diff --git a/charts/fsm/templates/fsm-rbac.yaml b/charts/fsm/templates/fsm-rbac.yaml index 5bfd3de88..2030d2f81 100644 --- a/charts/fsm/templates/fsm-rbac.yaml +++ b/charts/fsm/templates/fsm-rbac.yaml @@ -161,13 +161,58 @@ rules: # GatewayAPI Extension - apiGroups: [ "extension.gateway.flomesh.io" ] - resources: [ "filters", "filterdefinitions", "listenerfilters", "circuitbreakers", "faultinjections", "ratelimits", "httplogs", "metrics", "zipkins", "filterconfigs", "proxytags" ] + resources: + - "filters" + - "filterdefinitions" + - "listenerfilters" + - "circuitbreakers" + - "faultinjections" + - "ratelimits" + - "httplogs" + - "metrics" + - "zipkins" + - "filterconfigs" + - "proxytags" + - "iprestrictions" + - "externalratelimits" + - "concurrencylimits" + - "requestterminations" verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ] - apiGroups: [ "extension.gateway.flomesh.io" ] - resources: [ "filters/finalizers", "filterdefinitions/finalizers", "listenerfilters/finalizers", "circuitbreakers/finalizers", "faultinjections/finalizers", "ratelimits/finalizers", "httplogs/finalizers", "metrics/finalizers", "zipkins/finalizers", "filterconfigs/finalizers", "proxytags/finalizers" ] + resources: + - "filters/finalizers" + - "filterdefinitions/finalizers" + - "listenerfilters/finalizers" + - "circuitbreakers/finalizers" + - "faultinjections/finalizers" + - "ratelimits/finalizers" + - "httplogs/finalizers" + - "metrics/finalizers" + - "zipkins/finalizers" + - "filterconfigs/finalizers" + - "proxytags/finalizers" + - "iprestrictions/finalizers" + - "externalratelimits/finalizers" + - "concurrencylimits/finalizers" + - "requestterminations/finalizers" verbs: [ "update" ] - apiGroups: [ "extension.gateway.flomesh.io" ] - resources: [ "filters/status", "filterdefinitions/status", "listenerfilters/status", "circuitbreakers/status", "faultinjections/status", "ratelimits/status", "httplogs/status", "metrics/status", "zipkins/status", "filterconfigs/status", "proxytags/status" ] + resources: + - "filters/status" + - "filterdefinitions/status" + - "listenerfilters/status" + - "circuitbreakers/status" + - "faultinjections/status" + - "ratelimits/status" + - "httplogs/status" + - "metrics/status" + - "zipkins/status" + - "filterconfigs/status" + - "proxytags/status" + - "iprestrictions/status" + - "externalratelimits/status" + - "concurrencylimits/status" + - "requestterminations/status" verbs: [ "get", "patch", "update" ] # PolicyAttachment diff --git a/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_concurrencylimits.yaml b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_concurrencylimits.yaml new file mode 100644 index 000000000..d812a6747 --- /dev/null +++ b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_concurrencylimits.yaml @@ -0,0 +1,128 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + app.kubernetes.io/name: flomesh.io + gateway.flomesh.io/extension: Filter + name: concurrencylimits.extension.gateway.flomesh.io +spec: + group: extension.gateway.flomesh.io + names: + categories: + - gateway-api + kind: ConcurrencyLimit + listKind: ConcurrencyLimitList + plural: concurrencylimits + singular: concurrencylimit + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ConcurrencyLimit is the Schema for the ConcurrencyLimit API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ConcurrencyLimitSpec defines the desired state of ConcurrencyLimit + properties: + maxConnections: + default: 100 + description: MaxConnections is the maximum number of concurrent connections, + default is 100 + format: int32 + minimum: 1 + type: integer + type: object + status: + description: ConcurrencyLimitStatus defines the observed state of ConcurrencyLimit + properties: + conditions: + description: Conditions describe the current conditions of the ConcurrencyLimit. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_externalratelimits.yaml b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_externalratelimits.yaml new file mode 100644 index 000000000..2e263a885 --- /dev/null +++ b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_externalratelimits.yaml @@ -0,0 +1,144 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + app.kubernetes.io/name: flomesh.io + gateway.flomesh.io/extension: Filter + name: externalratelimits.extension.gateway.flomesh.io +spec: + group: extension.gateway.flomesh.io + names: + categories: + - gateway-api + kind: ExternalRateLimit + listKind: ExternalRateLimitList + plural: externalratelimits + singular: externalratelimit + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: ExternalRateLimit is the Schema for the ExternalRateLimit API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ExternalRateLimitSpec defines the desired state of ExternalRateLimit + properties: + passHeaders: + description: PassHeaders is the list of headers to be passed to the + backend service + items: + description: HeaderName is the name of a header or query parameter. + maxLength: 256 + minLength: 1 + pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: array + x-kubernetes-list-type: set + throttleHost: + description: ThrottleHosts is the list of hosts to be throttled + items: + description: HostPort is a host name with optional port number + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(:[0-9]{1,5})?$ + type: string + maxItems: 32 + minItems: 1 + type: array + x-kubernetes-list-type: set + type: object + status: + description: ExternalRateLimitStatus defines the observed state of ExternalRateLimit + properties: + conditions: + description: Conditions describe the current conditions of the ExternalRateLimit. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_httplogs.yaml b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_httplogs.yaml index cbc53ba5b..84b812862 100644 --- a/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_httplogs.yaml +++ b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_httplogs.yaml @@ -103,12 +103,14 @@ spec: is POST enum: - GET + - HEAD - POST - PUT - DELETE - - PATCH - - HEAD + - CONNECT - OPTIONS + - TRACE + - PATCH type: string target: description: Target is the URL of the HTTPLog service diff --git a/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_iprestrictions.yaml b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_iprestrictions.yaml new file mode 100644 index 000000000..c8a5c0aad --- /dev/null +++ b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_iprestrictions.yaml @@ -0,0 +1,134 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + app.kubernetes.io/name: flomesh.io + gateway.flomesh.io/extension: Filter + name: iprestrictions.extension.gateway.flomesh.io +spec: + group: extension.gateway.flomesh.io + names: + categories: + - gateway-api + kind: IPRestriction + listKind: IPRestrictionList + plural: iprestrictions + singular: iprestriction + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPRestriction is the Schema for the IPRestriction API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPRestrictionSpec defines the desired state of IPRestriction + properties: + allowed: + description: Allowed is the list of allowed IP addresses or CIDR ranges. + items: + type: string + type: array + x-kubernetes-list-type: set + forbidden: + description: Forbidden is the list of forbidden IP addresses or CIDR + ranges. + items: + type: string + type: array + x-kubernetes-list-type: set + type: object + status: + description: IPRestrictionStatus defines the observed state of IPRestriction + properties: + conditions: + description: Conditions describe the current conditions of the IPRestriction. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_ratelimits.yaml b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_ratelimits.yaml index 954f8e3f8..44c186969 100644 --- a/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_ratelimits.yaml +++ b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_ratelimits.yaml @@ -55,6 +55,11 @@ spec: format: int32 minimum: 0 type: integer + blocking: + default: false + description: Blocking is the flag to enable blocking mode, default + is false + type: boolean burst: default: 10 description: Burst is the maximum number of requests that can be made diff --git a/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_requestterminations.yaml b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_requestterminations.yaml new file mode 100644 index 000000000..3e530814b --- /dev/null +++ b/cmd/fsm-bootstrap/crds/extension.gateway.flomesh.io_requestterminations.yaml @@ -0,0 +1,144 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + app.kubernetes.io/name: flomesh.io + gateway.flomesh.io/extension: Filter + name: requestterminations.extension.gateway.flomesh.io +spec: + group: extension.gateway.flomesh.io + names: + categories: + - gateway-api + kind: RequestTermination + listKind: RequestTerminationList + plural: requestterminations + singular: requesttermination + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: RequestTermination is the Schema for the RequestTermination API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RequestTerminationSpec defines the desired state of RequestTermination + properties: + response: + description: RequestTerminationResponse is the response when circuit + breaker triggered + properties: + body: + default: Request termination triggered + description: Body is the content of response body, default is + "Request termination triggered" + type: string + headers: + additionalProperties: + type: string + description: Headers is the HTTP headers of response + type: object + status: + default: 500 + description: StatusCode is the HTTP status code of the response, + default is 500 + format: int32 + maximum: 600 + minimum: 0 + type: integer + type: object + type: object + status: + description: RequestTerminationStatus defines the observed state of RequestTermination + properties: + conditions: + description: Conditions describe the current conditions of the RequestTermination. + items: + description: Condition contains details for one aspect of the current + state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + maxItems: 8 + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/pkg/announcements/types.go b/pkg/announcements/types.go index 2dd678f37..16fd189c7 100644 --- a/pkg/announcements/types.go +++ b/pkg/announcements/types.go @@ -676,6 +676,50 @@ const ( // GatewayProxyTagUpdated is the type of announcement emitted when we observe an update to proxytags.extension.gateway.flomesh.io GatewayProxyTagUpdated Kind = "gatewayproxytag-updated" + + // --- + + // GatewayIPRestrictionAdded is the type of announcement emitted when we observe an addition of iprestrictions.extension.gateway.flomesh.io + GatewayIPRestrictionAdded Kind = "gatewayiprestriction-added" + + // GatewayIPRestrictionDeleted the type of announcement emitted when we observe a deletion of iprestrictions.extension.gateway.flomesh.io + GatewayIPRestrictionDeleted Kind = "gatewayiprestriction-deleted" + + // GatewayIPRestrictionUpdated is the type of announcement emitted when we observe an update to iprestrictions.extension.gateway.flomesh.io + GatewayIPRestrictionUpdated Kind = "gatewayiprestriction-updated" + + // --- + + // GatewayConcurrencyLimitAdded is the type of announcement emitted when we observe an addition of concurrencylimits.extension.gateway.flomesh.io + GatewayConcurrencyLimitAdded Kind = "gatewayconcurrencylimit-added" + + // GatewayConcurrencyLimitDeleted the type of announcement emitted when we observe a deletion of concurrencylimits.extension.gateway.flomesh.io + GatewayConcurrencyLimitDeleted Kind = "gatewayconcurrencylimit-deleted" + + // GatewayConcurrencyLimitUpdated is the type of announcement emitted when we observe an update to concurrencylimits.extension.gateway.flomesh.io + GatewayConcurrencyLimitUpdated Kind = "gatewayconcurrencylimit-updated" + + // --- + + // GatewayExternalRateLimitAdded is the type of announcement emitted when we observe an addition of externalratelimits.extension.gateway.flomesh.io + GatewayExternalRateLimitAdded Kind = "gatewayexternalratelimit-added" + + // GatewayExternalRateLimitDeleted the type of announcement emitted when we observe a deletion of externalratelimits.extension.gateway.flomesh.io + GatewayExternalRateLimitDeleted Kind = "gatewayexternalratelimit-deleted" + + // GatewayExternalRateLimitUpdated is the type of announcement emitted when we observe an update to externalratelimits.extension.gateway.flomesh.io + GatewayExternalRateLimitUpdated Kind = "gatewayexternalratelimit-updated" + + // --- + + // GatewayRequestTerminationAdded is the type of announcement emitted when we observe an addition of requestterminations.extension.gateway.flomesh.io + GatewayRequestTerminationAdded Kind = "gatewayrequesttermination-added" + + // GatewayRequestTerminationDeleted the type of announcement emitted when we observe a deletion of requestterminations.extension.gateway.flomesh.io + GatewayRequestTerminationDeleted Kind = "gatewayrequesttermination-deleted" + + // GatewayRequestTerminationUpdated is the type of announcement emitted when we observe an update to requestterminations.extension.gateway.flomesh.io + GatewayRequestTerminationUpdated Kind = "gatewayrequesttermination-updated" ) // Announcement is a struct for messages between various components of FSM signaling a need for a change in Sidecar proxy configuration diff --git a/pkg/apis/extension/v1alpha1/circuitbreaker.go b/pkg/apis/extension/v1alpha1/circuitbreaker.go index 60d542d34..dd880226d 100644 --- a/pkg/apis/extension/v1alpha1/circuitbreaker.go +++ b/pkg/apis/extension/v1alpha1/circuitbreaker.go @@ -2,6 +2,7 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gwv1 "sigs.k8s.io/gateway-api/apis/v1" ) // CircuitBreakerSpec defines the desired state of CircuitBreaker @@ -63,7 +64,7 @@ type CircuitBreakerResponse struct { // +optional // Headers is the HTTP headers of response - Headers map[string]string `json:"headers,omitempty"` + Headers map[gwv1.HeaderName]string `json:"headers,omitempty"` // +optional // +kubebuilder:default="Circuit breaker triggered" diff --git a/pkg/apis/extension/v1alpha1/concurrencylimit.go b/pkg/apis/extension/v1alpha1/concurrencylimit.go new file mode 100644 index 000000000..d6238fb83 --- /dev/null +++ b/pkg/apis/extension/v1alpha1/concurrencylimit.go @@ -0,0 +1,52 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// ConcurrencyLimitSpec defines the desired state of ConcurrencyLimit +type ConcurrencyLimitSpec struct { + // +kubebuilder:default=100 + // +kubebuilder:validation:Minimum=1 + // MaxConnections is the maximum number of concurrent connections, default is 100 + MaxConnections *int32 `json:"maxConnections,omitempty"` +} + +// ConcurrencyLimitStatus defines the observed state of ConcurrencyLimit +type ConcurrencyLimitStatus struct { + // Conditions describe the current conditions of the ConcurrencyLimit. + // + // +optional + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MaxItems=8 + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Namespaced,categories=gateway-api +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:metadata:labels={app.kubernetes.io/name=flomesh.io,gateway.flomesh.io/extension=Filter} + +// ConcurrencyLimit is the Schema for the ConcurrencyLimit API +type ConcurrencyLimit struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ConcurrencyLimitSpec `json:"spec,omitempty"` + Status ConcurrencyLimitStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ConcurrencyLimitList contains a list of ConcurrencyLimit +type ConcurrencyLimitList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ConcurrencyLimit `json:"items"` +} diff --git a/pkg/apis/extension/v1alpha1/externalratelimit.go b/pkg/apis/extension/v1alpha1/externalratelimit.go new file mode 100644 index 000000000..93386f7ae --- /dev/null +++ b/pkg/apis/extension/v1alpha1/externalratelimit.go @@ -0,0 +1,59 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gwv1 "sigs.k8s.io/gateway-api/apis/v1" +) + +// ExternalRateLimitSpec defines the desired state of ExternalRateLimit +type ExternalRateLimitSpec struct { + // +listType=set + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=32 + // ThrottleHosts is the list of hosts to be throttled + ThrottleHosts []HostPort `json:"throttleHost,omitempty"` + + // +optional + // +listType=set + // PassHeaders is the list of headers to be passed to the backend service + PassHeaders []gwv1.HeaderName `json:"passHeaders,omitempty"` +} + +// ExternalRateLimitStatus defines the observed state of ExternalRateLimit +type ExternalRateLimitStatus struct { + // Conditions describe the current conditions of the ExternalRateLimit. + // + // +optional + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MaxItems=8 + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Namespaced,categories=gateway-api +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:metadata:labels={app.kubernetes.io/name=flomesh.io,gateway.flomesh.io/extension=Filter} + +// ExternalRateLimit is the Schema for the ExternalRateLimit API +type ExternalRateLimit struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ExternalRateLimitSpec `json:"spec,omitempty"` + Status ExternalRateLimitStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// ExternalRateLimitList contains a list of ExternalRateLimit +type ExternalRateLimitList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ExternalRateLimit `json:"items"` +} diff --git a/pkg/apis/extension/v1alpha1/faultinjection.go b/pkg/apis/extension/v1alpha1/faultinjection.go index 01a3c72e3..58aec5419 100644 --- a/pkg/apis/extension/v1alpha1/faultinjection.go +++ b/pkg/apis/extension/v1alpha1/faultinjection.go @@ -2,6 +2,7 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gwv1 "sigs.k8s.io/gateway-api/apis/v1" ) // FaultInjectionSpec defines the desired state of FaultInjection @@ -61,7 +62,7 @@ type FaultInjectionResponse struct { // +optional // Headers is the HTTP headers of response - Headers map[string]string `json:"headers,omitempty"` + Headers map[gwv1.HeaderName]string `json:"headers,omitempty"` // +optional // +kubebuilder:default="Fault injection triggered" diff --git a/pkg/apis/extension/v1alpha1/httplog.go b/pkg/apis/extension/v1alpha1/httplog.go index ed023dc12..30dae6e93 100644 --- a/pkg/apis/extension/v1alpha1/httplog.go +++ b/pkg/apis/extension/v1alpha1/httplog.go @@ -2,6 +2,7 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gwv1 "sigs.k8s.io/gateway-api/apis/v1" ) // HTTPLogSpec defines the desired state of HTTPLog @@ -12,13 +13,12 @@ type HTTPLogSpec struct { // +optional // +kubebuilder:default="POST" - // +kubebuilder:validation:Enum=GET;POST;PUT;DELETE;PATCH;HEAD;OPTIONS // Method is the HTTP method of the HTTPLog service, default is POST - Method *string `json:"method,omitempty"` + Method *gwv1.HTTPMethod `json:"method,omitempty"` // +optional // Headers is the HTTP headers of the log request - Headers map[string]string `json:"headers,omitempty"` + Headers map[gwv1.HeaderName]string `json:"headers,omitempty"` // +optional // +kubebuilder:default=1048576 diff --git a/pkg/apis/extension/v1alpha1/iprestriction.go b/pkg/apis/extension/v1alpha1/iprestriction.go new file mode 100644 index 000000000..767ef51e9 --- /dev/null +++ b/pkg/apis/extension/v1alpha1/iprestriction.go @@ -0,0 +1,57 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// IPRestrictionSpec defines the desired state of IPRestriction +type IPRestrictionSpec struct { + // +optional + // +listType=set + // Allowed is the list of allowed IP addresses or CIDR ranges. + Allowed []string `json:"allowed,omitempty"` + + // +optional + // +listType=set + // Forbidden is the list of forbidden IP addresses or CIDR ranges. + Forbidden []string `json:"forbidden,omitempty"` +} + +// IPRestrictionStatus defines the observed state of IPRestriction +type IPRestrictionStatus struct { + // Conditions describe the current conditions of the IPRestriction. + // + // +optional + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MaxItems=8 + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Namespaced,categories=gateway-api +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:metadata:labels={app.kubernetes.io/name=flomesh.io,gateway.flomesh.io/extension=Filter} + +// IPRestriction is the Schema for the IPRestriction API +type IPRestriction struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec IPRestrictionSpec `json:"spec,omitempty"` + Status IPRestrictionStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// IPRestrictionList contains a list of IPRestriction +type IPRestrictionList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []IPRestriction `json:"items"` +} diff --git a/pkg/apis/extension/v1alpha1/ratelimit.go b/pkg/apis/extension/v1alpha1/ratelimit.go index c746ac22f..4b2a0002f 100644 --- a/pkg/apis/extension/v1alpha1/ratelimit.go +++ b/pkg/apis/extension/v1alpha1/ratelimit.go @@ -2,6 +2,7 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gwv1 "sigs.k8s.io/gateway-api/apis/v1" ) // RateLimitSpec defines the desired state of RateLimit @@ -36,6 +37,11 @@ type RateLimitSpec struct { // +kubebuilder:default={status: 429, body: "Rate limit reached"} // RateLimitResponse is the response when Rate limit reached RateLimitResponse *RateLimitResponse `json:"response,omitempty"` + + // +optional + // +kubebuilder:default=false + // Blocking is the flag to enable blocking mode, default is false + Blocking *bool `json:"blocking,omitempty"` } type RateLimitResponse struct { @@ -48,7 +54,7 @@ type RateLimitResponse struct { // +optional // Headers is the HTTP headers of response - Headers map[string]string `json:"headers,omitempty"` + Headers map[gwv1.HeaderName]string `json:"headers,omitempty"` // +optional // +kubebuilder:default="Rate limit reached" diff --git a/pkg/apis/extension/v1alpha1/requesttermination.go b/pkg/apis/extension/v1alpha1/requesttermination.go new file mode 100644 index 000000000..e6ef7718a --- /dev/null +++ b/pkg/apis/extension/v1alpha1/requesttermination.go @@ -0,0 +1,68 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gwv1 "sigs.k8s.io/gateway-api/apis/v1" +) + +// RequestTerminationSpec defines the desired state of RequestTermination +type RequestTerminationSpec struct { + // RequestTerminationResponse is the response when circuit breaker triggered + RequestTerminationResponse RequestTerminationResponse `json:"response,omitempty"` +} + +type RequestTerminationResponse struct { + // +kubebuilder:default=500 + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=600 + // StatusCode is the HTTP status code of the response, default is 500 + StatusCode int32 `json:"status,omitempty"` + + // +optional + // Headers is the HTTP headers of response + Headers map[gwv1.HeaderName]string `json:"headers,omitempty"` + + // +optional + // +kubebuilder:default="Request termination triggered" + // Body is the content of response body, default is "Request termination triggered" + Body *string `json:"body,omitempty"` +} + +// RequestTerminationStatus defines the observed state of RequestTermination +type RequestTerminationStatus struct { + // Conditions describe the current conditions of the RequestTermination. + // + // +optional + // +listType=map + // +listMapKey=type + // +kubebuilder:validation:MaxItems=8 + Conditions []metav1.Condition `json:"conditions,omitempty"` +} + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:storageversion +// +kubebuilder:object:root=true +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Namespaced,categories=gateway-api +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` +// +kubebuilder:metadata:labels={app.kubernetes.io/name=flomesh.io,gateway.flomesh.io/extension=Filter} + +// RequestTermination is the Schema for the RequestTermination API +type RequestTermination struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec RequestTerminationSpec `json:"spec,omitempty"` + Status RequestTerminationStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// RequestTerminationList contains a list of RequestTermination +type RequestTerminationList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []RequestTermination `json:"items"` +} diff --git a/pkg/apis/extension/v1alpha1/shared_types.go b/pkg/apis/extension/v1alpha1/shared_types.go index 15bcc6bed..4e59cfe95 100644 --- a/pkg/apis/extension/v1alpha1/shared_types.go +++ b/pkg/apis/extension/v1alpha1/shared_types.go @@ -100,3 +100,9 @@ const ( // FilterAspectRoute is the aspect of filter for route FilterAspectRoute FilterAspect = "Route" ) + +// HostPort is a host name with optional port number +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=253 +// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*(:[0-9]{1,5})?$` +type HostPort string diff --git a/pkg/apis/extension/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/extension/v1alpha1/zz_generated.deepcopy.go index 8a098bce7..08dde23dd 100644 --- a/pkg/apis/extension/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/extension/v1alpha1/zz_generated.deepcopy.go @@ -19,9 +19,9 @@ limitations under the License. package v1alpha1 import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" - apisv1 "sigs.k8s.io/gateway-api/apis/v1" + v1 "sigs.k8s.io/gateway-api/apis/v1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -95,7 +95,7 @@ func (in *CircuitBreakerResponse) DeepCopyInto(out *CircuitBreakerResponse) { } if in.Headers != nil { in, out := &in.Headers, &out.Headers - *out = make(map[string]string, len(*in)) + *out = make(map[v1.HeaderName]string, len(*in)) for key, val := range *in { (*out)[key] = val } @@ -123,7 +123,7 @@ func (in *CircuitBreakerSpec) DeepCopyInto(out *CircuitBreakerSpec) { *out = *in if in.LatencyThreshold != nil { in, out := &in.LatencyThreshold, &out.LatencyThreshold - *out = new(v1.Duration) + *out = new(metav1.Duration) **out = **in } if in.ErrorCountThreshold != nil { @@ -143,12 +143,12 @@ func (in *CircuitBreakerSpec) DeepCopyInto(out *CircuitBreakerSpec) { } if in.CheckInterval != nil { in, out := &in.CheckInterval, &out.CheckInterval - *out = new(v1.Duration) + *out = new(metav1.Duration) **out = **in } if in.BreakInterval != nil { in, out := &in.BreakInterval, &out.BreakInterval - *out = new(v1.Duration) + *out = new(metav1.Duration) **out = **in } if in.CircuitBreakerResponse != nil { @@ -174,7 +174,7 @@ func (in *CircuitBreakerStatus) DeepCopyInto(out *CircuitBreakerStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -192,6 +192,221 @@ func (in *CircuitBreakerStatus) DeepCopy() *CircuitBreakerStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConcurrencyLimit) DeepCopyInto(out *ConcurrencyLimit) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConcurrencyLimit. +func (in *ConcurrencyLimit) DeepCopy() *ConcurrencyLimit { + if in == nil { + return nil + } + out := new(ConcurrencyLimit) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConcurrencyLimit) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConcurrencyLimitList) DeepCopyInto(out *ConcurrencyLimitList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ConcurrencyLimit, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConcurrencyLimitList. +func (in *ConcurrencyLimitList) DeepCopy() *ConcurrencyLimitList { + if in == nil { + return nil + } + out := new(ConcurrencyLimitList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ConcurrencyLimitList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConcurrencyLimitSpec) DeepCopyInto(out *ConcurrencyLimitSpec) { + *out = *in + if in.MaxConnections != nil { + in, out := &in.MaxConnections, &out.MaxConnections + *out = new(int32) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConcurrencyLimitSpec. +func (in *ConcurrencyLimitSpec) DeepCopy() *ConcurrencyLimitSpec { + if in == nil { + return nil + } + out := new(ConcurrencyLimitSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConcurrencyLimitStatus) DeepCopyInto(out *ConcurrencyLimitStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConcurrencyLimitStatus. +func (in *ConcurrencyLimitStatus) DeepCopy() *ConcurrencyLimitStatus { + if in == nil { + return nil + } + out := new(ConcurrencyLimitStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalRateLimit) DeepCopyInto(out *ExternalRateLimit) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalRateLimit. +func (in *ExternalRateLimit) DeepCopy() *ExternalRateLimit { + if in == nil { + return nil + } + out := new(ExternalRateLimit) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ExternalRateLimit) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalRateLimitList) DeepCopyInto(out *ExternalRateLimitList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ExternalRateLimit, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalRateLimitList. +func (in *ExternalRateLimitList) DeepCopy() *ExternalRateLimitList { + if in == nil { + return nil + } + out := new(ExternalRateLimitList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ExternalRateLimitList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalRateLimitSpec) DeepCopyInto(out *ExternalRateLimitSpec) { + *out = *in + if in.ThrottleHosts != nil { + in, out := &in.ThrottleHosts, &out.ThrottleHosts + *out = make([]HostPort, len(*in)) + copy(*out, *in) + } + if in.PassHeaders != nil { + in, out := &in.PassHeaders, &out.PassHeaders + *out = make([]v1.HeaderName, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalRateLimitSpec. +func (in *ExternalRateLimitSpec) DeepCopy() *ExternalRateLimitSpec { + if in == nil { + return nil + } + out := new(ExternalRateLimitSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ExternalRateLimitStatus) DeepCopyInto(out *ExternalRateLimitStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExternalRateLimitStatus. +func (in *ExternalRateLimitStatus) DeepCopy() *ExternalRateLimitStatus { + if in == nil { + return nil + } + out := new(ExternalRateLimitStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FaultInjection) DeepCopyInto(out *FaultInjection) { *out = *in @@ -246,12 +461,12 @@ func (in *FaultInjectionDelay) DeepCopyInto(out *FaultInjectionDelay) { *out = *in if in.Min != nil { in, out := &in.Min, &out.Min - *out = new(v1.Duration) + *out = new(metav1.Duration) **out = **in } if in.Max != nil { in, out := &in.Max, &out.Max - *out = new(v1.Duration) + *out = new(metav1.Duration) **out = **in } return @@ -310,7 +525,7 @@ func (in *FaultInjectionResponse) DeepCopyInto(out *FaultInjectionResponse) { } if in.Headers != nil { in, out := &in.Headers, &out.Headers - *out = make(map[string]string, len(*in)) + *out = make(map[v1.HeaderName]string, len(*in)) for key, val := range *in { (*out)[key] = val } @@ -364,7 +579,7 @@ func (in *FaultInjectionStatus) DeepCopyInto(out *FaultInjectionStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -492,7 +707,7 @@ func (in *FilterConfigStatus) DeepCopyInto(out *FilterConfigStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -602,7 +817,7 @@ func (in *FilterDefinitionStatus) DeepCopyInto(out *FilterDefinitionStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -658,12 +873,12 @@ func (in *FilterSpec) DeepCopyInto(out *FilterSpec) { *out = *in if in.DefinitionRef != nil { in, out := &in.DefinitionRef, &out.DefinitionRef - *out = new(apisv1.LocalObjectReference) + *out = new(v1.LocalObjectReference) **out = **in } if in.ConfigRef != nil { in, out := &in.ConfigRef, &out.ConfigRef - *out = new(apisv1.LocalObjectReference) + *out = new(v1.LocalObjectReference) **out = **in } return @@ -684,7 +899,7 @@ func (in *FilterStatus) DeepCopyInto(out *FilterStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -740,7 +955,7 @@ func (in *HTTPLogBatch) DeepCopyInto(out *HTTPLogBatch) { } if in.Interval != nil { in, out := &in.Interval, &out.Interval - *out = new(v1.Duration) + *out = new(metav1.Duration) **out = **in } if in.Prefix != nil { @@ -809,12 +1024,12 @@ func (in *HTTPLogSpec) DeepCopyInto(out *HTTPLogSpec) { *out = *in if in.Method != nil { in, out := &in.Method, &out.Method - *out = new(string) + *out = new(v1.HTTPMethod) **out = **in } if in.Headers != nil { in, out := &in.Headers, &out.Headers - *out = make(map[string]string, len(*in)) + *out = make(map[v1.HeaderName]string, len(*in)) for key, val := range *in { (*out)[key] = val } @@ -847,7 +1062,7 @@ func (in *HTTPLogStatus) DeepCopyInto(out *HTTPLogStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -865,6 +1080,116 @@ func (in *HTTPLogStatus) DeepCopy() *HTTPLogStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPRestriction) DeepCopyInto(out *IPRestriction) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPRestriction. +func (in *IPRestriction) DeepCopy() *IPRestriction { + if in == nil { + return nil + } + out := new(IPRestriction) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IPRestriction) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPRestrictionList) DeepCopyInto(out *IPRestrictionList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]IPRestriction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPRestrictionList. +func (in *IPRestrictionList) DeepCopy() *IPRestrictionList { + if in == nil { + return nil + } + out := new(IPRestrictionList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *IPRestrictionList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPRestrictionSpec) DeepCopyInto(out *IPRestrictionSpec) { + *out = *in + if in.Allowed != nil { + in, out := &in.Allowed, &out.Allowed + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Forbidden != nil { + in, out := &in.Forbidden, &out.Forbidden + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPRestrictionSpec. +func (in *IPRestrictionSpec) DeepCopy() *IPRestrictionSpec { + if in == nil { + return nil + } + out := new(IPRestrictionSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPRestrictionStatus) DeepCopyInto(out *IPRestrictionStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPRestrictionStatus. +func (in *IPRestrictionStatus) DeepCopy() *IPRestrictionStatus { + if in == nil { + return nil + } + out := new(IPRestrictionStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ListenerFilter) DeepCopyInto(out *ListenerFilter) { *out = *in @@ -946,12 +1271,12 @@ func (in *ListenerFilterSpec) DeepCopyInto(out *ListenerFilterSpec) { } if in.DefinitionRef != nil { in, out := &in.DefinitionRef, &out.DefinitionRef - *out = new(apisv1.LocalObjectReference) + *out = new(v1.LocalObjectReference) **out = **in } if in.ConfigRef != nil { in, out := &in.ConfigRef, &out.ConfigRef - *out = new(apisv1.LocalObjectReference) + *out = new(v1.LocalObjectReference) **out = **in } return @@ -972,7 +1297,7 @@ func (in *ListenerFilterStatus) DeepCopyInto(out *ListenerFilterStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1072,7 +1397,7 @@ func (in *MetricsSpec) DeepCopyInto(out *MetricsSpec) { *out = *in if in.SampleInterval != nil { in, out := &in.SampleInterval, &out.SampleInterval - *out = new(v1.Duration) + *out = new(metav1.Duration) **out = **in } return @@ -1093,7 +1418,7 @@ func (in *MetricsStatus) DeepCopyInto(out *MetricsStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1177,12 +1502,12 @@ func (in *ProxyTagSpec) DeepCopyInto(out *ProxyTagSpec) { *out = *in if in.DestinationHostHeader != nil { in, out := &in.DestinationHostHeader, &out.DestinationHostHeader - *out = new(apisv1.HeaderName) + *out = new(v1.HeaderName) **out = **in } if in.SourceHostHeader != nil { in, out := &in.SourceHostHeader, &out.SourceHostHeader - *out = new(apisv1.HeaderName) + *out = new(v1.HeaderName) **out = **in } return @@ -1203,7 +1528,7 @@ func (in *ProxyTagStatus) DeepCopyInto(out *ProxyTagStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1292,7 +1617,7 @@ func (in *RateLimitResponse) DeepCopyInto(out *RateLimitResponse) { } if in.Headers != nil { in, out := &in.Headers, &out.Headers - *out = make(map[string]string, len(*in)) + *out = make(map[v1.HeaderName]string, len(*in)) for key, val := range *in { (*out)[key] = val } @@ -1330,7 +1655,7 @@ func (in *RateLimitSpec) DeepCopyInto(out *RateLimitSpec) { } if in.Interval != nil { in, out := &in.Interval, &out.Interval - *out = new(v1.Duration) + *out = new(metav1.Duration) **out = **in } if in.Backlog != nil { @@ -1343,6 +1668,11 @@ func (in *RateLimitSpec) DeepCopyInto(out *RateLimitSpec) { *out = new(RateLimitResponse) (*in).DeepCopyInto(*out) } + if in.Blocking != nil { + in, out := &in.Blocking, &out.Blocking + *out = new(bool) + **out = **in + } return } @@ -1361,7 +1691,7 @@ func (in *RateLimitStatus) DeepCopyInto(out *RateLimitStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } @@ -1379,6 +1709,135 @@ func (in *RateLimitStatus) DeepCopy() *RateLimitStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestTermination) DeepCopyInto(out *RequestTermination) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestTermination. +func (in *RequestTermination) DeepCopy() *RequestTermination { + if in == nil { + return nil + } + out := new(RequestTermination) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *RequestTermination) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestTerminationList) DeepCopyInto(out *RequestTerminationList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]RequestTermination, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestTerminationList. +func (in *RequestTerminationList) DeepCopy() *RequestTerminationList { + if in == nil { + return nil + } + out := new(RequestTerminationList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *RequestTerminationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestTerminationResponse) DeepCopyInto(out *RequestTerminationResponse) { + *out = *in + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make(map[v1.HeaderName]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Body != nil { + in, out := &in.Body, &out.Body + *out = new(string) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestTerminationResponse. +func (in *RequestTerminationResponse) DeepCopy() *RequestTerminationResponse { + if in == nil { + return nil + } + out := new(RequestTerminationResponse) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestTerminationSpec) DeepCopyInto(out *RequestTerminationSpec) { + *out = *in + in.RequestTerminationResponse.DeepCopyInto(&out.RequestTerminationResponse) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestTerminationSpec. +func (in *RequestTerminationSpec) DeepCopy() *RequestTerminationSpec { + if in == nil { + return nil + } + out := new(RequestTerminationSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestTerminationStatus) DeepCopyInto(out *RequestTerminationStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]metav1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestTerminationStatus. +func (in *RequestTerminationStatus) DeepCopy() *RequestTerminationStatus { + if in == nil { + return nil + } + out := new(RequestTerminationStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Zipkin) DeepCopyInto(out *Zipkin) { *out = *in @@ -1466,7 +1925,7 @@ func (in *ZipkinStatus) DeepCopyInto(out *ZipkinStatus) { *out = *in if in.Conditions != nil { in, out := &in.Conditions, &out.Conditions - *out = make([]v1.Condition, len(*in)) + *out = make([]metav1.Condition, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/pkg/apis/extension/v1alpha1/zz_generated.register.go b/pkg/apis/extension/v1alpha1/zz_generated.register.go index a14a723fd..0ae667714 100644 --- a/pkg/apis/extension/v1alpha1/zz_generated.register.go +++ b/pkg/apis/extension/v1alpha1/zz_generated.register.go @@ -60,6 +60,10 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &CircuitBreaker{}, &CircuitBreakerList{}, + &ConcurrencyLimit{}, + &ConcurrencyLimitList{}, + &ExternalRateLimit{}, + &ExternalRateLimitList{}, &FaultInjection{}, &FaultInjectionList{}, &Filter{}, @@ -70,6 +74,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &FilterList{}, &HTTPLog{}, &HTTPLogList{}, + &IPRestriction{}, + &IPRestrictionList{}, &ListenerFilter{}, &ListenerFilterList{}, &Metrics{}, @@ -78,6 +84,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ProxyTagList{}, &RateLimit{}, &RateLimitList{}, + &RequestTermination{}, + &RequestTerminationList{}, &Zipkin{}, &ZipkinList{}, ) diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 4ba5bcc54..714bed87e 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -508,6 +508,18 @@ const ( // GatewayProxyTagKind is the kind name of ProxyTag used in Flomesh API GatewayProxyTagKind = "ProxyTag" + + // GatewayIPRestrictionKind is the kind name of IPRestriction used in Flomesh API + GatewayIPRestrictionKind = "IPRestriction" + + // GatewayExternalRateLimitKind is the kind name of ExternalRateLimit used in Flomesh API + GatewayExternalRateLimitKind = "ExternalRateLimit" + + // GatewayRequestTerminationKind is the kind name of RequestTermination used in Flomesh API + GatewayRequestTerminationKind = "RequestTermination" + + // GatewayConcurrencyLimitKind is the kind name of ConcurrencyLimit used in Flomesh API + GatewayConcurrencyLimitKind = "ConcurrencyLimit" ) // Gateway API Annotations and Labels diff --git a/pkg/controllers/extension/v1alpha1/concurrencylimit_controller.go b/pkg/controllers/extension/v1alpha1/concurrencylimit_controller.go new file mode 100644 index 000000000..cd1931b83 --- /dev/null +++ b/pkg/controllers/extension/v1alpha1/concurrencylimit_controller.go @@ -0,0 +1,89 @@ +package v1alpha1 + +import ( + "context" + + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + extv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + fctx "github.com/flomesh-io/fsm/pkg/context" + "github.com/flomesh-io/fsm/pkg/controllers" +) + +type concurrencyLimitReconciler struct { + recorder record.EventRecorder + fctx *fctx.ControllerContext +} + +func (r *concurrencyLimitReconciler) NeedLeaderElection() bool { + return true +} + +// NewConcurrencyLimitReconciler returns a new ConcurrencyLimit Reconciler +func NewConcurrencyLimitReconciler(ctx *fctx.ControllerContext) controllers.Reconciler { + return &concurrencyLimitReconciler{ + recorder: ctx.Manager.GetEventRecorderFor("ConcurrencyLimit"), + fctx: ctx, + } +} + +// Reconcile reads that state of the cluster for a ConcurrencyLimit object and makes changes based on the state read +func (r *concurrencyLimitReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + concurrencyLimit := &extv1alpha1.ConcurrencyLimit{} + err := r.fctx.Get(ctx, req.NamespacedName, concurrencyLimit) + if errors.IsNotFound(err) { + r.fctx.GatewayEventHandler.OnDelete(&extv1alpha1.ConcurrencyLimit{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: req.Namespace, + Name: req.Name, + }}) + return reconcile.Result{}, nil + } + + if concurrencyLimit.DeletionTimestamp != nil { + r.fctx.GatewayEventHandler.OnDelete(concurrencyLimit) + return ctrl.Result{}, nil + } + + // As ConcurrencyLimit has no status, we don't need to update it + + r.fctx.GatewayEventHandler.OnAdd(concurrencyLimit, false) + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *concurrencyLimitReconciler) SetupWithManager(mgr ctrl.Manager) error { + if err := ctrl.NewControllerManagedBy(mgr). + For(&extv1alpha1.ConcurrencyLimit{}). + Complete(r); err != nil { + return err + } + + return addConcurrencyLimitIndexers(context.Background(), mgr) +} + +func addConcurrencyLimitIndexers(ctx context.Context, mgr manager.Manager) error { + //if err := mgr.GetFieldIndexer().IndexField(ctx, &extv1alpha1.ListenerConcurrencyLimit{}, constants.GatewayListenerConcurrencyLimitIndex, func(obj client.Object) []string { + // concurrencyLimit := obj.(*extv1alpha1.ListenerConcurrencyLimit) + // + // var gateways []string + // for _, targetRef := range concurrencyLimit.Spec.TargetRefs { + // if string(targetRef.Kind) == constants.GatewayAPIGatewayKind && + // string(targetRef.Group) == gwv1.GroupName { + // gateways = append(gateways, fmt.Sprintf("%s/%d", string(targetRef.Name), targetRef.Port)) + // } + // } + // + // return gateways + //}); err != nil { + // return err + //} + + return nil +} diff --git a/pkg/controllers/extension/v1alpha1/externalratelimit_controller.go b/pkg/controllers/extension/v1alpha1/externalratelimit_controller.go new file mode 100644 index 000000000..50b89bd9b --- /dev/null +++ b/pkg/controllers/extension/v1alpha1/externalratelimit_controller.go @@ -0,0 +1,89 @@ +package v1alpha1 + +import ( + "context" + + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + extv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + fctx "github.com/flomesh-io/fsm/pkg/context" + "github.com/flomesh-io/fsm/pkg/controllers" +) + +type externalRateLimitReconciler struct { + recorder record.EventRecorder + fctx *fctx.ControllerContext +} + +func (r *externalRateLimitReconciler) NeedLeaderElection() bool { + return true +} + +// NewExternalRateLimitReconciler returns a new ExternalRateLimit Reconciler +func NewExternalRateLimitReconciler(ctx *fctx.ControllerContext) controllers.Reconciler { + return &externalRateLimitReconciler{ + recorder: ctx.Manager.GetEventRecorderFor("ExternalRateLimit"), + fctx: ctx, + } +} + +// Reconcile reads that state of the cluster for a ExternalRateLimit object and makes changes based on the state read +func (r *externalRateLimitReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + externalRateLimit := &extv1alpha1.ExternalRateLimit{} + err := r.fctx.Get(ctx, req.NamespacedName, externalRateLimit) + if errors.IsNotFound(err) { + r.fctx.GatewayEventHandler.OnDelete(&extv1alpha1.ExternalRateLimit{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: req.Namespace, + Name: req.Name, + }}) + return reconcile.Result{}, nil + } + + if externalRateLimit.DeletionTimestamp != nil { + r.fctx.GatewayEventHandler.OnDelete(externalRateLimit) + return ctrl.Result{}, nil + } + + // As ExternalRateLimit has no status, we don't need to update it + + r.fctx.GatewayEventHandler.OnAdd(externalRateLimit, false) + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *externalRateLimitReconciler) SetupWithManager(mgr ctrl.Manager) error { + if err := ctrl.NewControllerManagedBy(mgr). + For(&extv1alpha1.ExternalRateLimit{}). + Complete(r); err != nil { + return err + } + + return addExternalRateLimitIndexers(context.Background(), mgr) +} + +func addExternalRateLimitIndexers(ctx context.Context, mgr manager.Manager) error { + //if err := mgr.GetFieldIndexer().IndexField(ctx, &extv1alpha1.ListenerExternalRateLimit{}, constants.GatewayListenerExternalRateLimitIndex, func(obj client.Object) []string { + // externalRateLimit := obj.(*extv1alpha1.ListenerExternalRateLimit) + // + // var gateways []string + // for _, targetRef := range externalRateLimit.Spec.TargetRefs { + // if string(targetRef.Kind) == constants.GatewayAPIGatewayKind && + // string(targetRef.Group) == gwv1.GroupName { + // gateways = append(gateways, fmt.Sprintf("%s/%d", string(targetRef.Name), targetRef.Port)) + // } + // } + // + // return gateways + //}); err != nil { + // return err + //} + + return nil +} diff --git a/pkg/controllers/extension/v1alpha1/iptrestriction_controller.go b/pkg/controllers/extension/v1alpha1/iptrestriction_controller.go new file mode 100644 index 000000000..6e8ec0967 --- /dev/null +++ b/pkg/controllers/extension/v1alpha1/iptrestriction_controller.go @@ -0,0 +1,104 @@ +package v1alpha1 + +import ( + "context" + + whtypes "github.com/flomesh-io/fsm/pkg/webhook/types" + + whblder "github.com/flomesh-io/fsm/pkg/webhook/builder" + + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + extv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + fctx "github.com/flomesh-io/fsm/pkg/context" + "github.com/flomesh-io/fsm/pkg/controllers" +) + +type ipRestrictionReconciler struct { + recorder record.EventRecorder + fctx *fctx.ControllerContext + webhook whtypes.Register +} + +func (r *ipRestrictionReconciler) NeedLeaderElection() bool { + return true +} + +// NewIPRestrictionReconciler returns a new IPRestriction Reconciler +func NewIPRestrictionReconciler(ctx *fctx.ControllerContext, webhook whtypes.Register) controllers.Reconciler { + return &ipRestrictionReconciler{ + recorder: ctx.Manager.GetEventRecorderFor("IPRestriction"), + fctx: ctx, + webhook: webhook, + } +} + +// Reconcile reads that state of the cluster for a IPRestriction object and makes changes based on the state read +func (r *ipRestrictionReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + ipRestriction := &extv1alpha1.IPRestriction{} + err := r.fctx.Get(ctx, req.NamespacedName, ipRestriction) + if errors.IsNotFound(err) { + r.fctx.GatewayEventHandler.OnDelete(&extv1alpha1.IPRestriction{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: req.Namespace, + Name: req.Name, + }}) + return reconcile.Result{}, nil + } + + if ipRestriction.DeletionTimestamp != nil { + r.fctx.GatewayEventHandler.OnDelete(ipRestriction) + return ctrl.Result{}, nil + } + + // As IPRestriction has no status, we don't need to update it + + r.fctx.GatewayEventHandler.OnAdd(ipRestriction, false) + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *ipRestrictionReconciler) SetupWithManager(mgr ctrl.Manager) error { + if err := whblder.WebhookManagedBy(mgr). + For(&extv1alpha1.IPRestriction{}). + WithDefaulter(r.webhook). + WithValidator(r.webhook). + RecoverPanic(). + Complete(); err != nil { + return err + } + + if err := ctrl.NewControllerManagedBy(mgr). + For(&extv1alpha1.IPRestriction{}). + Complete(r); err != nil { + return err + } + + return addIPRestrictionIndexers(context.Background(), mgr) +} + +func addIPRestrictionIndexers(ctx context.Context, mgr manager.Manager) error { + //if err := mgr.GetFieldIndexer().IndexField(ctx, &extv1alpha1.ListenerIPRestriction{}, constants.GatewayListenerIPRestrictionIndex, func(obj client.Object) []string { + // ipRestriction := obj.(*extv1alpha1.ListenerIPRestriction) + // + // var gateways []string + // for _, targetRef := range ipRestriction.Spec.TargetRefs { + // if string(targetRef.Kind) == constants.GatewayAPIGatewayKind && + // string(targetRef.Group) == gwv1.GroupName { + // gateways = append(gateways, fmt.Sprintf("%s/%d", string(targetRef.Name), targetRef.Port)) + // } + // } + // + // return gateways + //}); err != nil { + // return err + //} + + return nil +} diff --git a/pkg/controllers/extension/v1alpha1/requesttermination_controller.go b/pkg/controllers/extension/v1alpha1/requesttermination_controller.go new file mode 100644 index 000000000..ebf3c36ec --- /dev/null +++ b/pkg/controllers/extension/v1alpha1/requesttermination_controller.go @@ -0,0 +1,89 @@ +package v1alpha1 + +import ( + "context" + + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/tools/record" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/reconcile" + + extv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + fctx "github.com/flomesh-io/fsm/pkg/context" + "github.com/flomesh-io/fsm/pkg/controllers" +) + +type requestTerminationReconciler struct { + recorder record.EventRecorder + fctx *fctx.ControllerContext +} + +func (r *requestTerminationReconciler) NeedLeaderElection() bool { + return true +} + +// NewRequestTerminationReconciler returns a new RequestTermination Reconciler +func NewRequestTerminationReconciler(ctx *fctx.ControllerContext) controllers.Reconciler { + return &requestTerminationReconciler{ + recorder: ctx.Manager.GetEventRecorderFor("RequestTermination"), + fctx: ctx, + } +} + +// Reconcile reads that state of the cluster for a RequestTermination object and makes changes based on the state read +func (r *requestTerminationReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { + requestTermination := &extv1alpha1.RequestTermination{} + err := r.fctx.Get(ctx, req.NamespacedName, requestTermination) + if errors.IsNotFound(err) { + r.fctx.GatewayEventHandler.OnDelete(&extv1alpha1.RequestTermination{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: req.Namespace, + Name: req.Name, + }}) + return reconcile.Result{}, nil + } + + if requestTermination.DeletionTimestamp != nil { + r.fctx.GatewayEventHandler.OnDelete(requestTermination) + return ctrl.Result{}, nil + } + + // As RequestTermination has no status, we don't need to update it + + r.fctx.GatewayEventHandler.OnAdd(requestTermination, false) + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *requestTerminationReconciler) SetupWithManager(mgr ctrl.Manager) error { + if err := ctrl.NewControllerManagedBy(mgr). + For(&extv1alpha1.RequestTermination{}). + Complete(r); err != nil { + return err + } + + return addRequestTerminationIndexers(context.Background(), mgr) +} + +func addRequestTerminationIndexers(ctx context.Context, mgr manager.Manager) error { + //if err := mgr.GetFieldIndexer().IndexField(ctx, &extv1alpha1.ListenerRequestTermination{}, constants.GatewayListenerRequestTerminationIndex, func(obj client.Object) []string { + // requestTermination := obj.(*extv1alpha1.ListenerRequestTermination) + // + // var gateways []string + // for _, targetRef := range requestTermination.Spec.TargetRefs { + // if string(targetRef.Kind) == constants.GatewayAPIGatewayKind && + // string(targetRef.Group) == gwv1.GroupName { + // gateways = append(gateways, fmt.Sprintf("%s/%d", string(targetRef.Name), targetRef.Port)) + // } + // } + // + // return gateways + //}); err != nil { + // return err + //} + + return nil +} diff --git a/pkg/gateway/client.go b/pkg/gateway/client.go index 4cd665f01..208cda1f3 100644 --- a/pkg/gateway/client.go +++ b/pkg/gateway/client.go @@ -105,6 +105,10 @@ func newClient(ctx *cctx.ControllerContext) *client { fsminformers.InformerKeyGatewayMetrics: &extv1alpha1.Metrics{}, fsminformers.InformerKeyGatewayZipkin: &extv1alpha1.Zipkin{}, fsminformers.InformerKeyGatewayProxyTag: &extv1alpha1.ProxyTag{}, + fsminformers.InformerKeyGatewayExternalRateLimit: &extv1alpha1.ExternalRateLimit{}, + fsminformers.InformerKeyGatewayIPRestriction: &extv1alpha1.IPRestriction{}, + fsminformers.InformerKeyGatewayRequestTermination: &extv1alpha1.RequestTermination{}, + fsminformers.InformerKeyGatewayConcurrencyLimit: &extv1alpha1.ConcurrencyLimit{}, } if version.IsEndpointSliceEnabled(ctx.KubeClient) { diff --git a/pkg/gateway/informers.go b/pkg/gateway/informers.go index 3f9c5b4cc..98ed1af88 100644 --- a/pkg/gateway/informers.go +++ b/pkg/gateway/informers.go @@ -17,6 +17,7 @@ import ( fsminformers "github.com/flomesh-io/fsm/pkg/k8s/informers" ) +//gocyclo:ignore func getEventTypesByObjectType(obj interface{}) *k8s.EventTypes { switch obj.(type) { case *corev1.Service: @@ -75,11 +76,20 @@ func getEventTypesByObjectType(obj interface{}) *k8s.EventTypes { return getEventTypesByInformerKey(fsminformers.InformerKeyFilterConfig) case *extv1alpha1.ProxyTag: return getEventTypesByInformerKey(fsminformers.InformerKeyGatewayProxyTag) + case *extv1alpha1.ExternalRateLimit: + return getEventTypesByInformerKey(fsminformers.InformerKeyGatewayExternalRateLimit) + case *extv1alpha1.IPRestriction: + return getEventTypesByInformerKey(fsminformers.InformerKeyGatewayIPRestriction) + case *extv1alpha1.RequestTermination: + return getEventTypesByInformerKey(fsminformers.InformerKeyGatewayRequestTermination) + case *extv1alpha1.ConcurrencyLimit: + return getEventTypesByInformerKey(fsminformers.InformerKeyGatewayConcurrencyLimit) } return nil } +//gocyclo:ignore func getEventTypesByInformerKey(informerKey fsminformers.InformerKey) *k8s.EventTypes { switch informerKey { case fsminformers.InformerKeyService: @@ -251,6 +261,30 @@ func getEventTypesByInformerKey(informerKey fsminformers.InformerKey) *k8s.Event Update: announcements.GatewayProxyTagUpdated, Delete: announcements.GatewayProxyTagDeleted, } + case fsminformers.InformerKeyGatewayExternalRateLimit: + return &k8s.EventTypes{ + Add: announcements.GatewayExternalRateLimitAdded, + Update: announcements.GatewayExternalRateLimitUpdated, + Delete: announcements.GatewayExternalRateLimitDeleted, + } + case fsminformers.InformerKeyGatewayIPRestriction: + return &k8s.EventTypes{ + Add: announcements.GatewayIPRestrictionAdded, + Update: announcements.GatewayIPRestrictionUpdated, + Delete: announcements.GatewayIPRestrictionDeleted, + } + case fsminformers.InformerKeyGatewayRequestTermination: + return &k8s.EventTypes{ + Add: announcements.GatewayRequestTerminationAdded, + Update: announcements.GatewayRequestTerminationUpdated, + Delete: announcements.GatewayRequestTerminationDeleted, + } + case fsminformers.InformerKeyGatewayConcurrencyLimit: + return &k8s.EventTypes{ + Add: announcements.GatewayConcurrencyLimitAdded, + Update: announcements.GatewayConcurrencyLimitUpdated, + Delete: announcements.GatewayConcurrencyLimitDeleted, + } } return nil diff --git a/pkg/gateway/processor/triggers/extension/concurrencylimits_trigger.go b/pkg/gateway/processor/triggers/extension/concurrencylimits_trigger.go new file mode 100644 index 000000000..979f9940f --- /dev/null +++ b/pkg/gateway/processor/triggers/extension/concurrencylimits_trigger.go @@ -0,0 +1,34 @@ +package extension + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + + extv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + + "github.com/flomesh-io/fsm/pkg/gateway/processor" +) + +// ConcurrencyLimitTrigger is a processor for ConcurrencyLimit objects +type ConcurrencyLimitTrigger struct{} + +// Insert adds a ConcurrencyLimit object to the processor and returns true if the processor is changed +func (p *ConcurrencyLimitTrigger) Insert(obj interface{}, processor processor.Processor) bool { + config, ok := obj.(*extv1alpha1.ConcurrencyLimit) + if !ok { + log.Error().Msgf("unexpected object type %T", obj) + return false + } + + return processor.IsFilterConfigReferred(config.Kind, client.ObjectKeyFromObject(config)) +} + +// Delete removes a ConcurrencyLimit object from the processor and returns true if the processor is changed +func (p *ConcurrencyLimitTrigger) Delete(obj interface{}, processor processor.Processor) bool { + config, ok := obj.(*extv1alpha1.ConcurrencyLimit) + if !ok { + log.Error().Msgf("unexpected object type %T", obj) + return false + } + + return processor.IsFilterConfigReferred(config.Kind, client.ObjectKeyFromObject(config)) +} diff --git a/pkg/gateway/processor/triggers/extension/externalratelimits_trigger.go b/pkg/gateway/processor/triggers/extension/externalratelimits_trigger.go new file mode 100644 index 000000000..536b72d20 --- /dev/null +++ b/pkg/gateway/processor/triggers/extension/externalratelimits_trigger.go @@ -0,0 +1,34 @@ +package extension + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + + extv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + + "github.com/flomesh-io/fsm/pkg/gateway/processor" +) + +// ExternalRateLimitTrigger is a processor for ExternalRateLimit objects +type ExternalRateLimitTrigger struct{} + +// Insert adds a ExternalRateLimit object to the processor and returns true if the processor is changed +func (p *ExternalRateLimitTrigger) Insert(obj interface{}, processor processor.Processor) bool { + config, ok := obj.(*extv1alpha1.ExternalRateLimit) + if !ok { + log.Error().Msgf("unexpected object type %T", obj) + return false + } + + return processor.IsFilterConfigReferred(config.Kind, client.ObjectKeyFromObject(config)) +} + +// Delete removes a ExternalRateLimit object from the processor and returns true if the processor is changed +func (p *ExternalRateLimitTrigger) Delete(obj interface{}, processor processor.Processor) bool { + config, ok := obj.(*extv1alpha1.ExternalRateLimit) + if !ok { + log.Error().Msgf("unexpected object type %T", obj) + return false + } + + return processor.IsFilterConfigReferred(config.Kind, client.ObjectKeyFromObject(config)) +} diff --git a/pkg/gateway/processor/triggers/extension/iprestrictions_trigger.go b/pkg/gateway/processor/triggers/extension/iprestrictions_trigger.go new file mode 100644 index 000000000..a4a7dffbe --- /dev/null +++ b/pkg/gateway/processor/triggers/extension/iprestrictions_trigger.go @@ -0,0 +1,34 @@ +package extension + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + + extv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + + "github.com/flomesh-io/fsm/pkg/gateway/processor" +) + +// IPRestrictionTrigger is a processor for IPRestriction objects +type IPRestrictionTrigger struct{} + +// Insert adds a IPRestriction object to the processor and returns true if the processor is changed +func (p *IPRestrictionTrigger) Insert(obj interface{}, processor processor.Processor) bool { + config, ok := obj.(*extv1alpha1.IPRestriction) + if !ok { + log.Error().Msgf("unexpected object type %T", obj) + return false + } + + return processor.IsFilterConfigReferred(config.Kind, client.ObjectKeyFromObject(config)) +} + +// Delete removes a IPRestriction object from the processor and returns true if the processor is changed +func (p *IPRestrictionTrigger) Delete(obj interface{}, processor processor.Processor) bool { + config, ok := obj.(*extv1alpha1.IPRestriction) + if !ok { + log.Error().Msgf("unexpected object type %T", obj) + return false + } + + return processor.IsFilterConfigReferred(config.Kind, client.ObjectKeyFromObject(config)) +} diff --git a/pkg/gateway/processor/triggers/extension/requestterminations_trigger.go b/pkg/gateway/processor/triggers/extension/requestterminations_trigger.go new file mode 100644 index 000000000..cf70d66e7 --- /dev/null +++ b/pkg/gateway/processor/triggers/extension/requestterminations_trigger.go @@ -0,0 +1,34 @@ +package extension + +import ( + "sigs.k8s.io/controller-runtime/pkg/client" + + extv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + + "github.com/flomesh-io/fsm/pkg/gateway/processor" +) + +// RequestTerminationTrigger is a processor for RequestTermination objects +type RequestTerminationTrigger struct{} + +// Insert adds a RequestTermination object to the processor and returns true if the processor is changed +func (p *RequestTerminationTrigger) Insert(obj interface{}, processor processor.Processor) bool { + config, ok := obj.(*extv1alpha1.RequestTermination) + if !ok { + log.Error().Msgf("unexpected object type %T", obj) + return false + } + + return processor.IsFilterConfigReferred(config.Kind, client.ObjectKeyFromObject(config)) +} + +// Delete removes a RequestTermination object from the processor and returns true if the processor is changed +func (p *RequestTerminationTrigger) Delete(obj interface{}, processor processor.Processor) bool { + config, ok := obj.(*extv1alpha1.RequestTermination) + if !ok { + log.Error().Msgf("unexpected object type %T", obj) + return false + } + + return processor.IsFilterConfigReferred(config.Kind, client.ObjectKeyFromObject(config)) +} diff --git a/pkg/gateway/processor/v2/filters.go b/pkg/gateway/processor/v2/filters.go index ab108cb8a..85e7df8bc 100644 --- a/pkg/gateway/processor/v2/filters.go +++ b/pkg/gateway/processor/v2/filters.go @@ -42,6 +42,7 @@ func (c *ConfigGenerator) resolveFilterDefinition(filterType extv1alpha1.FilterT return definition } +//gocyclo:ignore func (c *ConfigGenerator) resolveFilterConfig(ref *gwv1.LocalObjectReference) map[string]interface{} { if ref == nil { return map[string]interface{}{} @@ -137,6 +138,38 @@ func (c *ConfigGenerator) resolveFilterConfig(ref *gwv1.LocalObjectReference) ma } return toMap("proxyTag", &obj.Spec) + case constants.GatewayIPRestrictionKind: + obj := &extv1alpha1.IPRestriction{} + if err := c.client.Get(ctx, key, obj); err != nil { + log.Error().Msgf("Failed to resolve IPRestriction: %s", err) + return map[string]interface{}{} + } + + return toMap("ipRestriction", &obj.Spec) + case constants.GatewayExternalRateLimitKind: + obj := &extv1alpha1.ExternalRateLimit{} + if err := c.client.Get(ctx, key, obj); err != nil { + log.Error().Msgf("Failed to resolve ExternalRateLimit: %s", err) + return map[string]interface{}{} + } + + return toMap("externalRateLimit", &obj.Spec) + case constants.GatewayRequestTerminationKind: + obj := &extv1alpha1.RequestTermination{} + if err := c.client.Get(ctx, key, obj); err != nil { + log.Error().Msgf("Failed to resolve RequestTermination: %s", err) + return map[string]interface{}{} + } + + return toMap("requestTermination", &obj.Spec) + case constants.GatewayConcurrencyLimitKind: + obj := &extv1alpha1.ConcurrencyLimit{} + if err := c.client.Get(ctx, key, obj); err != nil { + log.Error().Msgf("Failed to resolve ConcurrencyLimit: %s", err) + return map[string]interface{}{} + } + + return toMap("concurrencyLimit", &obj.Spec) case constants.GatewayAPIExtensionFilterConfigKind: obj := &extv1alpha1.FilterConfig{} if err := c.client.Get(ctx, key, obj); err != nil { diff --git a/pkg/gateway/processor/v2/processor.go b/pkg/gateway/processor/v2/processor.go index a65fcebb1..10067defd 100644 --- a/pkg/gateway/processor/v2/processor.go +++ b/pkg/gateway/processor/v2/processor.go @@ -50,6 +50,8 @@ type GatewayProcessor struct { } // NewGatewayProcessor creates a new gateway processor +// +//gocyclo:ignore func NewGatewayProcessor(ctx *cctx.ControllerContext) *GatewayProcessor { cfg := ctx.Configurator repoBaseURL := fmt.Sprintf("%s://%s:%d", "http", cfg.GetRepoServerIPAddr(), cfg.GetProxyServerPort()) @@ -88,6 +90,10 @@ func NewGatewayProcessor(ctx *cctx.ControllerContext) *GatewayProcessor { informers.ZipkinResourceType: &extensiontrigger.ZipkinTrigger{}, informers.FilterConfigsResourceType: &extensiontrigger.FilterConfigTrigger{}, informers.ProxyTagResourceType: &extensiontrigger.ProxyTagTrigger{}, + informers.IPRestrictionResourceType: &extensiontrigger.IPRestrictionTrigger{}, + informers.ExternalRateLimitResourceType: &extensiontrigger.ExternalRateLimitTrigger{}, + informers.RequestTerminationResourceType: &extensiontrigger.RequestTerminationTrigger{}, + informers.ConcurrencyLimitResourceType: &extensiontrigger.ConcurrencyLimitTrigger{}, }, mutex: new(sync.RWMutex), @@ -115,6 +121,7 @@ func (c *GatewayProcessor) Delete(obj interface{}) bool { return false } +//gocyclo:ignore func (c *GatewayProcessor) getTrigger(obj interface{}) processor.Trigger { switch obj.(type) { case *corev1.Endpoints: @@ -173,6 +180,14 @@ func (c *GatewayProcessor) getTrigger(obj interface{}) processor.Trigger { return c.triggers[informers.FilterConfigsResourceType] case *extv1alpha1.ProxyTag: return c.triggers[informers.ProxyTagResourceType] + case *extv1alpha1.IPRestriction: + return c.triggers[informers.IPRestrictionResourceType] + case *extv1alpha1.ExternalRateLimit: + return c.triggers[informers.ExternalRateLimitResourceType] + case *extv1alpha1.RequestTermination: + return c.triggers[informers.RequestTerminationResourceType] + case *extv1alpha1.ConcurrencyLimit: + return c.triggers[informers.ConcurrencyLimitResourceType] } return nil diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/concurrencylimit.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/concurrencylimit.go new file mode 100644 index 000000000..7a6f2d861 --- /dev/null +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/concurrencylimit.go @@ -0,0 +1,66 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + scheme "github.com/flomesh-io/fsm/pkg/gen/client/extension/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// ConcurrencyLimitsGetter has a method to return a ConcurrencyLimitInterface. +// A group's client should implement this interface. +type ConcurrencyLimitsGetter interface { + ConcurrencyLimits(namespace string) ConcurrencyLimitInterface +} + +// ConcurrencyLimitInterface has methods to work with ConcurrencyLimit resources. +type ConcurrencyLimitInterface interface { + Create(ctx context.Context, concurrencyLimit *v1alpha1.ConcurrencyLimit, opts v1.CreateOptions) (*v1alpha1.ConcurrencyLimit, error) + Update(ctx context.Context, concurrencyLimit *v1alpha1.ConcurrencyLimit, opts v1.UpdateOptions) (*v1alpha1.ConcurrencyLimit, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, concurrencyLimit *v1alpha1.ConcurrencyLimit, opts v1.UpdateOptions) (*v1alpha1.ConcurrencyLimit, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ConcurrencyLimit, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ConcurrencyLimitList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ConcurrencyLimit, err error) + ConcurrencyLimitExpansion +} + +// concurrencyLimits implements ConcurrencyLimitInterface +type concurrencyLimits struct { + *gentype.ClientWithList[*v1alpha1.ConcurrencyLimit, *v1alpha1.ConcurrencyLimitList] +} + +// newConcurrencyLimits returns a ConcurrencyLimits +func newConcurrencyLimits(c *ExtensionV1alpha1Client, namespace string) *concurrencyLimits { + return &concurrencyLimits{ + gentype.NewClientWithList[*v1alpha1.ConcurrencyLimit, *v1alpha1.ConcurrencyLimitList]( + "concurrencylimits", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.ConcurrencyLimit { return &v1alpha1.ConcurrencyLimit{} }, + func() *v1alpha1.ConcurrencyLimitList { return &v1alpha1.ConcurrencyLimitList{} }), + } +} diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/extension_client.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/extension_client.go index bcc7f52f7..23b2be64e 100644 --- a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/extension_client.go +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/extension_client.go @@ -26,15 +26,19 @@ import ( type ExtensionV1alpha1Interface interface { RESTClient() rest.Interface CircuitBreakersGetter + ConcurrencyLimitsGetter + ExternalRateLimitsGetter FaultInjectionsGetter FiltersGetter FilterConfigsGetter FilterDefinitionsGetter HTTPLogsGetter + IPRestrictionsGetter ListenerFiltersGetter MetricsesGetter ProxyTagsGetter RateLimitsGetter + RequestTerminationsGetter ZipkinsGetter } @@ -47,6 +51,14 @@ func (c *ExtensionV1alpha1Client) CircuitBreakers(namespace string) CircuitBreak return newCircuitBreakers(c, namespace) } +func (c *ExtensionV1alpha1Client) ConcurrencyLimits(namespace string) ConcurrencyLimitInterface { + return newConcurrencyLimits(c, namespace) +} + +func (c *ExtensionV1alpha1Client) ExternalRateLimits(namespace string) ExternalRateLimitInterface { + return newExternalRateLimits(c, namespace) +} + func (c *ExtensionV1alpha1Client) FaultInjections(namespace string) FaultInjectionInterface { return newFaultInjections(c, namespace) } @@ -67,6 +79,10 @@ func (c *ExtensionV1alpha1Client) HTTPLogs(namespace string) HTTPLogInterface { return newHTTPLogs(c, namespace) } +func (c *ExtensionV1alpha1Client) IPRestrictions(namespace string) IPRestrictionInterface { + return newIPRestrictions(c, namespace) +} + func (c *ExtensionV1alpha1Client) ListenerFilters(namespace string) ListenerFilterInterface { return newListenerFilters(c, namespace) } @@ -83,6 +99,10 @@ func (c *ExtensionV1alpha1Client) RateLimits(namespace string) RateLimitInterfac return newRateLimits(c, namespace) } +func (c *ExtensionV1alpha1Client) RequestTerminations(namespace string) RequestTerminationInterface { + return newRequestTerminations(c, namespace) +} + func (c *ExtensionV1alpha1Client) Zipkins(namespace string) ZipkinInterface { return newZipkins(c, namespace) } diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/externalratelimit.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/externalratelimit.go new file mode 100644 index 000000000..599165b11 --- /dev/null +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/externalratelimit.go @@ -0,0 +1,66 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + scheme "github.com/flomesh-io/fsm/pkg/gen/client/extension/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// ExternalRateLimitsGetter has a method to return a ExternalRateLimitInterface. +// A group's client should implement this interface. +type ExternalRateLimitsGetter interface { + ExternalRateLimits(namespace string) ExternalRateLimitInterface +} + +// ExternalRateLimitInterface has methods to work with ExternalRateLimit resources. +type ExternalRateLimitInterface interface { + Create(ctx context.Context, externalRateLimit *v1alpha1.ExternalRateLimit, opts v1.CreateOptions) (*v1alpha1.ExternalRateLimit, error) + Update(ctx context.Context, externalRateLimit *v1alpha1.ExternalRateLimit, opts v1.UpdateOptions) (*v1alpha1.ExternalRateLimit, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, externalRateLimit *v1alpha1.ExternalRateLimit, opts v1.UpdateOptions) (*v1alpha1.ExternalRateLimit, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.ExternalRateLimit, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.ExternalRateLimitList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ExternalRateLimit, err error) + ExternalRateLimitExpansion +} + +// externalRateLimits implements ExternalRateLimitInterface +type externalRateLimits struct { + *gentype.ClientWithList[*v1alpha1.ExternalRateLimit, *v1alpha1.ExternalRateLimitList] +} + +// newExternalRateLimits returns a ExternalRateLimits +func newExternalRateLimits(c *ExtensionV1alpha1Client, namespace string) *externalRateLimits { + return &externalRateLimits{ + gentype.NewClientWithList[*v1alpha1.ExternalRateLimit, *v1alpha1.ExternalRateLimitList]( + "externalratelimits", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.ExternalRateLimit { return &v1alpha1.ExternalRateLimit{} }, + func() *v1alpha1.ExternalRateLimitList { return &v1alpha1.ExternalRateLimitList{} }), + } +} diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_concurrencylimit.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_concurrencylimit.go new file mode 100644 index 000000000..27f3a051e --- /dev/null +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_concurrencylimit.go @@ -0,0 +1,144 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeConcurrencyLimits implements ConcurrencyLimitInterface +type FakeConcurrencyLimits struct { + Fake *FakeExtensionV1alpha1 + ns string +} + +var concurrencylimitsResource = v1alpha1.SchemeGroupVersion.WithResource("concurrencylimits") + +var concurrencylimitsKind = v1alpha1.SchemeGroupVersion.WithKind("ConcurrencyLimit") + +// Get takes name of the concurrencyLimit, and returns the corresponding concurrencyLimit object, and an error if there is any. +func (c *FakeConcurrencyLimits) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ConcurrencyLimit, err error) { + emptyResult := &v1alpha1.ConcurrencyLimit{} + obj, err := c.Fake. + Invokes(testing.NewGetActionWithOptions(concurrencylimitsResource, c.ns, name, options), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.ConcurrencyLimit), err +} + +// List takes label and field selectors, and returns the list of ConcurrencyLimits that match those selectors. +func (c *FakeConcurrencyLimits) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ConcurrencyLimitList, err error) { + emptyResult := &v1alpha1.ConcurrencyLimitList{} + obj, err := c.Fake. + Invokes(testing.NewListActionWithOptions(concurrencylimitsResource, concurrencylimitsKind, c.ns, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.ConcurrencyLimitList{ListMeta: obj.(*v1alpha1.ConcurrencyLimitList).ListMeta} + for _, item := range obj.(*v1alpha1.ConcurrencyLimitList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested concurrencyLimits. +func (c *FakeConcurrencyLimits) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchActionWithOptions(concurrencylimitsResource, c.ns, opts)) + +} + +// Create takes the representation of a concurrencyLimit and creates it. Returns the server's representation of the concurrencyLimit, and an error, if there is any. +func (c *FakeConcurrencyLimits) Create(ctx context.Context, concurrencyLimit *v1alpha1.ConcurrencyLimit, opts v1.CreateOptions) (result *v1alpha1.ConcurrencyLimit, err error) { + emptyResult := &v1alpha1.ConcurrencyLimit{} + obj, err := c.Fake. + Invokes(testing.NewCreateActionWithOptions(concurrencylimitsResource, c.ns, concurrencyLimit, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.ConcurrencyLimit), err +} + +// Update takes the representation of a concurrencyLimit and updates it. Returns the server's representation of the concurrencyLimit, and an error, if there is any. +func (c *FakeConcurrencyLimits) Update(ctx context.Context, concurrencyLimit *v1alpha1.ConcurrencyLimit, opts v1.UpdateOptions) (result *v1alpha1.ConcurrencyLimit, err error) { + emptyResult := &v1alpha1.ConcurrencyLimit{} + obj, err := c.Fake. + Invokes(testing.NewUpdateActionWithOptions(concurrencylimitsResource, c.ns, concurrencyLimit, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.ConcurrencyLimit), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeConcurrencyLimits) UpdateStatus(ctx context.Context, concurrencyLimit *v1alpha1.ConcurrencyLimit, opts v1.UpdateOptions) (result *v1alpha1.ConcurrencyLimit, err error) { + emptyResult := &v1alpha1.ConcurrencyLimit{} + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceActionWithOptions(concurrencylimitsResource, "status", c.ns, concurrencyLimit, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.ConcurrencyLimit), err +} + +// Delete takes name of the concurrencyLimit and deletes it. Returns an error if one occurs. +func (c *FakeConcurrencyLimits) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(concurrencylimitsResource, c.ns, name, opts), &v1alpha1.ConcurrencyLimit{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeConcurrencyLimits) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionActionWithOptions(concurrencylimitsResource, c.ns, opts, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.ConcurrencyLimitList{}) + return err +} + +// Patch applies the patch and returns the patched concurrencyLimit. +func (c *FakeConcurrencyLimits) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ConcurrencyLimit, err error) { + emptyResult := &v1alpha1.ConcurrencyLimit{} + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceActionWithOptions(concurrencylimitsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.ConcurrencyLimit), err +} diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_extension_client.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_extension_client.go index a5805fc43..7917def2d 100644 --- a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_extension_client.go +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_extension_client.go @@ -29,6 +29,14 @@ func (c *FakeExtensionV1alpha1) CircuitBreakers(namespace string) v1alpha1.Circu return &FakeCircuitBreakers{c, namespace} } +func (c *FakeExtensionV1alpha1) ConcurrencyLimits(namespace string) v1alpha1.ConcurrencyLimitInterface { + return &FakeConcurrencyLimits{c, namespace} +} + +func (c *FakeExtensionV1alpha1) ExternalRateLimits(namespace string) v1alpha1.ExternalRateLimitInterface { + return &FakeExternalRateLimits{c, namespace} +} + func (c *FakeExtensionV1alpha1) FaultInjections(namespace string) v1alpha1.FaultInjectionInterface { return &FakeFaultInjections{c, namespace} } @@ -49,6 +57,10 @@ func (c *FakeExtensionV1alpha1) HTTPLogs(namespace string) v1alpha1.HTTPLogInter return &FakeHTTPLogs{c, namespace} } +func (c *FakeExtensionV1alpha1) IPRestrictions(namespace string) v1alpha1.IPRestrictionInterface { + return &FakeIPRestrictions{c, namespace} +} + func (c *FakeExtensionV1alpha1) ListenerFilters(namespace string) v1alpha1.ListenerFilterInterface { return &FakeListenerFilters{c, namespace} } @@ -65,6 +77,10 @@ func (c *FakeExtensionV1alpha1) RateLimits(namespace string) v1alpha1.RateLimitI return &FakeRateLimits{c, namespace} } +func (c *FakeExtensionV1alpha1) RequestTerminations(namespace string) v1alpha1.RequestTerminationInterface { + return &FakeRequestTerminations{c, namespace} +} + func (c *FakeExtensionV1alpha1) Zipkins(namespace string) v1alpha1.ZipkinInterface { return &FakeZipkins{c, namespace} } diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_externalratelimit.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_externalratelimit.go new file mode 100644 index 000000000..114e42f39 --- /dev/null +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_externalratelimit.go @@ -0,0 +1,144 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeExternalRateLimits implements ExternalRateLimitInterface +type FakeExternalRateLimits struct { + Fake *FakeExtensionV1alpha1 + ns string +} + +var externalratelimitsResource = v1alpha1.SchemeGroupVersion.WithResource("externalratelimits") + +var externalratelimitsKind = v1alpha1.SchemeGroupVersion.WithKind("ExternalRateLimit") + +// Get takes name of the externalRateLimit, and returns the corresponding externalRateLimit object, and an error if there is any. +func (c *FakeExternalRateLimits) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.ExternalRateLimit, err error) { + emptyResult := &v1alpha1.ExternalRateLimit{} + obj, err := c.Fake. + Invokes(testing.NewGetActionWithOptions(externalratelimitsResource, c.ns, name, options), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.ExternalRateLimit), err +} + +// List takes label and field selectors, and returns the list of ExternalRateLimits that match those selectors. +func (c *FakeExternalRateLimits) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.ExternalRateLimitList, err error) { + emptyResult := &v1alpha1.ExternalRateLimitList{} + obj, err := c.Fake. + Invokes(testing.NewListActionWithOptions(externalratelimitsResource, externalratelimitsKind, c.ns, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.ExternalRateLimitList{ListMeta: obj.(*v1alpha1.ExternalRateLimitList).ListMeta} + for _, item := range obj.(*v1alpha1.ExternalRateLimitList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested externalRateLimits. +func (c *FakeExternalRateLimits) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchActionWithOptions(externalratelimitsResource, c.ns, opts)) + +} + +// Create takes the representation of a externalRateLimit and creates it. Returns the server's representation of the externalRateLimit, and an error, if there is any. +func (c *FakeExternalRateLimits) Create(ctx context.Context, externalRateLimit *v1alpha1.ExternalRateLimit, opts v1.CreateOptions) (result *v1alpha1.ExternalRateLimit, err error) { + emptyResult := &v1alpha1.ExternalRateLimit{} + obj, err := c.Fake. + Invokes(testing.NewCreateActionWithOptions(externalratelimitsResource, c.ns, externalRateLimit, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.ExternalRateLimit), err +} + +// Update takes the representation of a externalRateLimit and updates it. Returns the server's representation of the externalRateLimit, and an error, if there is any. +func (c *FakeExternalRateLimits) Update(ctx context.Context, externalRateLimit *v1alpha1.ExternalRateLimit, opts v1.UpdateOptions) (result *v1alpha1.ExternalRateLimit, err error) { + emptyResult := &v1alpha1.ExternalRateLimit{} + obj, err := c.Fake. + Invokes(testing.NewUpdateActionWithOptions(externalratelimitsResource, c.ns, externalRateLimit, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.ExternalRateLimit), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeExternalRateLimits) UpdateStatus(ctx context.Context, externalRateLimit *v1alpha1.ExternalRateLimit, opts v1.UpdateOptions) (result *v1alpha1.ExternalRateLimit, err error) { + emptyResult := &v1alpha1.ExternalRateLimit{} + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceActionWithOptions(externalratelimitsResource, "status", c.ns, externalRateLimit, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.ExternalRateLimit), err +} + +// Delete takes name of the externalRateLimit and deletes it. Returns an error if one occurs. +func (c *FakeExternalRateLimits) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(externalratelimitsResource, c.ns, name, opts), &v1alpha1.ExternalRateLimit{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeExternalRateLimits) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionActionWithOptions(externalratelimitsResource, c.ns, opts, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.ExternalRateLimitList{}) + return err +} + +// Patch applies the patch and returns the patched externalRateLimit. +func (c *FakeExternalRateLimits) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.ExternalRateLimit, err error) { + emptyResult := &v1alpha1.ExternalRateLimit{} + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceActionWithOptions(externalratelimitsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.ExternalRateLimit), err +} diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_iprestriction.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_iprestriction.go new file mode 100644 index 000000000..2aa4c37c3 --- /dev/null +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_iprestriction.go @@ -0,0 +1,144 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeIPRestrictions implements IPRestrictionInterface +type FakeIPRestrictions struct { + Fake *FakeExtensionV1alpha1 + ns string +} + +var iprestrictionsResource = v1alpha1.SchemeGroupVersion.WithResource("iprestrictions") + +var iprestrictionsKind = v1alpha1.SchemeGroupVersion.WithKind("IPRestriction") + +// Get takes name of the iPRestriction, and returns the corresponding iPRestriction object, and an error if there is any. +func (c *FakeIPRestrictions) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.IPRestriction, err error) { + emptyResult := &v1alpha1.IPRestriction{} + obj, err := c.Fake. + Invokes(testing.NewGetActionWithOptions(iprestrictionsResource, c.ns, name, options), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.IPRestriction), err +} + +// List takes label and field selectors, and returns the list of IPRestrictions that match those selectors. +func (c *FakeIPRestrictions) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.IPRestrictionList, err error) { + emptyResult := &v1alpha1.IPRestrictionList{} + obj, err := c.Fake. + Invokes(testing.NewListActionWithOptions(iprestrictionsResource, iprestrictionsKind, c.ns, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.IPRestrictionList{ListMeta: obj.(*v1alpha1.IPRestrictionList).ListMeta} + for _, item := range obj.(*v1alpha1.IPRestrictionList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested iPRestrictions. +func (c *FakeIPRestrictions) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchActionWithOptions(iprestrictionsResource, c.ns, opts)) + +} + +// Create takes the representation of a iPRestriction and creates it. Returns the server's representation of the iPRestriction, and an error, if there is any. +func (c *FakeIPRestrictions) Create(ctx context.Context, iPRestriction *v1alpha1.IPRestriction, opts v1.CreateOptions) (result *v1alpha1.IPRestriction, err error) { + emptyResult := &v1alpha1.IPRestriction{} + obj, err := c.Fake. + Invokes(testing.NewCreateActionWithOptions(iprestrictionsResource, c.ns, iPRestriction, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.IPRestriction), err +} + +// Update takes the representation of a iPRestriction and updates it. Returns the server's representation of the iPRestriction, and an error, if there is any. +func (c *FakeIPRestrictions) Update(ctx context.Context, iPRestriction *v1alpha1.IPRestriction, opts v1.UpdateOptions) (result *v1alpha1.IPRestriction, err error) { + emptyResult := &v1alpha1.IPRestriction{} + obj, err := c.Fake. + Invokes(testing.NewUpdateActionWithOptions(iprestrictionsResource, c.ns, iPRestriction, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.IPRestriction), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeIPRestrictions) UpdateStatus(ctx context.Context, iPRestriction *v1alpha1.IPRestriction, opts v1.UpdateOptions) (result *v1alpha1.IPRestriction, err error) { + emptyResult := &v1alpha1.IPRestriction{} + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceActionWithOptions(iprestrictionsResource, "status", c.ns, iPRestriction, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.IPRestriction), err +} + +// Delete takes name of the iPRestriction and deletes it. Returns an error if one occurs. +func (c *FakeIPRestrictions) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(iprestrictionsResource, c.ns, name, opts), &v1alpha1.IPRestriction{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeIPRestrictions) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionActionWithOptions(iprestrictionsResource, c.ns, opts, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.IPRestrictionList{}) + return err +} + +// Patch applies the patch and returns the patched iPRestriction. +func (c *FakeIPRestrictions) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.IPRestriction, err error) { + emptyResult := &v1alpha1.IPRestriction{} + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceActionWithOptions(iprestrictionsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.IPRestriction), err +} diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_requesttermination.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_requesttermination.go new file mode 100644 index 000000000..7466de436 --- /dev/null +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/fake/fake_requesttermination.go @@ -0,0 +1,144 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package fake + +import ( + "context" + + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + labels "k8s.io/apimachinery/pkg/labels" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + testing "k8s.io/client-go/testing" +) + +// FakeRequestTerminations implements RequestTerminationInterface +type FakeRequestTerminations struct { + Fake *FakeExtensionV1alpha1 + ns string +} + +var requestterminationsResource = v1alpha1.SchemeGroupVersion.WithResource("requestterminations") + +var requestterminationsKind = v1alpha1.SchemeGroupVersion.WithKind("RequestTermination") + +// Get takes name of the requestTermination, and returns the corresponding requestTermination object, and an error if there is any. +func (c *FakeRequestTerminations) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.RequestTermination, err error) { + emptyResult := &v1alpha1.RequestTermination{} + obj, err := c.Fake. + Invokes(testing.NewGetActionWithOptions(requestterminationsResource, c.ns, name, options), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.RequestTermination), err +} + +// List takes label and field selectors, and returns the list of RequestTerminations that match those selectors. +func (c *FakeRequestTerminations) List(ctx context.Context, opts v1.ListOptions) (result *v1alpha1.RequestTerminationList, err error) { + emptyResult := &v1alpha1.RequestTerminationList{} + obj, err := c.Fake. + Invokes(testing.NewListActionWithOptions(requestterminationsResource, requestterminationsKind, c.ns, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + + label, _, _ := testing.ExtractFromListOptions(opts) + if label == nil { + label = labels.Everything() + } + list := &v1alpha1.RequestTerminationList{ListMeta: obj.(*v1alpha1.RequestTerminationList).ListMeta} + for _, item := range obj.(*v1alpha1.RequestTerminationList).Items { + if label.Matches(labels.Set(item.Labels)) { + list.Items = append(list.Items, item) + } + } + return list, err +} + +// Watch returns a watch.Interface that watches the requested requestTerminations. +func (c *FakeRequestTerminations) Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) { + return c.Fake. + InvokesWatch(testing.NewWatchActionWithOptions(requestterminationsResource, c.ns, opts)) + +} + +// Create takes the representation of a requestTermination and creates it. Returns the server's representation of the requestTermination, and an error, if there is any. +func (c *FakeRequestTerminations) Create(ctx context.Context, requestTermination *v1alpha1.RequestTermination, opts v1.CreateOptions) (result *v1alpha1.RequestTermination, err error) { + emptyResult := &v1alpha1.RequestTermination{} + obj, err := c.Fake. + Invokes(testing.NewCreateActionWithOptions(requestterminationsResource, c.ns, requestTermination, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.RequestTermination), err +} + +// Update takes the representation of a requestTermination and updates it. Returns the server's representation of the requestTermination, and an error, if there is any. +func (c *FakeRequestTerminations) Update(ctx context.Context, requestTermination *v1alpha1.RequestTermination, opts v1.UpdateOptions) (result *v1alpha1.RequestTermination, err error) { + emptyResult := &v1alpha1.RequestTermination{} + obj, err := c.Fake. + Invokes(testing.NewUpdateActionWithOptions(requestterminationsResource, c.ns, requestTermination, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.RequestTermination), err +} + +// UpdateStatus was generated because the type contains a Status member. +// Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). +func (c *FakeRequestTerminations) UpdateStatus(ctx context.Context, requestTermination *v1alpha1.RequestTermination, opts v1.UpdateOptions) (result *v1alpha1.RequestTermination, err error) { + emptyResult := &v1alpha1.RequestTermination{} + obj, err := c.Fake. + Invokes(testing.NewUpdateSubresourceActionWithOptions(requestterminationsResource, "status", c.ns, requestTermination, opts), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.RequestTermination), err +} + +// Delete takes name of the requestTermination and deletes it. Returns an error if one occurs. +func (c *FakeRequestTerminations) Delete(ctx context.Context, name string, opts v1.DeleteOptions) error { + _, err := c.Fake. + Invokes(testing.NewDeleteActionWithOptions(requestterminationsResource, c.ns, name, opts), &v1alpha1.RequestTermination{}) + + return err +} + +// DeleteCollection deletes a collection of objects. +func (c *FakeRequestTerminations) DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error { + action := testing.NewDeleteCollectionActionWithOptions(requestterminationsResource, c.ns, opts, listOpts) + + _, err := c.Fake.Invokes(action, &v1alpha1.RequestTerminationList{}) + return err +} + +// Patch applies the patch and returns the patched requestTermination. +func (c *FakeRequestTerminations) Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.RequestTermination, err error) { + emptyResult := &v1alpha1.RequestTermination{} + obj, err := c.Fake. + Invokes(testing.NewPatchSubresourceActionWithOptions(requestterminationsResource, c.ns, name, pt, data, opts, subresources...), emptyResult) + + if obj == nil { + return emptyResult, err + } + return obj.(*v1alpha1.RequestTermination), err +} diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/generated_expansion.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/generated_expansion.go index 50677d79e..0d18a5a94 100644 --- a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/generated_expansion.go +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/generated_expansion.go @@ -17,6 +17,10 @@ package v1alpha1 type CircuitBreakerExpansion interface{} +type ConcurrencyLimitExpansion interface{} + +type ExternalRateLimitExpansion interface{} + type FaultInjectionExpansion interface{} type FilterExpansion interface{} @@ -27,6 +31,8 @@ type FilterDefinitionExpansion interface{} type HTTPLogExpansion interface{} +type IPRestrictionExpansion interface{} + type ListenerFilterExpansion interface{} type MetricsExpansion interface{} @@ -35,4 +41,6 @@ type ProxyTagExpansion interface{} type RateLimitExpansion interface{} +type RequestTerminationExpansion interface{} + type ZipkinExpansion interface{} diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/iprestriction.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/iprestriction.go new file mode 100644 index 000000000..6bfc79a7d --- /dev/null +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/iprestriction.go @@ -0,0 +1,66 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + scheme "github.com/flomesh-io/fsm/pkg/gen/client/extension/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// IPRestrictionsGetter has a method to return a IPRestrictionInterface. +// A group's client should implement this interface. +type IPRestrictionsGetter interface { + IPRestrictions(namespace string) IPRestrictionInterface +} + +// IPRestrictionInterface has methods to work with IPRestriction resources. +type IPRestrictionInterface interface { + Create(ctx context.Context, iPRestriction *v1alpha1.IPRestriction, opts v1.CreateOptions) (*v1alpha1.IPRestriction, error) + Update(ctx context.Context, iPRestriction *v1alpha1.IPRestriction, opts v1.UpdateOptions) (*v1alpha1.IPRestriction, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, iPRestriction *v1alpha1.IPRestriction, opts v1.UpdateOptions) (*v1alpha1.IPRestriction, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.IPRestriction, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.IPRestrictionList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.IPRestriction, err error) + IPRestrictionExpansion +} + +// iPRestrictions implements IPRestrictionInterface +type iPRestrictions struct { + *gentype.ClientWithList[*v1alpha1.IPRestriction, *v1alpha1.IPRestrictionList] +} + +// newIPRestrictions returns a IPRestrictions +func newIPRestrictions(c *ExtensionV1alpha1Client, namespace string) *iPRestrictions { + return &iPRestrictions{ + gentype.NewClientWithList[*v1alpha1.IPRestriction, *v1alpha1.IPRestrictionList]( + "iprestrictions", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.IPRestriction { return &v1alpha1.IPRestriction{} }, + func() *v1alpha1.IPRestrictionList { return &v1alpha1.IPRestrictionList{} }), + } +} diff --git a/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/requesttermination.go b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/requesttermination.go new file mode 100644 index 000000000..d5c391b19 --- /dev/null +++ b/pkg/gen/client/extension/clientset/versioned/typed/extension/v1alpha1/requesttermination.go @@ -0,0 +1,66 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + scheme "github.com/flomesh-io/fsm/pkg/gen/client/extension/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + gentype "k8s.io/client-go/gentype" +) + +// RequestTerminationsGetter has a method to return a RequestTerminationInterface. +// A group's client should implement this interface. +type RequestTerminationsGetter interface { + RequestTerminations(namespace string) RequestTerminationInterface +} + +// RequestTerminationInterface has methods to work with RequestTermination resources. +type RequestTerminationInterface interface { + Create(ctx context.Context, requestTermination *v1alpha1.RequestTermination, opts v1.CreateOptions) (*v1alpha1.RequestTermination, error) + Update(ctx context.Context, requestTermination *v1alpha1.RequestTermination, opts v1.UpdateOptions) (*v1alpha1.RequestTermination, error) + // Add a +genclient:noStatus comment above the type to avoid generating UpdateStatus(). + UpdateStatus(ctx context.Context, requestTermination *v1alpha1.RequestTermination, opts v1.UpdateOptions) (*v1alpha1.RequestTermination, error) + Delete(ctx context.Context, name string, opts v1.DeleteOptions) error + DeleteCollection(ctx context.Context, opts v1.DeleteOptions, listOpts v1.ListOptions) error + Get(ctx context.Context, name string, opts v1.GetOptions) (*v1alpha1.RequestTermination, error) + List(ctx context.Context, opts v1.ListOptions) (*v1alpha1.RequestTerminationList, error) + Watch(ctx context.Context, opts v1.ListOptions) (watch.Interface, error) + Patch(ctx context.Context, name string, pt types.PatchType, data []byte, opts v1.PatchOptions, subresources ...string) (result *v1alpha1.RequestTermination, err error) + RequestTerminationExpansion +} + +// requestTerminations implements RequestTerminationInterface +type requestTerminations struct { + *gentype.ClientWithList[*v1alpha1.RequestTermination, *v1alpha1.RequestTerminationList] +} + +// newRequestTerminations returns a RequestTerminations +func newRequestTerminations(c *ExtensionV1alpha1Client, namespace string) *requestTerminations { + return &requestTerminations{ + gentype.NewClientWithList[*v1alpha1.RequestTermination, *v1alpha1.RequestTerminationList]( + "requestterminations", + c.RESTClient(), + scheme.ParameterCodec, + namespace, + func() *v1alpha1.RequestTermination { return &v1alpha1.RequestTermination{} }, + func() *v1alpha1.RequestTerminationList { return &v1alpha1.RequestTerminationList{} }), + } +} diff --git a/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/concurrencylimit.go b/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/concurrencylimit.go new file mode 100644 index 000000000..d87b4d944 --- /dev/null +++ b/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/concurrencylimit.go @@ -0,0 +1,87 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + extensionv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + versioned "github.com/flomesh-io/fsm/pkg/gen/client/extension/clientset/versioned" + internalinterfaces "github.com/flomesh-io/fsm/pkg/gen/client/extension/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/flomesh-io/fsm/pkg/gen/client/extension/listers/extension/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ConcurrencyLimitInformer provides access to a shared informer and lister for +// ConcurrencyLimits. +type ConcurrencyLimitInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.ConcurrencyLimitLister +} + +type concurrencyLimitInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewConcurrencyLimitInformer constructs a new informer for ConcurrencyLimit type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewConcurrencyLimitInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredConcurrencyLimitInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredConcurrencyLimitInformer constructs a new informer for ConcurrencyLimit type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredConcurrencyLimitInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ExtensionV1alpha1().ConcurrencyLimits(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ExtensionV1alpha1().ConcurrencyLimits(namespace).Watch(context.TODO(), options) + }, + }, + &extensionv1alpha1.ConcurrencyLimit{}, + resyncPeriod, + indexers, + ) +} + +func (f *concurrencyLimitInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredConcurrencyLimitInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *concurrencyLimitInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&extensionv1alpha1.ConcurrencyLimit{}, f.defaultInformer) +} + +func (f *concurrencyLimitInformer) Lister() v1alpha1.ConcurrencyLimitLister { + return v1alpha1.NewConcurrencyLimitLister(f.Informer().GetIndexer()) +} diff --git a/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/externalratelimit.go b/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/externalratelimit.go new file mode 100644 index 000000000..47b8c8d5e --- /dev/null +++ b/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/externalratelimit.go @@ -0,0 +1,87 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + extensionv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + versioned "github.com/flomesh-io/fsm/pkg/gen/client/extension/clientset/versioned" + internalinterfaces "github.com/flomesh-io/fsm/pkg/gen/client/extension/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/flomesh-io/fsm/pkg/gen/client/extension/listers/extension/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// ExternalRateLimitInformer provides access to a shared informer and lister for +// ExternalRateLimits. +type ExternalRateLimitInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.ExternalRateLimitLister +} + +type externalRateLimitInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewExternalRateLimitInformer constructs a new informer for ExternalRateLimit type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewExternalRateLimitInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredExternalRateLimitInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredExternalRateLimitInformer constructs a new informer for ExternalRateLimit type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredExternalRateLimitInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ExtensionV1alpha1().ExternalRateLimits(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ExtensionV1alpha1().ExternalRateLimits(namespace).Watch(context.TODO(), options) + }, + }, + &extensionv1alpha1.ExternalRateLimit{}, + resyncPeriod, + indexers, + ) +} + +func (f *externalRateLimitInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredExternalRateLimitInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *externalRateLimitInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&extensionv1alpha1.ExternalRateLimit{}, f.defaultInformer) +} + +func (f *externalRateLimitInformer) Lister() v1alpha1.ExternalRateLimitLister { + return v1alpha1.NewExternalRateLimitLister(f.Informer().GetIndexer()) +} diff --git a/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/interface.go b/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/interface.go index 9882adf84..c3639f7e5 100644 --- a/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/interface.go +++ b/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/interface.go @@ -23,6 +23,10 @@ import ( type Interface interface { // CircuitBreakers returns a CircuitBreakerInformer. CircuitBreakers() CircuitBreakerInformer + // ConcurrencyLimits returns a ConcurrencyLimitInformer. + ConcurrencyLimits() ConcurrencyLimitInformer + // ExternalRateLimits returns a ExternalRateLimitInformer. + ExternalRateLimits() ExternalRateLimitInformer // FaultInjections returns a FaultInjectionInformer. FaultInjections() FaultInjectionInformer // Filters returns a FilterInformer. @@ -33,6 +37,8 @@ type Interface interface { FilterDefinitions() FilterDefinitionInformer // HTTPLogs returns a HTTPLogInformer. HTTPLogs() HTTPLogInformer + // IPRestrictions returns a IPRestrictionInformer. + IPRestrictions() IPRestrictionInformer // ListenerFilters returns a ListenerFilterInformer. ListenerFilters() ListenerFilterInformer // Metricses returns a MetricsInformer. @@ -41,6 +47,8 @@ type Interface interface { ProxyTags() ProxyTagInformer // RateLimits returns a RateLimitInformer. RateLimits() RateLimitInformer + // RequestTerminations returns a RequestTerminationInformer. + RequestTerminations() RequestTerminationInformer // Zipkins returns a ZipkinInformer. Zipkins() ZipkinInformer } @@ -61,6 +69,16 @@ func (v *version) CircuitBreakers() CircuitBreakerInformer { return &circuitBreakerInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// ConcurrencyLimits returns a ConcurrencyLimitInformer. +func (v *version) ConcurrencyLimits() ConcurrencyLimitInformer { + return &concurrencyLimitInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + +// ExternalRateLimits returns a ExternalRateLimitInformer. +func (v *version) ExternalRateLimits() ExternalRateLimitInformer { + return &externalRateLimitInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + // FaultInjections returns a FaultInjectionInformer. func (v *version) FaultInjections() FaultInjectionInformer { return &faultInjectionInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} @@ -86,6 +104,11 @@ func (v *version) HTTPLogs() HTTPLogInformer { return &hTTPLogInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// IPRestrictions returns a IPRestrictionInformer. +func (v *version) IPRestrictions() IPRestrictionInformer { + return &iPRestrictionInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + // ListenerFilters returns a ListenerFilterInformer. func (v *version) ListenerFilters() ListenerFilterInformer { return &listenerFilterInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} @@ -106,6 +129,11 @@ func (v *version) RateLimits() RateLimitInformer { return &rateLimitInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} } +// RequestTerminations returns a RequestTerminationInformer. +func (v *version) RequestTerminations() RequestTerminationInformer { + return &requestTerminationInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + // Zipkins returns a ZipkinInformer. func (v *version) Zipkins() ZipkinInformer { return &zipkinInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/iprestriction.go b/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/iprestriction.go new file mode 100644 index 000000000..6ec768f09 --- /dev/null +++ b/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/iprestriction.go @@ -0,0 +1,87 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + extensionv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + versioned "github.com/flomesh-io/fsm/pkg/gen/client/extension/clientset/versioned" + internalinterfaces "github.com/flomesh-io/fsm/pkg/gen/client/extension/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/flomesh-io/fsm/pkg/gen/client/extension/listers/extension/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// IPRestrictionInformer provides access to a shared informer and lister for +// IPRestrictions. +type IPRestrictionInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.IPRestrictionLister +} + +type iPRestrictionInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewIPRestrictionInformer constructs a new informer for IPRestriction type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewIPRestrictionInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredIPRestrictionInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredIPRestrictionInformer constructs a new informer for IPRestriction type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredIPRestrictionInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ExtensionV1alpha1().IPRestrictions(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ExtensionV1alpha1().IPRestrictions(namespace).Watch(context.TODO(), options) + }, + }, + &extensionv1alpha1.IPRestriction{}, + resyncPeriod, + indexers, + ) +} + +func (f *iPRestrictionInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredIPRestrictionInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *iPRestrictionInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&extensionv1alpha1.IPRestriction{}, f.defaultInformer) +} + +func (f *iPRestrictionInformer) Lister() v1alpha1.IPRestrictionLister { + return v1alpha1.NewIPRestrictionLister(f.Informer().GetIndexer()) +} diff --git a/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/requesttermination.go b/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/requesttermination.go new file mode 100644 index 000000000..0da7c85ba --- /dev/null +++ b/pkg/gen/client/extension/informers/externalversions/extension/v1alpha1/requesttermination.go @@ -0,0 +1,87 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + "context" + time "time" + + extensionv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + versioned "github.com/flomesh-io/fsm/pkg/gen/client/extension/clientset/versioned" + internalinterfaces "github.com/flomesh-io/fsm/pkg/gen/client/extension/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/flomesh-io/fsm/pkg/gen/client/extension/listers/extension/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// RequestTerminationInformer provides access to a shared informer and lister for +// RequestTerminations. +type RequestTerminationInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.RequestTerminationLister +} + +type requestTerminationInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewRequestTerminationInformer constructs a new informer for RequestTermination type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewRequestTerminationInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredRequestTerminationInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredRequestTerminationInformer constructs a new informer for RequestTermination type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredRequestTerminationInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ExtensionV1alpha1().RequestTerminations(namespace).List(context.TODO(), options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.ExtensionV1alpha1().RequestTerminations(namespace).Watch(context.TODO(), options) + }, + }, + &extensionv1alpha1.RequestTermination{}, + resyncPeriod, + indexers, + ) +} + +func (f *requestTerminationInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredRequestTerminationInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *requestTerminationInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&extensionv1alpha1.RequestTermination{}, f.defaultInformer) +} + +func (f *requestTerminationInformer) Lister() v1alpha1.RequestTerminationLister { + return v1alpha1.NewRequestTerminationLister(f.Informer().GetIndexer()) +} diff --git a/pkg/gen/client/extension/informers/externalversions/generic.go b/pkg/gen/client/extension/informers/externalversions/generic.go index b77720b7e..51c59cd08 100644 --- a/pkg/gen/client/extension/informers/externalversions/generic.go +++ b/pkg/gen/client/extension/informers/externalversions/generic.go @@ -52,6 +52,10 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource // Group=extension.gateway.flomesh.io, Version=v1alpha1 case v1alpha1.SchemeGroupVersion.WithResource("circuitbreakers"): return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().CircuitBreakers().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("concurrencylimits"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().ConcurrencyLimits().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("externalratelimits"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().ExternalRateLimits().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("faultinjections"): return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().FaultInjections().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("filters"): @@ -62,6 +66,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().FilterDefinitions().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("httplogs"): return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().HTTPLogs().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("iprestrictions"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().IPRestrictions().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("listenerfilters"): return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().ListenerFilters().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("metricses"): @@ -70,6 +76,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().ProxyTags().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("ratelimits"): return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().RateLimits().Informer()}, nil + case v1alpha1.SchemeGroupVersion.WithResource("requestterminations"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().RequestTerminations().Informer()}, nil case v1alpha1.SchemeGroupVersion.WithResource("zipkins"): return &genericInformer{resource: resource.GroupResource(), informer: f.Extension().V1alpha1().Zipkins().Informer()}, nil diff --git a/pkg/gen/client/extension/listers/extension/v1alpha1/concurrencylimit.go b/pkg/gen/client/extension/listers/extension/v1alpha1/concurrencylimit.go new file mode 100644 index 000000000..0bc8b692c --- /dev/null +++ b/pkg/gen/client/extension/listers/extension/v1alpha1/concurrencylimit.go @@ -0,0 +1,67 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" + "k8s.io/client-go/tools/cache" +) + +// ConcurrencyLimitLister helps list ConcurrencyLimits. +// All objects returned here must be treated as read-only. +type ConcurrencyLimitLister interface { + // List lists all ConcurrencyLimits in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.ConcurrencyLimit, err error) + // ConcurrencyLimits returns an object that can list and get ConcurrencyLimits. + ConcurrencyLimits(namespace string) ConcurrencyLimitNamespaceLister + ConcurrencyLimitListerExpansion +} + +// concurrencyLimitLister implements the ConcurrencyLimitLister interface. +type concurrencyLimitLister struct { + listers.ResourceIndexer[*v1alpha1.ConcurrencyLimit] +} + +// NewConcurrencyLimitLister returns a new ConcurrencyLimitLister. +func NewConcurrencyLimitLister(indexer cache.Indexer) ConcurrencyLimitLister { + return &concurrencyLimitLister{listers.New[*v1alpha1.ConcurrencyLimit](indexer, v1alpha1.Resource("concurrencylimit"))} +} + +// ConcurrencyLimits returns an object that can list and get ConcurrencyLimits. +func (s *concurrencyLimitLister) ConcurrencyLimits(namespace string) ConcurrencyLimitNamespaceLister { + return concurrencyLimitNamespaceLister{listers.NewNamespaced[*v1alpha1.ConcurrencyLimit](s.ResourceIndexer, namespace)} +} + +// ConcurrencyLimitNamespaceLister helps list and get ConcurrencyLimits. +// All objects returned here must be treated as read-only. +type ConcurrencyLimitNamespaceLister interface { + // List lists all ConcurrencyLimits in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.ConcurrencyLimit, err error) + // Get retrieves the ConcurrencyLimit from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.ConcurrencyLimit, error) + ConcurrencyLimitNamespaceListerExpansion +} + +// concurrencyLimitNamespaceLister implements the ConcurrencyLimitNamespaceLister +// interface. +type concurrencyLimitNamespaceLister struct { + listers.ResourceIndexer[*v1alpha1.ConcurrencyLimit] +} diff --git a/pkg/gen/client/extension/listers/extension/v1alpha1/expansion_generated.go b/pkg/gen/client/extension/listers/extension/v1alpha1/expansion_generated.go index 48a273b1d..9225c51be 100644 --- a/pkg/gen/client/extension/listers/extension/v1alpha1/expansion_generated.go +++ b/pkg/gen/client/extension/listers/extension/v1alpha1/expansion_generated.go @@ -23,6 +23,22 @@ type CircuitBreakerListerExpansion interface{} // CircuitBreakerNamespaceLister. type CircuitBreakerNamespaceListerExpansion interface{} +// ConcurrencyLimitListerExpansion allows custom methods to be added to +// ConcurrencyLimitLister. +type ConcurrencyLimitListerExpansion interface{} + +// ConcurrencyLimitNamespaceListerExpansion allows custom methods to be added to +// ConcurrencyLimitNamespaceLister. +type ConcurrencyLimitNamespaceListerExpansion interface{} + +// ExternalRateLimitListerExpansion allows custom methods to be added to +// ExternalRateLimitLister. +type ExternalRateLimitListerExpansion interface{} + +// ExternalRateLimitNamespaceListerExpansion allows custom methods to be added to +// ExternalRateLimitNamespaceLister. +type ExternalRateLimitNamespaceListerExpansion interface{} + // FaultInjectionListerExpansion allows custom methods to be added to // FaultInjectionLister. type FaultInjectionListerExpansion interface{} @@ -59,6 +75,14 @@ type HTTPLogListerExpansion interface{} // HTTPLogNamespaceLister. type HTTPLogNamespaceListerExpansion interface{} +// IPRestrictionListerExpansion allows custom methods to be added to +// IPRestrictionLister. +type IPRestrictionListerExpansion interface{} + +// IPRestrictionNamespaceListerExpansion allows custom methods to be added to +// IPRestrictionNamespaceLister. +type IPRestrictionNamespaceListerExpansion interface{} + // ListenerFilterListerExpansion allows custom methods to be added to // ListenerFilterLister. type ListenerFilterListerExpansion interface{} @@ -91,6 +115,14 @@ type RateLimitListerExpansion interface{} // RateLimitNamespaceLister. type RateLimitNamespaceListerExpansion interface{} +// RequestTerminationListerExpansion allows custom methods to be added to +// RequestTerminationLister. +type RequestTerminationListerExpansion interface{} + +// RequestTerminationNamespaceListerExpansion allows custom methods to be added to +// RequestTerminationNamespaceLister. +type RequestTerminationNamespaceListerExpansion interface{} + // ZipkinListerExpansion allows custom methods to be added to // ZipkinLister. type ZipkinListerExpansion interface{} diff --git a/pkg/gen/client/extension/listers/extension/v1alpha1/externalratelimit.go b/pkg/gen/client/extension/listers/extension/v1alpha1/externalratelimit.go new file mode 100644 index 000000000..2b468dc64 --- /dev/null +++ b/pkg/gen/client/extension/listers/extension/v1alpha1/externalratelimit.go @@ -0,0 +1,67 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" + "k8s.io/client-go/tools/cache" +) + +// ExternalRateLimitLister helps list ExternalRateLimits. +// All objects returned here must be treated as read-only. +type ExternalRateLimitLister interface { + // List lists all ExternalRateLimits in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.ExternalRateLimit, err error) + // ExternalRateLimits returns an object that can list and get ExternalRateLimits. + ExternalRateLimits(namespace string) ExternalRateLimitNamespaceLister + ExternalRateLimitListerExpansion +} + +// externalRateLimitLister implements the ExternalRateLimitLister interface. +type externalRateLimitLister struct { + listers.ResourceIndexer[*v1alpha1.ExternalRateLimit] +} + +// NewExternalRateLimitLister returns a new ExternalRateLimitLister. +func NewExternalRateLimitLister(indexer cache.Indexer) ExternalRateLimitLister { + return &externalRateLimitLister{listers.New[*v1alpha1.ExternalRateLimit](indexer, v1alpha1.Resource("externalratelimit"))} +} + +// ExternalRateLimits returns an object that can list and get ExternalRateLimits. +func (s *externalRateLimitLister) ExternalRateLimits(namespace string) ExternalRateLimitNamespaceLister { + return externalRateLimitNamespaceLister{listers.NewNamespaced[*v1alpha1.ExternalRateLimit](s.ResourceIndexer, namespace)} +} + +// ExternalRateLimitNamespaceLister helps list and get ExternalRateLimits. +// All objects returned here must be treated as read-only. +type ExternalRateLimitNamespaceLister interface { + // List lists all ExternalRateLimits in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.ExternalRateLimit, err error) + // Get retrieves the ExternalRateLimit from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.ExternalRateLimit, error) + ExternalRateLimitNamespaceListerExpansion +} + +// externalRateLimitNamespaceLister implements the ExternalRateLimitNamespaceLister +// interface. +type externalRateLimitNamespaceLister struct { + listers.ResourceIndexer[*v1alpha1.ExternalRateLimit] +} diff --git a/pkg/gen/client/extension/listers/extension/v1alpha1/iprestriction.go b/pkg/gen/client/extension/listers/extension/v1alpha1/iprestriction.go new file mode 100644 index 000000000..f61a27733 --- /dev/null +++ b/pkg/gen/client/extension/listers/extension/v1alpha1/iprestriction.go @@ -0,0 +1,67 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" + "k8s.io/client-go/tools/cache" +) + +// IPRestrictionLister helps list IPRestrictions. +// All objects returned here must be treated as read-only. +type IPRestrictionLister interface { + // List lists all IPRestrictions in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.IPRestriction, err error) + // IPRestrictions returns an object that can list and get IPRestrictions. + IPRestrictions(namespace string) IPRestrictionNamespaceLister + IPRestrictionListerExpansion +} + +// iPRestrictionLister implements the IPRestrictionLister interface. +type iPRestrictionLister struct { + listers.ResourceIndexer[*v1alpha1.IPRestriction] +} + +// NewIPRestrictionLister returns a new IPRestrictionLister. +func NewIPRestrictionLister(indexer cache.Indexer) IPRestrictionLister { + return &iPRestrictionLister{listers.New[*v1alpha1.IPRestriction](indexer, v1alpha1.Resource("iprestriction"))} +} + +// IPRestrictions returns an object that can list and get IPRestrictions. +func (s *iPRestrictionLister) IPRestrictions(namespace string) IPRestrictionNamespaceLister { + return iPRestrictionNamespaceLister{listers.NewNamespaced[*v1alpha1.IPRestriction](s.ResourceIndexer, namespace)} +} + +// IPRestrictionNamespaceLister helps list and get IPRestrictions. +// All objects returned here must be treated as read-only. +type IPRestrictionNamespaceLister interface { + // List lists all IPRestrictions in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.IPRestriction, err error) + // Get retrieves the IPRestriction from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.IPRestriction, error) + IPRestrictionNamespaceListerExpansion +} + +// iPRestrictionNamespaceLister implements the IPRestrictionNamespaceLister +// interface. +type iPRestrictionNamespaceLister struct { + listers.ResourceIndexer[*v1alpha1.IPRestriction] +} diff --git a/pkg/gen/client/extension/listers/extension/v1alpha1/requesttermination.go b/pkg/gen/client/extension/listers/extension/v1alpha1/requesttermination.go new file mode 100644 index 000000000..825c9596c --- /dev/null +++ b/pkg/gen/client/extension/listers/extension/v1alpha1/requesttermination.go @@ -0,0 +1,67 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/listers" + "k8s.io/client-go/tools/cache" +) + +// RequestTerminationLister helps list RequestTerminations. +// All objects returned here must be treated as read-only. +type RequestTerminationLister interface { + // List lists all RequestTerminations in the indexer. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.RequestTermination, err error) + // RequestTerminations returns an object that can list and get RequestTerminations. + RequestTerminations(namespace string) RequestTerminationNamespaceLister + RequestTerminationListerExpansion +} + +// requestTerminationLister implements the RequestTerminationLister interface. +type requestTerminationLister struct { + listers.ResourceIndexer[*v1alpha1.RequestTermination] +} + +// NewRequestTerminationLister returns a new RequestTerminationLister. +func NewRequestTerminationLister(indexer cache.Indexer) RequestTerminationLister { + return &requestTerminationLister{listers.New[*v1alpha1.RequestTermination](indexer, v1alpha1.Resource("requesttermination"))} +} + +// RequestTerminations returns an object that can list and get RequestTerminations. +func (s *requestTerminationLister) RequestTerminations(namespace string) RequestTerminationNamespaceLister { + return requestTerminationNamespaceLister{listers.NewNamespaced[*v1alpha1.RequestTermination](s.ResourceIndexer, namespace)} +} + +// RequestTerminationNamespaceLister helps list and get RequestTerminations. +// All objects returned here must be treated as read-only. +type RequestTerminationNamespaceLister interface { + // List lists all RequestTerminations in the indexer for a given namespace. + // Objects returned here must be treated as read-only. + List(selector labels.Selector) (ret []*v1alpha1.RequestTermination, err error) + // Get retrieves the RequestTermination from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. + Get(name string) (*v1alpha1.RequestTermination, error) + RequestTerminationNamespaceListerExpansion +} + +// requestTerminationNamespaceLister implements the RequestTerminationNamespaceLister +// interface. +type requestTerminationNamespaceLister struct { + listers.ResourceIndexer[*v1alpha1.RequestTermination] +} diff --git a/pkg/k8s/informers/types.go b/pkg/k8s/informers/types.go index e8e1034c2..970a76800 100644 --- a/pkg/k8s/informers/types.go +++ b/pkg/k8s/informers/types.go @@ -151,6 +151,14 @@ const ( InformerKeyGatewayZipkin InformerKey = "Gateway-Zipkin" // InformerKeyGatewayProxyTag is the InformerKey for a ProxyTag informer InformerKeyGatewayProxyTag InformerKey = "Gateway-ProxyTag" + // InformerKeyGatewayIPRestriction is the InformerKey for a IPRestriction informer + InformerKeyGatewayIPRestriction InformerKey = "Gateway-IPRestriction" + // InformerKeyGatewayConcurrencyLimit is the InformerKey for a ConcurrencyLimit informer + InformerKeyGatewayConcurrencyLimit InformerKey = "Gateway-ConcurrencyLimit" + // InformerKeyGatewayRequestTermination is the InformerKey for a RequestTermination informer + InformerKeyGatewayRequestTermination InformerKey = "Gateway-RequestTermination" + // InformerKeyGatewayExternalRateLimit is the InformerKey for a ExternalRateLimit informer + InformerKeyGatewayExternalRateLimit InformerKey = "Gateway-ExternalRateLimit" // InformerKeyXNetworkAccessControl is the InformerKey for a XNetwork AccessControl informer InformerKeyXNetworkAccessControl InformerKey = "XNetwork-AccessControl" @@ -267,4 +275,16 @@ const ( // ProxyTagResourceType is the type used to represent the proxy tag resource ProxyTagResourceType ResourceType = "proxytags" + + // IPRestrictionResourceType is the type used to represent the ip restriction resource + IPRestrictionResourceType ResourceType = "iprestrictions" + + // ConcurrencyLimitResourceType is the type used to represent the concurrency limit resource + ConcurrencyLimitResourceType ResourceType = "concurrencylimits" + + // RequestTerminationResourceType is the type used to represent the request termination resource + RequestTerminationResourceType ResourceType = "requestterminations" + + // ExternalRateLimitResourceType is the type used to represent the external rate limit resource + ExternalRateLimitResourceType ResourceType = "externalratelimits" ) diff --git a/pkg/manager/reconciler/registers.go b/pkg/manager/reconciler/registers.go index ba8288f20..ed871c37e 100644 --- a/pkg/manager/reconciler/registers.go +++ b/pkg/manager/reconciler/registers.go @@ -319,6 +319,15 @@ func getRegisters(regCfg *whtypes.RegisterConfig, mc configurator.Configurator) reconcilers[GatewayAPIExtensionProxyTag] = extensionv1alpha1.NewProxyTagReconciler(ctx) + webhooks[GatewayAPIIPRestriction] = extwhv1alpha1.NewIPRestrictionWebhook(regCfg) + reconcilers[GatewayAPIIPRestriction] = extensionv1alpha1.NewIPRestrictionReconciler(ctx, webhooks[GatewayAPIIPRestriction]) + + reconcilers[GatewayAPIExternalRateLimit] = extensionv1alpha1.NewExternalRateLimitReconciler(ctx) + + reconcilers[GatewayAPIRequestTermination] = extensionv1alpha1.NewRequestTerminationReconciler(ctx) + + reconcilers[GatewayAPIConcurrencyLimit] = extensionv1alpha1.NewConcurrencyLimitReconciler(ctx) + webhooks[GatewayAPIExtensionFaultInjection] = extwhv1alpha1.NewFaultInjectionWebhook(regCfg) reconcilers[GatewayAPIExtensionFaultInjection] = extensionv1alpha1.NewFaultInjectionReconciler(ctx, webhooks[GatewayAPIExtensionFaultInjection]) } diff --git a/pkg/manager/reconciler/types.go b/pkg/manager/reconciler/types.go index 82f021802..768367e8b 100644 --- a/pkg/manager/reconciler/types.go +++ b/pkg/manager/reconciler/types.go @@ -33,6 +33,10 @@ const ( GatewayAPIExtensionMetrics ResourceType = "GatewayAPIExtension(Metrics)" GatewayAPIExtensionZipkin ResourceType = "GatewayAPIExtension(Zipkin)" GatewayAPIExtensionProxyTag ResourceType = "GatewayAPIExtension(ProxyTag)" + GatewayAPIIPRestriction ResourceType = "GatewayAPI(IPRestriction)" + GatewayAPIExternalRateLimit ResourceType = "GatewayAPI(ExternalRateLimit)" + GatewayAPIRequestTermination ResourceType = "GatewayAPI(RequestTermination)" + GatewayAPIConcurrencyLimit ResourceType = "GatewayAPI(ConcurrencyLimit)" PolicyAttachmentHealthCheck ResourceType = "PolicyAttachment(HealthCheck)" PolicyAttachmentBackendLB ResourceType = "PolicyAttachment(BackendLB)" PolicyAttachmentBackendTLS ResourceType = "PolicyAttachment(BackendTLS)" diff --git a/pkg/messaging/broker.go b/pkg/messaging/broker.go index 45f7a4802..166e84832 100644 --- a/pkg/messaging/broker.go +++ b/pkg/messaging/broker.go @@ -1344,6 +1344,14 @@ func getGatewayUpdateEvent(msg events.PubSubMessage) *gatewayUpdateEvent { announcements.GatewayZipkinAdded, announcements.GatewayZipkinDeleted, announcements.GatewayZipkinUpdated, // ProxyTag event announcements.GatewayProxyTagAdded, announcements.GatewayProxyTagDeleted, announcements.GatewayProxyTagUpdated, + // IPRestriction event + announcements.GatewayIPRestrictionAdded, announcements.GatewayIPRestrictionDeleted, announcements.GatewayIPRestrictionUpdated, + // ConcurrencyLimit event + announcements.GatewayConcurrencyLimitAdded, announcements.GatewayConcurrencyLimitDeleted, announcements.GatewayConcurrencyLimitUpdated, + // ExternalRateLimit event + announcements.GatewayExternalRateLimitAdded, announcements.GatewayExternalRateLimitDeleted, announcements.GatewayExternalRateLimitUpdated, + // RequestTermination event + announcements.GatewayRequestTerminationAdded, announcements.GatewayRequestTerminationDeleted, announcements.GatewayRequestTerminationUpdated, // // MultiCluster events diff --git a/pkg/webhook/extension/v1alpha1/iprestriction.go b/pkg/webhook/extension/v1alpha1/iprestriction.go new file mode 100644 index 000000000..69ec5f08d --- /dev/null +++ b/pkg/webhook/extension/v1alpha1/iprestriction.go @@ -0,0 +1,113 @@ +package v1alpha1 + +import ( + "context" + "fmt" + "net" + "net/netip" + + "github.com/flomesh-io/fsm/pkg/utils" + + "k8s.io/apimachinery/pkg/util/validation/field" + + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + "k8s.io/apimachinery/pkg/runtime" + + extv1alpha1 "github.com/flomesh-io/fsm/pkg/apis/extension/v1alpha1" + "github.com/flomesh-io/fsm/pkg/webhook" + "github.com/flomesh-io/fsm/pkg/webhook/builder" + whtypes "github.com/flomesh-io/fsm/pkg/webhook/types" +) + +type IPRestrictionWebhook struct { + webhook.DefaultWebhook +} + +func NewIPRestrictionWebhook(cfg *whtypes.RegisterConfig) whtypes.Register { + r := &IPRestrictionWebhook{ + DefaultWebhook: webhook.DefaultWebhook{ + RegisterConfig: cfg, + Client: cfg.Manager.GetClient(), + }, + } + + if blder, err := builder.WebhookConfigurationManagedBy(cfg.Manager). + For(&extv1alpha1.IPRestriction{}). + WithWebhookServiceName(cfg.WebhookSvcName). + WithWebhookServiceNamespace(cfg.WebhookSvcNs). + WithCABundle(cfg.CaBundle). + Complete(); err != nil { + return nil + } else { + r.CfgBuilder = blder + } + + return r +} + +func (r *IPRestrictionWebhook) Default(ctx context.Context, obj runtime.Object) error { + _, ok := obj.(*extv1alpha1.IPRestriction) + if !ok { + return fmt.Errorf("unexpected type: %T", obj) + } + + return nil +} + +func (r *IPRestrictionWebhook) ValidateCreate(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { + return r.doValidation(ctx, obj) +} + +func (r *IPRestrictionWebhook) ValidateUpdate(ctx context.Context, _, newObj runtime.Object) (warnings admission.Warnings, err error) { + return r.doValidation(ctx, newObj) +} + +func (r *IPRestrictionWebhook) doValidation(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) { + ipRestriction, ok := obj.(*extv1alpha1.IPRestriction) + if !ok { + return nil, fmt.Errorf("unexpected type: %T", obj) + } + + errs := r.validateSpec(ctx, ipRestriction.Spec, field.NewPath("spec")) + + if len(errs) > 0 { + return warnings, utils.ErrorListToError(errs) + } + + return nil, nil +} + +func (r *IPRestrictionWebhook) validateSpec(ctx context.Context, spec extv1alpha1.IPRestrictionSpec, path *field.Path) field.ErrorList { + var errs field.ErrorList + + if len(spec.Allowed) == 0 && len(spec.Forbidden) == 0 { + errs = append(errs, field.Invalid(path, spec, "either allowed or forbidden must be set")) + } + + for i, ip := range spec.Allowed { + if _, err := netip.ParseAddr(ip); err == nil { + continue + } + + if _, _, err := net.ParseCIDR(ip); err == nil { + continue + } + + errs = append(errs, field.Invalid(path.Child("allowed").Index(i), ip, "invalid IP address or CIDR")) + } + + for i, ip := range spec.Forbidden { + if _, err := netip.ParseAddr(ip); err == nil { + continue + } + + if _, _, err := net.ParseCIDR(ip); err == nil { + continue + } + + errs = append(errs, field.Invalid(path.Child("forbidden").Index(i), ip, "invalid IP address or CIDR")) + } + + return errs +}