ToAnyWithValidation(faultProto) + faultAny, err := proto.ToAnyWithValidation(faultProto) if err != nil { return nil, err } @@ -166,7 +161,7 @@ func (*fault) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error { return nil } - routeCfgAny, err := protocov.ToAnyWithValidation(routeCfgProto) + routeCfgAny, err := proto.ToAnyWithValidation(routeCfgProto) if err != nil { return err } diff --git a/internal/xds/translator/healthcheck.go b/internal/xds/translator/healthcheck.go index 3356730a6e..c44484a6ad 100644 --- a/internal/xds/translator/healthcheck.go +++ b/internal/xds/translator/healthcheck.go @@ -82,9 +82,6 @@ func buildHealthCheckFilter(healthCheck *ir.HealthCheckSettings) (*hcmv3.HttpFil }}, } - if err = healthCheckProto.ValidateAll(); err != nil { - return nil, err - } if healthCheckAny, err = anypb.New(healthCheckProto); err != nil { return nil, err } diff --git a/internal/xds/translator/jwt.go b/internal/xds/translator/jwt.go index 2f93854b07..d987b92c1f 100644 --- a/internal/xds/translator/jwt.go +++ b/internal/xds/translator/jwt.go @@ -22,7 +22,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -77,7 +77,7 @@ func buildHCMJWTFilter(irListener *ir.HTTPListener) (*hcmv3.HttpFilter, error) { return nil, err } - jwtAuthnAny, err := protocov.ToAnyWithValidation(jwtAuthnProto) + jwtAuthnAny, err := proto.ToAnyWithValidation(jwtAuthnProto) if err != nil { return nil, err } @@ -229,7 +229,7 @@ func buildXdsUpstreamTLSSocket(sni string) (*corev3.TransportSocket, error) { }, } - tlsCtxAny, err := protocov.ToAnyWithValidation(tlsCtxProto) + tlsCtxAny, err := proto.ToAnyWithValidation(tlsCtxProto) if err != nil { return nil, err } @@ -262,7 +262,7 @@ func (*jwt) patchRoute(route *routev3.Route, irRoute *ir.HTTPRoute) error { RequirementSpecifier: &jwtauthnv3.PerRouteConfig_RequirementName{RequirementName: irRoute.Name}, } - routeCfgAny, err := protocov.ToAnyWithValidation(routeCfgProto) + routeCfgAny, err := proto.ToAnyWithValidation(routeCfgProto) if err != nil { return err } diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go index 62daee2781..66e779b4e3 100644 --- a/internal/xds/translator/listener.go +++ b/internal/xds/translator/listener.go @@ -30,7 +30,7 @@ import ( typev3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - "google.golang.org/protobuf/proto" + protobuf "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" @@ -38,7 +38,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" xdsfilters "github.com/envoyproxy/gateway/internal/xds/filters" ) @@ -68,7 +68,7 @@ func http1ProtocolOptions(opts *ir.HTTP1Settings) *corev3.Http1ProtocolOptions { EnableTrailers: opts.EnableTrailers, } if opts.PreserveHeaderCase { - preservecaseAny, _ := protocov.ToAnyWithValidation(&preservecasev3.PreserveCaseFormatterConfig{}) + preservecaseAny, _ := proto.ToAnyWithValidation(&preservecasev3.PreserveCaseFormatterConfig{}) r.HeaderKeyFormat = &corev3.Http1ProtocolOptions_HeaderKeyFormat{ HeaderFormat: &corev3.Http1ProtocolOptions_HeaderKeyFormat_StatefulFormatter{ StatefulFormatter: &corev3.TypedExtensionConfig{ @@ -137,7 +137,7 @@ func originalIPDetectionExtensions(clientIPDetection *ir.ClientIPDetectionSettin rejectWithStatus = &typev3.HttpStatus{Code: typev3.StatusCode_Forbidden} } - customHeaderConfigAny, _ := protocov.ToAnyWithValidation(&customheaderv3.CustomHeaderConfig{ + customHeaderConfigAny, _ := proto.ToAnyWithValidation(&customheaderv3.CustomHeaderConfig{ HeaderName: clientIPDetection.CustomHeader.Name, RejectWithStatus: rejectWithStatus, @@ -160,14 +160,14 @@ func originalIPDetectionExtensions(clientIPDetection *ir.ClientIPDetectionSettin PrefixLen: wrapperspb.UInt32(uint32(prefixLen)), }) } - xffHeaderConfigAny, _ = protocov.ToAnyWithValidation(&xffv3.XffConfig{ + xffHeaderConfigAny, _ = proto.ToAnyWithValidation(&xffv3.XffConfig{ XffTrustedCidrs: &xffv3.XffTrustedCidrs{ Cidrs: trustedCidrs, }, SkipXffAppend: wrapperspb.Bool(false), }) } else if clientIPDetection.XForwardedFor.NumTrustedHops != nil { - xffHeaderConfigAny, _ = protocov.ToAnyWithValidation(&xffv3.XffConfig{ + xffHeaderConfigAny, _ = proto.ToAnyWithValidation(&xffv3.XffConfig{ XffNumTrustedHops: xffNumTrustedHops(clientIPDetection), SkipXffAppend: wrapperspb.Bool(false), }) @@ -186,7 +186,7 @@ func originalIPDetectionExtensions(clientIPDetection *ir.ClientIPDetectionSettin func buildXdsTCPListener( name, address string, port uint32, - ipFamily *ir.IPFamily, + ipFamily *egv1a1.IPFamily, keepalive *ir.TCPKeepalive, connection *ir.ClientConnection, accesslog *ir.AccessLog, @@ -231,7 +231,7 @@ func buildPerConnectionBufferLimitBytes(connection *ir.ClientConnection) *wrappe } // buildXdsQuicListener creates a xds Listener resource for quic -func buildXdsQuicListener(name, address string, port uint32, ipFamily *ir.IPFamily, accesslog *ir.AccessLog) (*listenerv3.Listener, error) { +func buildXdsQuicListener(name, address string, port uint32, ipFamily *egv1a1.IPFamily, accesslog *ir.AccessLog) (*listenerv3.Listener, error) { log, err := buildXdsAccessLog(accesslog, ir.ProxyAccessLogTypeListener) if err != nil { return nil, err @@ -482,7 +482,7 @@ func buildEarlyHeaderMutation(headers *ir.HeaderSettings) []*corev3.TypedExtensi mutationRules = append(mutationRules, mr) } - earlyHeaderMutationAny, _ := protocov.ToAnyWithValidation(&early_header_mutationv3.HeaderMutation{ + earlyHeaderMutationAny, _ := proto.ToAnyWithValidation(&early_header_mutationv3.HeaderMutation{ Mutations: mutationRules, }) @@ -643,7 +643,7 @@ func addXdsTLSInspectorFilter(xdsListener *listenerv3.Listener) error { } tlsInspector := &tls_inspectorv3.TlsInspector{} - tlsInspectorAny, err := protocov.ToAnyWithValidation(tlsInspector) + tlsInspectorAny, err := proto.ToAnyWithValidation(tlsInspector) if err != nil { return err } @@ -691,7 +691,7 @@ func buildDownstreamQUICTransportSocket(tlsConfig *ir.TLSConfig) (*corev3.Transp setDownstreamTLSSessionSettings(tlsConfig, tlsCtx.DownstreamTlsContext) - tlsCtxAny, err := protocov.ToAnyWithValidation(tlsCtx) + tlsCtxAny, err := proto.ToAnyWithValidation(tlsCtx) if err != nil { return nil, err } @@ -733,7 +733,7 @@ func buildXdsDownstreamTLSSocket(tlsConfig *ir.TLSConfig) (*corev3.TransportSock setDownstreamTLSSessionSettings(tlsConfig, tlsCtx) - tlsCtxAny, err := protocov.ToAnyWithValidation(tlsCtx) + tlsCtxAny, err := proto.ToAnyWithValidation(tlsCtx) if err != nil { return nil, err } @@ -848,7 +848,7 @@ func buildXdsUDPListener(clusterName string, udpListener *ir.UDPListener, access route := &udpv3.Route{ Cluster: clusterName, } - routeAny, err := protocov.ToAnyWithValidation(route) + routeAny, err := proto.ToAnyWithValidation(route) if err != nil { return nil, err } @@ -873,7 +873,7 @@ func buildXdsUDPListener(clusterName string, udpListener *ir.UDPListener, access }, }, } - udpProxyAny, err := protocov.ToAnyWithValidation(udpProxy) + udpProxyAny, err := proto.ToAnyWithValidation(udpProxy) if err != nil { return nil, err } @@ -934,8 +934,8 @@ func translateEscapePath(in ir.PathEscapedSlashAction) hcmv3.HttpConnectionManag return hcmv3.HttpConnectionManager_IMPLEMENTATION_SPECIFIC_DEFAULT } -func toNetworkFilter(filterName string, filterProto proto.Message) (*listenerv3.Filter, error) { - filterAny, err := protocov.ToAnyWithValidation(filterProto) +func toNetworkFilter(filterName string, filterProto protobuf.Message) (*listenerv3.Filter, error) { + filterAny, err := proto.ToAnyWithValidation(filterProto) if err != nil { return nil, err } diff --git a/internal/xds/translator/oidc.go b/internal/xds/translator/oidc.go index 791a6e471a..25dd496d20 100644 --- a/internal/xds/translator/oidc.go +++ b/internal/xds/translator/oidc.go @@ -21,7 +21,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -79,11 +79,7 @@ func buildHCMOAuth2Filter(oidc *ir.OIDC) (*hcmv3.HttpFilter, error) { return nil, err } - if err := oauth2Proto.ValidateAll(); err != nil { - return nil, err - } - - OAuth2Any, err := protocov.ToAnyWithValidation(oauth2Proto) + OAuth2Any, err := proto.ToAnyWithValidation(oauth2Proto) if err != nil { return nil, err } diff --git a/internal/xds/translator/route.go b/internal/xds/translator/route.go index 369b5011f9..4ea127d277 100644 --- a/internal/xds/translator/route.go +++ b/internal/xds/translator/route.go @@ -19,7 +19,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" ) const ( @@ -573,7 +573,7 @@ func buildHashPolicy(httpRoute *ir.HTTPRoute) []*routev3.RouteAction_HashPolicy func buildRetryPolicy(route *ir.HTTPRoute) (*routev3.RetryPolicy, error) { rr := route.GetRetry() - anyCfg, err := protocov.ToAnyWithValidation(&previoushost.PreviousHostsPredicate{}) + anyCfg, err := proto.ToAnyWithValidation(&previoushost.PreviousHostsPredicate{}) if err != nil { return nil, err } diff --git a/internal/xds/translator/testdata/in/xds-ir/ext-auth-backend.yaml b/internal/xds/translator/testdata/in/xds-ir/ext-auth-backend.yaml index 4f93e2e773..fba3c4a838 100644 --- a/internal/xds/translator/testdata/in/xds-ir/ext-auth-backend.yaml +++ b/internal/xds/translator/testdata/in/xds-ir/ext-auth-backend.yaml @@ -106,6 +106,12 @@ http: extAuth: name: securitypolicy/default/policy-for-gateway-1 failOpen: true + traffic: + circuitBreaker: + maxConnections: 30001 + maxParallelRequests: 1022 + maxParallelRetries: 1023 + maxPendingRequests: 1024 http: authority: primary.foo.com destination: diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml index 3ff821f5ef..8c4d92eeaa 100644 --- a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml +++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml @@ -84,7 +84,10 @@ initialStreamWindowSize: 65536 - circuitBreakers: thresholds: - - maxRetries: 1024 + - maxConnections: 30001 + maxPendingRequests: 1024 + maxRequests: 1022 + maxRetries: 1023 commonLbConfig: localityWeightedLbConfig: {} connectTimeout: 10s diff --git a/internal/xds/translator/tracing.go b/internal/xds/translator/tracing.go index ee3f4f5e90..5681fa442f 100644 --- a/internal/xds/translator/tracing.go +++ b/internal/xds/translator/tracing.go @@ -20,7 +20,7 @@ import ( egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" "github.com/envoyproxy/gateway/internal/ir" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -49,7 +49,7 @@ func buildHCMTracing(tracing *ir.Tracing) (*hcm.HttpConnectionManager_Tracing, e ServiceName: tracing.ServiceName, CollectorCluster: tracing.Destination.Name, } - return protocov.ToAnyWithValidation(config) + return proto.ToAnyWithValidation(config) } case egv1a1.TracingProviderTypeOpenTelemetry: providerName = envoyOpenTelemetry @@ -67,7 +67,7 @@ func buildHCMTracing(tracing *ir.Tracing) (*hcm.HttpConnectionManager_Tracing, e ServiceName: tracing.ServiceName, } - return protocov.ToAnyWithValidation(config) + return proto.ToAnyWithValidation(config) } case egv1a1.TracingProviderTypeZipkin: providerName = envoyZipkin @@ -81,7 +81,7 @@ func buildHCMTracing(tracing *ir.Tracing) (*hcm.HttpConnectionManager_Tracing, e CollectorEndpointVersion: tracecfg.ZipkinConfig_HTTP_JSON, } - return protocov.ToAnyWithValidation(config) + return proto.ToAnyWithValidation(config) } default: return nil, fmt.Errorf("unknown tracing provider type: %s", tracing.Provider.Type) diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go index 937f002388..b01a177692 100644 --- a/internal/xds/translator/translator.go +++ b/internal/xds/translator/translator.go @@ -22,7 +22,7 @@ import ( matcherv3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" resourcev3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - "google.golang.org/protobuf/proto" + protobuf "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/wrapperspb" "k8s.io/apimachinery/pkg/util/sets" @@ -32,7 +32,7 @@ import ( extensionTypes "github.com/envoyproxy/gateway/internal/extension/types" "github.com/envoyproxy/gateway/internal/ir" "github.com/envoyproxy/gateway/internal/utils" - "github.com/envoyproxy/gateway/internal/utils/protocov" + "github.com/envoyproxy/gateway/internal/utils/proto" "github.com/envoyproxy/gateway/internal/xds/types" ) @@ -131,6 +131,12 @@ func (t *Translator) Translate(xdsIR *ir.Xds) (*types.ResourceVersionTable, erro } } + // Validate all the xds resources in the table before returning + // This is necessary to catch any misconfigurations that might have been missed during translation + if err := tCtx.ValidateAll(); err != nil { + errs = errors.Join(errs, err) + } + return tCtx, errs } @@ -632,7 +638,7 @@ func replaceHCMInFilterChain(hcm *hcmv3.HttpConnectionManager, filterChain *list for i, filter := range filterChain.Filters { if filter.Name == wellknown.HTTPConnectionManager { var mgrAny *anypb.Any - if mgrAny, err = protocov.ToAnyWithValidation(hcm); err != nil { + if mgrAny, err = proto.ToAnyWithValidation(hcm); err != nil { return err } @@ -651,7 +657,7 @@ func findHCMinFilterChain(filterChain *listenerv3.FilterChain) (*hcmv3.HttpConne for _, filter := range filterChain.Filters { if filter.Name == wellknown.HTTPConnectionManager { hcm := &hcmv3.HttpConnectionManager{} - if err := anypb.UnmarshalTo(filter.GetTypedConfig(), hcm, proto.UnmarshalOptions{}); err != nil { + if err := anypb.UnmarshalTo(filter.GetTypedConfig(), hcm, protobuf.UnmarshalOptions{}); err != nil { return nil, err } return hcm, nil @@ -1044,7 +1050,7 @@ func buildXdsUpstreamTLSSocketWthCert(tlsConfig *ir.TLSUpstreamConfig) (*corev3. } } - tlsCtxAny, err := protocov.ToAnyWithValidation(tlsCtx) + tlsCtxAny, err := proto.ToAnyWithValidation(tlsCtx) if err != nil { return nil, err } diff --git a/internal/xds/translator/wasm.go b/internal/xds/translator/wasm.go index 34b1087d5c..b4fb84dbb1 100644 --- a/internal/xds/translator/wasm.go +++ b/internal/xds/translator/wasm.go @@ -80,9 +80,6 @@ func buildHCMWasmFilter(wasm ir.Wasm) (*hcmv3.HttpFilter, error) { if wasmProto, err = wasmConfig(wasm); err != nil { return nil, err } - if err = wasmProto.ValidateAll(); err != nil { - return nil, err - } if wasmAny, err = anypb.New(wasmProto); err != nil { return nil, err } diff --git a/internal/xds/types/resourceversiontable.go b/internal/xds/types/resourceversiontable.go index 2f7a7926bd..5af8a4f71b 100644 --- a/internal/xds/types/resourceversiontable.go +++ b/internal/xds/types/resourceversiontable.go @@ -6,18 +6,15 @@ package types import ( + "errors" "fmt" - clusterv3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - endpointv3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - listenerv3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - routev3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - tlsv3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/envoyproxy/go-control-plane/pkg/cache/types" resourcev3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3" - "google.golang.org/protobuf/proto" + protobuf "google.golang.org/protobuf/proto" "github.com/envoyproxy/gateway/internal/ir" + "github.com/envoyproxy/gateway/internal/utils/proto" ) // XdsResources represents all the xds resources @@ -50,7 +47,7 @@ func (t *ResourceVersionTable) DeepCopyInto(out *ResourceVersionTable) { in, out := &val, &outVal //nolint:gosec,scopelint *out = make([]types.Resource, len(*in)) for i := range *in { - (*out)[i] = proto.Clone((*in)[i]) + (*out)[i] = protobuf.Clone((*in)[i]) } } (*out)[key] = outVal @@ -81,62 +78,8 @@ func (t *ResourceVersionTable) AddXdsResource(rType resourcev3.Type, xdsResource return fmt.Errorf("xds resource is nil") } - // Perform type switch to handle different types of xdsResource - switch rType { - case resourcev3.ListenerType: - // Handle Type specific operations - if resourceOfType, ok := xdsResource.(*listenerv3.Listener); ok { - if err := resourceOfType.ValidateAll(); err != nil { - return fmt.Errorf("validation failed for xds resource %+v, err: %w", xdsResource, err) - } - } else { - return fmt.Errorf("failed to cast xds resource %+v to Listener type", xdsResource) - } - case resourcev3.RouteType: - // Handle Type specific operations - if resourceOfType, ok := xdsResource.(*routev3.RouteConfiguration); ok { - if err := resourceOfType.ValidateAll(); err != nil { - return fmt.Errorf("validation failed for xds resource %+v, err: %w", xdsResource, err) - } - } else { - return fmt.Errorf("failed to cast xds resource %+v to RouteConfiguration type", xdsResource) - } - - case resourcev3.SecretType: - // Handle specific operations - if resourceOfType, ok := xdsResource.(*tlsv3.Secret); ok { - if err := resourceOfType.ValidateAll(); err != nil { - return fmt.Errorf("validation failed for xds resource %+v, err: %w", xdsResource, err) - } - } else { - return fmt.Errorf("failed to cast xds resource %+v to Secret type", xdsResource) - } - - case resourcev3.EndpointType: - if resourceOfType, ok := xdsResource.(*endpointv3.ClusterLoadAssignment); ok { - if err := resourceOfType.ValidateAll(); err != nil { - return fmt.Errorf("validation failed for xds resource %+v, err: %w", xdsResource, err) - } - } else { - return fmt.Errorf("failed to cast xds resource %+v to ClusterLoadAssignment type", xdsResource) - } - - case resourcev3.ClusterType: - // Handle specific operations - if resourceOfType, ok := xdsResource.(*clusterv3.Cluster); ok { - if err := resourceOfType.ValidateAll(); err != nil { - return fmt.Errorf("validation failed for xds resource %+v, err: %w", xdsResource, err) - } - } else { - return fmt.Errorf("failed to cast xds resource %+v to Cluster type", xdsResource) - } - case resourcev3.RateLimitConfigType: - // Handle specific operations - // cfg resource from runner.go is the RateLimitConfig type from "github.com/envoyproxy/go-control-plane/ratelimit/config/ratelimit/v3", which does have validate function. - - // Add more cases for other types as needed - default: - // Handle the case when the type is not recognized or supported + if err := proto.Validate(xdsResource); err != nil { + return fmt.Errorf("validation failed for xds resource %+v, err: %w", xdsResource, err) } if t.XdsResources == nil { @@ -150,6 +93,20 @@ func (t *ResourceVersionTable) AddXdsResource(rType resourcev3.Type, xdsResource return nil } +// ValidateAll validates all the xds resources in the ResourceVersionTable +func (t *ResourceVersionTable) ValidateAll() error { + var errs error + + for _, xdsResource := range t.XdsResources { + for _, resource := range xdsResource { + if err := proto.Validate(resource); err != nil { + errs = errors.Join(errs, err) + } + } + } + return errs +} + // AddOrReplaceXdsResource will update an existing resource of rType according to matchFunc or add as a new resource // if none satisfy the match criteria. It will only update the first match it finds, regardless // if multiple resources satisfy the match criteria. diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 288804f88b..0fd9652770 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -8,8 +8,11 @@ security updates: | # New features or capabilities added in this release. new features: | + Add defaulter for gateway-api resources loading from file to be able to set default values. bug fixes: | + Added support for Secret and ConfigMap parsing in Standalone mode. + Fix translating backendSettings for extAuth # Enhancements that improve performance. performance improvements: | diff --git a/site/go.mod b/site/go.mod index 4a41d4d7f7..0f5275a869 100644 --- a/site/go.mod +++ b/site/go.mod @@ -1,6 +1,6 @@ module github.com/google/docsy-example -go 1.23.1 +go 1.23.6 require ( github.com/FortAwesome/Font-Awesome v0.0.0-20240402185447-c0f460dca7f7 // indirect diff --git a/tools/make/golang.mk b/tools/make/golang.mk index 4f4dce00fa..36531fed65 100644 --- a/tools/make/golang.mk +++ b/tools/make/golang.mk @@ -53,6 +53,7 @@ go.testdata.complete: ## Override test ouputdata go test -timeout 30s github.com/envoyproxy/gateway/internal/infrastructure/kubernetes/proxy --override-testdata=true go test -timeout 30s github.com/envoyproxy/gateway/internal/xds/bootstrap --override-testdata=true go test -timeout 60s github.com/envoyproxy/gateway/internal/gatewayapi --override-testdata=true + go test -timeout 60s github.com/envoyproxy/gateway/internal/gatewayapi/resource --override-testdata=true .PHONY: go.test.coverage go.test.coverage: go.test.cel ## Run go unit and integration tests in GitHub Actions diff --git a/tools/src/buf/go.mod b/tools/src/buf/go.mod index 6747938eb0..7926642d08 100644 --- a/tools/src/buf/go.mod +++ b/tools/src/buf/go.mod @@ -1,6 +1,6 @@ module local -go 1.23.3 +go 1.23.6 require github.com/bufbuild/buf v1.50.0 diff --git a/tools/src/controller-gen/go.mod b/tools/src/controller-gen/go.mod index 3289476db6..dbfc6573ee 100644 --- a/tools/src/controller-gen/go.mod +++ b/tools/src/controller-gen/go.mod @@ -1,14 +1,14 @@ module local -go 1.22.7 +go 1.23.6 -require sigs.k8s.io/controller-tools v0.16.1 +require sigs.k8s.io/controller-tools v0.17.1 require ( - github.com/fatih/color v1.17.0 // indirect + github.com/fatih/color v1.18.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-logr/logr v1.4.2 // indirect - github.com/gobuffalo/flect v1.0.2 // indirect + github.com/gobuffalo/flect v1.0.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect @@ -20,21 +20,21 @@ require ( github.com/spf13/cobra v1.8.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/mod v0.20.0 // indirect + golang.org/x/mod v0.22.0 // indirect golang.org/x/net v0.34.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.29.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/tools v0.24.0 // indirect + golang.org/x/tools v0.29.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.31.0 // indirect - k8s.io/apiextensions-apiserver v0.31.0 // indirect - k8s.io/apimachinery v0.31.0 // indirect + k8s.io/api v0.32.0 // indirect + k8s.io/apiextensions-apiserver v0.32.0 // indirect + k8s.io/apimachinery v0.32.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect + sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/tools/src/controller-gen/go.sum b/tools/src/controller-gen/go.sum index 61f605375d..4ea633a53d 100644 --- a/tools/src/controller-gen/go.sum +++ b/tools/src/controller-gen/go.sum @@ -3,16 +3,16 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= -github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/gobuffalo/flect v1.0.2 h1:eqjPGSo2WmjgY2XlpGwo2NXgL3RucAKo4k4qQMNA5sA= -github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= +github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4= +github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -45,8 +45,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= -github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -73,12 +73,10 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= -golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -105,8 +103,8 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= -golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= +golang.org/x/tools v0.29.0 h1:Xx0h3TtM9rzQpQuR4dKLrdglAmCEN5Oi+P74JdhdzXE= +golang.org/x/tools v0.29.0/go.mod h1:KMQVMRsVxU6nHCFXrBPhDB8XncLNLM0lIy/F14RP588= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -118,27 +116,26 @@ gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= -k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= -k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= -k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= -k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= -k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= +k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= +k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= +k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= +k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= +k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-tools v0.16.1 h1:gvIsZm+2aimFDIBiDKumR7EBkc+oLxljoUVfRbDI6RI= -sigs.k8s.io/controller-tools v0.16.1/go.mod h1:0I0xqjR65YTfoO12iR+mZR6s6UAVcUARgXRlsu0ljB0= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro= +k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-tools v0.17.1 h1:bQ+dKCS7jY9AgpefenBDtm6geJZCHVKbegpLynxgyus= +sigs.k8s.io/controller-tools v0.17.1/go.mod h1:3QXAdrmdxYuQ4MifvbCAFD9wLXn7jylnfBPYS4yVDdc= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8= +sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA= +sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/tools/src/crd-ref-docs/go.mod b/tools/src/crd-ref-docs/go.mod index 8c0a460ff2..0c40434b4a 100644 --- a/tools/src/crd-ref-docs/go.mod +++ b/tools/src/crd-ref-docs/go.mod @@ -1,6 +1,6 @@ module local -go 1.23.3 +go 1.23.6 require github.com/elastic/crd-ref-docs v0.1.0 diff --git a/tools/src/gci/go.mod b/tools/src/gci/go.mod index bf8d0ac7a5..623737506b 100644 --- a/tools/src/gci/go.mod +++ b/tools/src/gci/go.mod @@ -1,6 +1,6 @@ module local -go 1.23.3 +go 1.23.6 require github.com/daixiang0/gci v0.13.4 diff --git a/tools/src/golangci-lint/go.mod b/tools/src/golangci-lint/go.mod index adfc2e68da..070434dedd 100644 --- a/tools/src/golangci-lint/go.mod +++ b/tools/src/golangci-lint/go.mod @@ -1,6 +1,6 @@ module local -go 1.23.3 +go 1.23.6 require github.com/golangci/golangci-lint v1.63.4 diff --git a/tools/src/helm-docs/go.mod b/tools/src/helm-docs/go.mod index 387049355d..3f9cae4a9e 100644 --- a/tools/src/helm-docs/go.mod +++ b/tools/src/helm-docs/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/helm-docs -go 1.23.3 +go 1.23.6 require github.com/norwoodj/helm-docs v1.14.2 diff --git a/tools/src/jb/go.mod b/tools/src/jb/go.mod index 9915adc8bf..6782ebf5c8 100644 --- a/tools/src/jb/go.mod +++ b/tools/src/jb/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/jb -go 1.23.3 +go 1.23.6 require github.com/jsonnet-bundler/jsonnet-bundler v0.5.1 diff --git a/tools/src/jsonnet/go.mod b/tools/src/jsonnet/go.mod index aec5a71fee..b6ca6553c0 100644 --- a/tools/src/jsonnet/go.mod +++ b/tools/src/jsonnet/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/jsonnet -go 1.23.3 +go 1.23.6 require github.com/google/go-jsonnet v0.20.0 diff --git a/tools/src/kind/go.mod b/tools/src/kind/go.mod index 1deb67377f..211012de8e 100644 --- a/tools/src/kind/go.mod +++ b/tools/src/kind/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/kind -go 1.23.3 +go 1.23.6 require sigs.k8s.io/kind v0.26.0 diff --git a/tools/src/protoc-gen-go-grpc/go.mod b/tools/src/protoc-gen-go-grpc/go.mod index 1b6f5e9f0c..d7962f7254 100644 --- a/tools/src/protoc-gen-go-grpc/go.mod +++ b/tools/src/protoc-gen-go-grpc/go.mod @@ -1,6 +1,6 @@ module github.com/envoyproxy/gateway/tools/src/protoc-gen-go-grpc -go 1.23.3 +go 1.23.6 require google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0 diff --git a/tools/src/protoc-gen-go/go.mod b/tools/src/protoc-gen-go/go.mod index 86ccc61936..5b57bf6648 100644 --- a/tools/src/protoc-gen-go/go.mod +++ b/tools/src/protoc-gen-go/go.mod @@ -1,5 +1,5 @@ module github.com/envoyproxy/gateway/tools/src/protoc-gen-go -go 1.23.3 +go 1.23.6 require google.golang.org/protobuf v1.33.0 diff --git a/tools/src/setup-envtest/go.mod b/tools/src/setup-envtest/go.mod index 53ea509481..e39ea1aa94 100644 --- a/tools/src/setup-envtest/go.mod +++ b/tools/src/setup-envtest/go.mod @@ -1,6 +1,6 @@ module local -go 1.23.3 +go 1.23.6 require sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240813183042-b901db121e1f