diff --git a/.changelog/18329.txt b/.changelog/18329.txt deleted file mode 100644 index ab3671de86bfe..0000000000000 --- a/.changelog/18329.txt +++ /dev/null @@ -1,4 +0,0 @@ -```release-note:improvement -cli: Adds cli support for checking TCP connection for ports. If -ports flag is not given, it will check for -default ports of consul listed here - https://developer.hashicorp.com/consul/docs/install/ports -``` \ No newline at end of file diff --git a/.changelog/19218.txt b/.changelog/19218.txt deleted file mode 100644 index a3dde32317b47..0000000000000 --- a/.changelog/19218.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:improvement -resource: lowercase names enforced for v2 resources only. -``` \ No newline at end of file diff --git a/.changelog/19306.txt b/.changelog/19274.txt similarity index 100% rename from .changelog/19306.txt rename to .changelog/19274.txt diff --git a/.changelog/19311.txt b/.changelog/19311.txt deleted file mode 100644 index e53536f44d32b..0000000000000 --- a/.changelog/19311.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:bug -raft: Fix panic during downgrade from enterprise to oss. -``` \ No newline at end of file diff --git a/.changelog/19499.txt b/.changelog/19499.txt deleted file mode 100644 index 83849637d4138..0000000000000 --- a/.changelog/19499.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:feature -acl: add policy bindtype to binding rules. -``` \ No newline at end of file diff --git a/.changelog/19860.txt b/.changelog/19860.txt new file mode 100644 index 0000000000000..e4edb69d8b752 --- /dev/null +++ b/.changelog/19860.txt @@ -0,0 +1,3 @@ +```release-note:bug +connect: Solves an issue where two upstream services with the same name in different namespaces were not getting routed to correctly by API Gateways. +``` diff --git a/.github/scripts/notify_slack.sh b/.github/scripts/notify_slack.sh new file mode 100755 index 0000000000000..8df3f3f648766 --- /dev/null +++ b/.github/scripts/notify_slack.sh @@ -0,0 +1,29 @@ +#!/usr/bin/env bash +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +set -uo pipefail + +# This script is used in GitHub Actions pipelines to notify Slack of a job failure. + +if [[ $GITHUB_REF_NAME == "main" ]]; then + GITHUB_ENDPOINT="https://github.com/${GITHUB_REPOSITORY}/commit/${GITHUB_SHA}" + GITHUB_ACTIONS_ENDPOINT="https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" + COMMIT_MESSAGE=$(git log -1 --pretty=%B | head -n1) + SHORT_REF=$(git rev-parse --short "${GITHUB_SHA}") + curl -X POST -H 'Content-type: application/json' \ + --data \ + "{ \ + \"attachments\": [ \ + { \ + \"fallback\": \"GitHub Actions workflow failed!\", \ + \"text\": \"❌ Failed: \`${GITHUB_ACTOR}\`'s <${GITHUB_ACTIONS_ENDPOINT}|${GITHUB_JOB}> job failed for commit <${GITHUB_ENDPOINT}|${SHORT_REF}> on \`${GITHUB_REF_NAME}\`!\n\n- <${COMMIT_MESSAGE}\", \ + \"footer\": \"${GITHUB_REPOSITORY}\", \ + \"ts\": \"$(date +%s)\", \ + \"color\": \"danger\" \ + } \ + ] \ + }" "${FEED_CONSUL_GH_URL}" +else + echo "Not posting slack failure notifications for non-main branch" +fi diff --git a/.github/scripts/set_test_package_matrix.sh b/.github/scripts/set_test_package_matrix.sh index 212d9fa481c40..3f8a389297f4a 100755 --- a/.github/scripts/set_test_package_matrix.sh +++ b/.github/scripts/set_test_package_matrix.sh @@ -5,13 +5,7 @@ set -euo pipefail export RUNNER_COUNT=$1 -if ((RUNNER_COUNT < 1 )) -then - echo ERROR: RUNNER_COUNT must be greater than zero. - exit 1 # terminate and indicate error -fi - # set matrix var to list of unique packages containing tests -matrix="$(go list -json="ImportPath,TestGoFiles" ./... | jq --compact-output '. | select(.TestGoFiles != null) | .ImportPath' | shuf | jq --slurp --compact-output '.' | jq --argjson runnercount $RUNNER_COUNT -cM '[_nwise(length / $runnercount | ceil)]'))" +matrix="$(go list -json="ImportPath,TestGoFiles" ./... | jq --compact-output '. | select(.TestGoFiles != null) | .ImportPath' | shuf | jq --slurp --compact-output '.' | jq --argjson runnercount $RUNNER_COUNT -cM '[_nwise(length / $runnercount | floor)]'))" echo "matrix=${matrix}" >> "${GITHUB_OUTPUT}" diff --git a/.github/workflows/backport-assistant.yml b/.github/workflows/backport-assistant.yml index 78125b6dabed6..17462f811261c 100644 --- a/.github/workflows/backport-assistant.yml +++ b/.github/workflows/backport-assistant.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Run Backport Assistant for release branches run: | - backport-assistant backport -merge-method=squash + backport-assistant backport -merge-method=squash -gh-automerge env: BACKPORT_LABEL_REGEXP: "backport/(?P\\d+\\.\\d+)" BACKPORT_TARGET_TEMPLATE: "release/{{.target}}.x" diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml index 7795b5f964f07..06bf97f5b3b8d 100644 --- a/.github/workflows/go-tests.yml +++ b/.github/workflows/go-tests.yml @@ -4,12 +4,12 @@ on: pull_request: branches-ignore: - stable-website - - 'docs/**' - - 'ui/**' - - 'mktg-**' # Digital Team Terraform-generated branches' prefix - - 'backport/docs/**' - - 'backport/ui/**' - - 'backport/mktg-**' + - "docs/**" + - "ui/**" + - "mktg-**" # Digital Team Terraform-generated branches' prefix + - "backport/docs/**" + - "backport/ui/**" + - "backport/mktg-**" push: branches: # Push events on the main branch @@ -31,14 +31,14 @@ concurrency: jobs: conditional-skip: - runs-on: ubuntu-latest + runs-on: ubuntu-latest name: Get files changed and conditionally skip CI outputs: skip-ci: ${{ steps.read-files.outputs.skip-ci }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: - fetch-depth: 0 + fetch-depth: 0 - name: Get changed files id: read-files run: ./.github/scripts/filter_changed_files_go_test.sh @@ -54,14 +54,14 @@ jobs: compute-large: ${{ steps.setup-outputs.outputs.compute-large }} compute-xl: ${{ steps.setup-outputs.outputs.compute-xl }} steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - id: setup-outputs - name: Setup outputs - run: ./.github/scripts/get_runner_classes.sh + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + - id: setup-outputs + name: Setup outputs + run: ./.github/scripts/get_runner_classes.sh check-go-mod: needs: - - setup + - setup uses: ./.github/workflows/reusable-check-go-mod.yml with: runs-on: ${{ needs.setup.outputs.compute-small }} @@ -71,96 +71,111 @@ jobs: check-generated-protobuf: needs: - - setup + - setup runs-on: ${{ fromJSON(needs.setup.outputs.compute-medium) }} steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: 'go.mod' - - run: make proto-tools - name: Install protobuf - - run: make proto-format - name: "Protobuf Format" - - run: make --always-make proto - - run: | - if ! git diff --exit-code; then - echo "Generated code was not updated correctly" - exit 1 - fi - - run: make proto-lint - name: "Protobuf Lint" + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + if: ${{ endsWith(github.repository, '-enterprise') }} + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + with: + go-version-file: "go.mod" + - run: make proto-tools + name: Install protobuf + - run: make proto-format + name: "Protobuf Format" + - run: make --always-make proto + - run: | + if ! git diff --exit-code; then + echo "Generated code was not updated correctly" + exit 1 + fi + - run: make proto-lint + name: "Protobuf Lint" + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh check-codegen: - needs: - - setup - runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: 'go.mod' - - run: make --always-make codegen - - run: | - if ! git diff --exit-code; then - echo "Generated code was not updated correctly" - exit 1 - fi + needs: + - setup + runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} + steps: + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + if: ${{ endsWith(github.repository, '-enterprise') }} + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + with: + go-version-file: "go.mod" + - run: make --always-make codegen + - run: | + if ! git diff --exit-code; then + echo "Generated code was not updated correctly" + exit 1 + fi + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh lint-enums: needs: - - setup + - setup runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: 'go.mod' - - run: go install github.com/reillywatson/enumcover/cmd/enumcover@master && enumcover ./... + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + if: ${{ endsWith(github.repository, '-enterprise') }} + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + with: + go-version-file: "go.mod" + - run: go install github.com/reillywatson/enumcover/cmd/enumcover@master && enumcover ./... + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh lint-container-test-deps: needs: - - setup + - setup runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: 'go.mod' - - run: make lint-container-test-deps + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + with: + go-version-file: "go.mod" + - run: make lint-container-test-deps + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh lint-consul-retry: needs: - - setup + - setup runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: 'go.mod' - - run: make lint-consul-retry + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + if: ${{ endsWith(github.repository, '-enterprise') }} + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + with: + go-version-file: "go.mod" + - run: go install github.com/hashicorp/lint-consul-retry@v1.3.0 && lint-consul-retry + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh lint: needs: - - setup + - setup uses: ./.github/workflows/reusable-lint.yml with: runs-on: ${{ needs.setup.outputs.compute-large }} @@ -170,7 +185,7 @@ jobs: lint-32bit: needs: - - setup + - setup uses: ./.github/workflows/reusable-lint.yml with: go-arch: "386" @@ -182,7 +197,7 @@ jobs: # create a development build dev-build: needs: - - setup + - setup uses: ./.github/workflows/reusable-dev-build.yml with: runs-on: ${{ needs.setup.outputs.compute-large }} @@ -229,7 +244,7 @@ jobs: # uploaded-binary-name: 'consul-bin-arm64' # runner-count: 12 # runs-on: "['self-hosted', 'ondemand', 'os=macos-arm', 'arm64']" - # go-test-flags: "${{ (github.ref_name != 'main' && !startsWith(github.ref_name, 'release/')) && '-short' || '' }}" + # go-test-flags: 'if ! [[ "$GITHUB_REF_NAME" =~ ^main$|^release/ ]]; then export GO_TEST_FLAGS="-short"; fi' # repository-name: ${{ github.repository }} # secrets: # elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} @@ -238,16 +253,15 @@ jobs: go-test-ce: needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit-split.yml with: directory: . - runner-count: 6 + runner-count: 12 runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} go-tags: "" - go-test-flags: "${{ (github.ref_name != 'main' && !startsWith(github.ref_name, 'release/')) && '-short' || '' }}" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -259,16 +273,15 @@ jobs: go-test-enterprise: if: ${{ endsWith(github.repository, '-enterprise') }} needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit-split.yml with: directory: . - runner-count: 6 + runner-count: 12 runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} - go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" - go-test-flags: "${{ (github.ref_name != 'main' && !startsWith(github.ref_name, 'release/')) && '-short' || '' }}" + go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -279,16 +292,16 @@ jobs: go-test-race: needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: . - go-test-flags: "-race -gcflags=all=-d=checkptr=0" + go-test-flags: 'GO_TEST_FLAGS="-race -gcflags=all=-d=checkptr=0"' package-names-command: "go list ./... | grep -E -v '^github.com/hashicorp/consul/agent(/consul|/local|/routine-leak-checker)?$' | grep -E -v '^github.com/hashicorp/consul(/command|/connect|/snapshot)'" runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} - go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" + go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -299,16 +312,16 @@ jobs: go-test-32bit: needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: . go-arch: "386" - go-test-flags: "-short" + go-test-flags: 'export GO_TEST_FLAGS="-short"' runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} - go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" + go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -326,10 +339,10 @@ jobs: # with: # uploaded-binary-name: 'consul-bin-s390x' # directory: . - # go-test-flags: -short" + # go-test-flags: 'export GO_TEST_FLAGS="-short"' # runs-on: ${{ needs.setup.outputs.compute-large }} # repository-name: ${{ github.repository }} - # go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" + # go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" # permissions: # id-token: write # NOTE: this permission is explicitly required for Vault auth. # contents: read @@ -340,14 +353,14 @@ jobs: go-test-envoyextensions: needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: envoyextensions runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} - go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" + go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -358,14 +371,14 @@ jobs: go-test-troubleshoot: needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: troubleshoot runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} - go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" + go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -376,14 +389,14 @@ jobs: go-test-api-1-19: needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: api runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} - go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" + go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-version: "1.19" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. @@ -395,14 +408,14 @@ jobs: go-test-api-1-20: needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: api runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} - go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" + go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-version: "1.20" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. @@ -414,14 +427,14 @@ jobs: go-test-sdk-1-19: needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: sdk runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} - go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" + go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-version: "1.19" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. @@ -433,14 +446,14 @@ jobs: go-test-sdk-1-20: needs: - - setup - - dev-build + - setup + - dev-build uses: ./.github/workflows/reusable-unit.yml with: directory: sdk runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} - go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" + go-tags: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" go-version: "1.20" permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. @@ -471,27 +484,27 @@ jobs: go-tests-success: needs: - - conditional-skip - - setup - - check-codegen - - check-generated-protobuf - - check-go-mod - - lint-consul-retry - - lint-container-test-deps - - lint-enums - - lint - - lint-32bit - # - go-test-arm64 - - go-test-enterprise - - go-test-ce - - go-test-race - - go-test-envoyextensions - - go-test-troubleshoot - - go-test-api-1-19 - - go-test-api-1-20 - - go-test-sdk-1-19 - - go-test-sdk-1-20 - - go-test-32bit + - conditional-skip + - setup + - check-codegen + - check-generated-protobuf + - check-go-mod + - lint-consul-retry + - lint-container-test-deps + - lint-enums + - lint + - lint-32bit + # - go-test-arm64 + - go-test-enterprise + - go-test-ce + - go-test-race + - go-test-envoyextensions + - go-test-troubleshoot + - go-test-api-1-19 + - go-test-api-1-20 + - go-test-sdk-1-19 + - go-test-sdk-1-20 + - go-test-32bit # - go-test-s390x runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} if: always() && needs.conditional-skip.outputs.skip-ci != 'true' @@ -499,33 +512,7 @@ jobs: - name: evaluate upstream job results run: | # exit 1 if failure or cancelled result for any upstream job - # this ensures that we fail the PR check regardless of cancellation, rather than skip-passing it - # see https://docs.github.com/en/actions/using-jobs/using-conditions-to-control-job-execution#overview if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}" exit 1 fi - - name: Set failure Slack commit message summary - # failure() ensures this runs even if the test eval step exits 1 - if: failure() - run: | - # if failure (not cancelled), notify Slack - if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure)\"'; then - printf "Tests failed, notifying Slack" - echo "FAILED_TESTS=true" >> $GITHUB_ENV - echo "COMMIT_MESSAGE_SUMMARY=$(echo '${{ github.event.head_commit.message }}' | head -n 1)" >> $GITHUB_ENV - fi - - name: Notify Slack - # failure() ensures this runs even if the test eval step exits 1 - # FAILED_TESTS must also be checked to avoid running this step on cancellation due to the summary check above - if: ${{ failure() && env.FAILED_TESTS == 'true' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) }} - id: slack - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 - with: - # github.event.head_commit.message and github.ref_name both rely on this event occurring on a push / merge - payload: | - { - "message": "❌ ${{ github.workflow }} workflow failed: \n\n- Run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} \n- Branch: ${{ github.ref_name }} \n- Message: ${{ env.COMMIT_MESSAGE_SUMMARY }} \n- Author: ${{ github.event.sender.login }}" - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.CONSUL_PROTECTED_BRANCH_TEST_SLACK_WEBHOOK }} \ No newline at end of file diff --git a/.github/workflows/nightly-test-1.17.x.yaml b/.github/workflows/nightly-test-1.13.x.yaml similarity index 96% rename from .github/workflows/nightly-test-1.17.x.yaml rename to .github/workflows/nightly-test-1.13.x.yaml index 9a063001e402c..f314a475dfbd7 100644 --- a/.github/workflows/nightly-test-1.17.x.yaml +++ b/.github/workflows/nightly-test-1.13.x.yaml @@ -1,7 +1,7 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 -name: Nightly Frontend Test 1.17.x +name: Nightly Frontend Test 1.13.x on: schedule: - cron: '0 4 * * *' @@ -9,8 +9,8 @@ on: env: EMBER_PARTITION_TOTAL: 4 # Has to be changed in tandem with the matrix.partition - BRANCH: "release/1.17.x" - BRANCH_NAME: "release-1.17.x" # Used for naming artifacts + BRANCH: "release/1.13.x" + BRANCH_NAME: "release-1.13.x" # Used for naming artifacts GOPRIVATE: github.com/hashicorp # Required for enterprise deps jobs: @@ -24,7 +24,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -56,7 +56,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -95,7 +95,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -128,7 +128,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -167,7 +167,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -198,7 +198,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock diff --git a/.github/workflows/nightly-test-integ-peering_commontopo.yml b/.github/workflows/nightly-test-integ-peering_commontopo.yml deleted file mode 100644 index 418faaf3b400c..0000000000000 --- a/.github/workflows/nightly-test-integ-peering_commontopo.yml +++ /dev/null @@ -1,163 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -name: Nightly test integrations - peering_common_topo - -on: - schedule: - # Run nightly at 12AM UTC/8PM EST/5PM PST - - cron: '* 0 * * *' - workflow_dispatch: {} - -env: - TEST_RESULTS_DIR: /tmp/test-results - CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }} - GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} - GOTESTSUM_VERSION: "1.10.1" - CONSUL_BINARY_UPLOAD_NAME: consul-bin - # strip the hashicorp/ off the front of github.repository for consul - CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }} - GOPRIVATE: github.com/hashicorp # Required for enterprise deps - -jobs: - setup: - runs-on: ubuntu-latest - name: Setup - outputs: - compute-small: ${{ steps.runners.outputs.compute-small }} - compute-medium: ${{ steps.runners.outputs.compute-medium }} - compute-large: ${{ steps.runners.outputs.compute-large }} - compute-xl: ${{ steps.runners.outputs.compute-xl }} - enterprise: ${{ steps.runners.outputs.enterprise }} - steps: - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - ref: ${{ inputs.branch }} - - id: runners - run: .github/scripts/get_runner_classes.sh - - tests: - runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl ) }} - needs: - - setup - permissions: - id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read - strategy: - fail-fast: false - matrix: - test-case: - - TestSuitesOnSharedTopo - # these are not part of sharedTopoSuites - - TestAC5PreparedQueryFailover - - TestAC6Failovers - - TestNET5029Failovers - - TestRotateGW - - TestAC7_2RotateLeader - name: '${{matrix.test-case}}' - - env: - ENVOY_VERSION: "1.24.6" - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: 'go.mod' - - run: go env - - name: Build - run: | - make dev - mv bin/consul consul - - name: restore mode+x - run: chmod +x consul - - name: Build consul:local image - run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile . - - name: Peering commonTopo Integration Tests - run: | - export NOLOGBUFFER=1 - mkdir -p "${{ env.TEST_RESULTS_DIR }}" - cd ./test-integ/peering_commontopo - docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version - go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --raw-command \ - --format=standard-verbose \ - --debug \ - --packages="./..." \ - -- \ - go test \ - -tags "${{ env.GOTAGS }}" \ - -run '^${{ matrix.test-case }}$' \ - -timeout=60m \ - -parallel=1 \ - -json . \ - --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --target-version local \ - --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --latest-version latest - env: - GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml - GOTESTSUM_FORMAT: standard-verbose - # tput complains if this isn't set to something. - TERM: ansi - - - name: Authenticate to Vault - if: ${{ endsWith(github.repository, '-enterprise') && !cancelled() }} - id: vault-auth - run: vault-auth - - - name: Fetch Secrets - if: ${{ endsWith(github.repository, '-enterprise') && !cancelled() }} - id: secrets - uses: hashicorp/vault-action@v2.5.0 - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - - - name: upload test results - if: ${{ !cancelled() }} - continue-on-error: true - env: - DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" - DD_ENV: ci - run: | - # TODO: we should probably version this and check a shasum or something? or run a container? - which datadog-ci > /dev/null 2>&1 || { - curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" - chmod +x /usr/local/bin/datadog-ci - } - datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - - - success: - needs: - - setup - - tests - runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} - if: ${{ always() }} - steps: - - name: evaluate upstream job results - run: | - # exit 1 if failure or cancelled result for any upstream job - if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then - printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}" - exit 1 - fi - - name: Notify Slack - if: ${{ failure() }} - id: slack - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 - with: - payload: | - { - "message": "One or more nightly peering_commontopo integration tests have failed. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.CONSUL_NIGHTLY_INTEG_TEST_SLACK_WEBHOOK }} diff --git a/.github/workflows/nightly-test-integrations-1.15.x.yml b/.github/workflows/nightly-test-integrations-1.15.x.yml index a6f2ce184f13b..c570a541abd11 100644 --- a/.github/workflows/nightly-test-integrations-1.15.x.yml +++ b/.github/workflows/nightly-test-integrations-1.15.x.yml @@ -14,7 +14,7 @@ env: TEST_RESULTS_ARTIFACT_NAME: test-results CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }} GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} - GOTESTSUM_VERSION: "1.11.0" + GOTESTSUM_VERSION: "1.10.1" CONSUL_BINARY_UPLOAD_NAME: consul-bin # strip the hashicorp/ off the front of github.repository for consul CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }} @@ -234,8 +234,9 @@ jobs: docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --raw-command \ - --format=github-actions \ - --rerun-fails \ + --format=short-verbose \ + --debug \ + --rerun-fails=2 \ --packages="./..." \ -- \ go test \ diff --git a/.github/workflows/nightly-test-integrations-1.16.x.yml b/.github/workflows/nightly-test-integrations-1.16.x.yml index 2492f5c80a7e0..d9a771c3fe133 100644 --- a/.github/workflows/nightly-test-integrations-1.16.x.yml +++ b/.github/workflows/nightly-test-integrations-1.16.x.yml @@ -14,7 +14,7 @@ env: TEST_RESULTS_ARTIFACT_NAME: test-results CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }} GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} - GOTESTSUM_VERSION: "1.11.0" + GOTESTSUM_VERSION: "1.10.1" CONSUL_BINARY_UPLOAD_NAME: consul-bin # strip the hashicorp/ off the front of github.repository for consul CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }} @@ -255,8 +255,9 @@ jobs: docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --raw-command \ - --format=github-actions \ - --rerun-fails \ + --format=short-verbose \ + --debug \ + --rerun-fails=2 \ --packages="./..." \ -- \ go test \ diff --git a/.github/workflows/nightly-test-integrations-1.17.x.yml b/.github/workflows/nightly-test-integrations-1.17.x.yml deleted file mode 100644 index 1dc692e010500..0000000000000 --- a/.github/workflows/nightly-test-integrations-1.17.x.yml +++ /dev/null @@ -1,431 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -name: Nightly test-integrations 1.17.x - -on: - schedule: - # Run nightly at 1AM UTC/9PM EST/6PM PST - - cron: '* 1 * * *' - workflow_dispatch: {} - -env: - TEST_RESULTS_DIR: /tmp/test-results - TEST_RESULTS_ARTIFACT_NAME: test-results - CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }} - GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} - GOTESTSUM_VERSION: "1.11.0" - CONSUL_BINARY_UPLOAD_NAME: consul-bin - # strip the hashicorp/ off the front of github.repository for consul - CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }} - GOPRIVATE: github.com/hashicorp # Required for enterprise deps - BRANCH: "release/1.17.x" - BRANCH_NAME: "release-1.17.x" # Used for naming artifacts - -jobs: - setup: - runs-on: ubuntu-latest - name: Setup - outputs: - compute-small: ${{ steps.runners.outputs.compute-small }} - compute-medium: ${{ steps.runners.outputs.compute-medium }} - compute-large: ${{ steps.runners.outputs.compute-large }} - compute-xl: ${{ steps.runners.outputs.compute-xl }} - enterprise: ${{ steps.runners.outputs.enterprise }} - steps: - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - ref: ${{ env.BRANCH }} - - id: runners - run: .github/scripts/get_runner_classes.sh - - dev-build: - needs: [setup] - uses: ./.github/workflows/reusable-dev-build.yml - with: - runs-on: ${{ needs.setup.outputs.compute-large }} - repository-name: ${{ github.repository }} - uploaded-binary-name: 'consul-bin' - branch-name: "release/1.17.x" - secrets: - elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - - generate-envoy-job-matrices: - needs: [setup] - runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} - name: Generate Envoy Job Matrices - outputs: - envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }} - steps: - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - ref: ${{ env.BRANCH }} - - name: Generate Envoy Job Matrix - id: set-matrix - env: - # this is further going to multiplied in envoy-integration tests by the - # other dimensions in the matrix. Currently TOTAL_RUNNERS would be - # multiplied by 8 based on these values: - # envoy-version: ["1.24.12", "1.25.11", "1.26.6", "1.27.2"] - # xds-target: ["server", "client"] - TOTAL_RUNNERS: 4 - JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' - run: | - NUM_RUNNERS=$TOTAL_RUNNERS - NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l) - - if [ "$NUM_DIRS" -lt "$NUM_RUNNERS" ]; then - echo "TOTAL_RUNNERS is larger than the number of tests/packages to split." - NUM_RUNNERS=$((NUM_DIRS-1)) - fi - # fix issue where test splitting calculation generates 1 more split than TOTAL_RUNNERS. - NUM_RUNNERS=$((NUM_RUNNERS-1)) - { - echo -n "envoy-matrix=" - find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \ - | xargs -0 -n 1 basename \ - | jq --raw-input --argjson runnercount "$NUM_RUNNERS" "$JQ_SLICER" \ - | jq --compact-output 'map(join("|"))' - } >> "$GITHUB_OUTPUT" - - envoy-integration-test: - runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} - needs: - - setup - - generate-envoy-job-matrices - - dev-build - permissions: - id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read - strategy: - fail-fast: false - matrix: - envoy-version: ["1.24.12", "1.25.11", "1.26.6", "1.27.2"] - xds-target: ["server", "client"] - test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} - env: - ENVOY_VERSION: ${{ matrix.envoy-version }} - XDS_TARGET: ${{ matrix.xds-target }} - AWS_LAMBDA_REGION: us-west-2 - steps: - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - ref: ${{ env.BRANCH }} - - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: 'go.mod' - - - name: fetch binary - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}' - path: ./bin - - name: restore mode+x - run: chmod +x ./bin/consul - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@2a1a44ac4aa01993040736bd95bb470da1a38365 # v2.9.0 - - - name: Docker build - run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin - - - name: Envoy Integration Tests - env: - GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml - GOTESTSUM_FORMAT: standard-verbose - COMPOSE_INTERACTIVE_NO_CLI: 1 - LAMBDA_TESTS_ENABLED: "true" - # tput complains if this isn't set to something. - TERM: ansi - run: | - # shellcheck disable=SC2001 - echo "Running $(sed 's,|, ,g' <<< "${{ matrix.test-cases }}" |wc -w) subtests" - # shellcheck disable=SC2001 - sed 's,|,\n,g' <<< "${{ matrix.test-cases }}" - go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --debug \ - --rerun-fails \ - --rerun-fails-report=/tmp/gotestsum-rerun-fails \ - --jsonfile /tmp/jsonfile/go-test.log \ - --packages=./test/integration/connect/envoy \ - -- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})" - - # NOTE: ENT specific step as we store secrets in Vault. - - name: Authenticate to Vault - if: ${{ endsWith(github.repository, '-enterprise') }} - id: vault-auth - run: vault-auth - - # NOTE: ENT specific step as we store secrets in Vault. - - name: Fetch Secrets - if: ${{ endsWith(github.repository, '-enterprise') }} - id: secrets - uses: hashicorp/vault-action@v2.5.0 - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - - - name: prepare datadog-ci - if: ${{ !endsWith(github.repository, '-enterprise') }} - run: | - curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" - chmod +x /usr/local/bin/datadog-ci - - - name: upload coverage - # do not run on forks - if: github.event.pull_request.head.repo.full_name == github.repository - env: - DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" - DD_ENV: ci - run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - - upgrade-integration-test: - runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} - needs: - - setup - - dev-build - permissions: - id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read - strategy: - fail-fast: false - matrix: - consul-version: ["1.15", "1.16", "1.17"] - env: - CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} - ENVOY_VERSION: "1.24.6" - steps: - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - ref: ${{ env.BRANCH }} - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: 'go.mod' - - run: go env - - # Get go binary from workspace - - name: fetch binary - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 - with: - name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}' - path: . - - name: restore mode+x - run: chmod +x consul - - name: Build consul:local image - run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile . - - name: Build consul-envoy:latest-version image - id: buildConsulEnvoyLatestImage - run: | - if ${{ endsWith(github.repository, '-enterprise') }} == 'true' - then - docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}-ent --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets - else - docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }} --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets - fi - - name: Build consul-envoy:target-version image - id: buildConsulEnvoyTargetImage - continue-on-error: true - run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets - - name: Retry Build consul-envoy:target-version image - if: steps.buildConsulEnvoyTargetImage.outcome == 'failure' - run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets - - name: Build sds image - run: docker build -t consul-sds-server ./test/integration/connect/envoy/test-sds-server/ - - name: Configure GH workaround for ipv6 loopback - if: ${{ !endsWith(github.repository, '-enterprise') }} - run: | - cat /etc/hosts && echo "-----------" - sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6-localhost ip6-loopback/g' /etc/hosts - cat /etc/hosts - - name: Upgrade Integration Tests - run: | - mkdir -p "${{ env.TEST_RESULTS_DIR }}" - cd ./test/integration/consul-container/test/upgrade - docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version - go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --raw-command \ - --format=github-actions \ - --rerun-fails \ - --packages="./..." \ - -- \ - go test \ - -p=4 \ - -tags "${{ env.GOTAGS }}" \ - -timeout=30m \ - -json \ - ./... \ - --follow-log=false \ - --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --target-version local \ - --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --latest-version "${{ env.CONSUL_LATEST_VERSION }}" - ls -lrt - env: - # this is needed because of incompatibility between RYUK container and GHA - GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml - GOTESTSUM_FORMAT: standard-verbose - COMPOSE_INTERACTIVE_NO_CLI: 1 - # tput complains if this isn't set to something. - TERM: ansi - # NOTE: ENT specific step as we store secrets in Vault. - - name: Authenticate to Vault - if: ${{ endsWith(github.repository, '-enterprise') }} - id: vault-auth - run: vault-auth - - # NOTE: ENT specific step as we store secrets in Vault. - - name: Fetch Secrets - if: ${{ endsWith(github.repository, '-enterprise') }} - id: secrets - uses: hashicorp/vault-action@v2.5.0 - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - - - name: prepare datadog-ci - if: ${{ !endsWith(github.repository, '-enterprise') }} - run: | - curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" - chmod +x /usr/local/bin/datadog-ci - - - name: upload coverage - # do not run on forks - if: github.event.pull_request.head.repo.full_name == github.repository - env: - DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" - DD_ENV: ci - run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - - upgrade-integration-test-deployer: - runs-on: ${{ fromJSON(needs.setup.outputs.compute-large ) }} - needs: - - setup - - dev-build - permissions: - id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read - strategy: - fail-fast: false - matrix: - consul-version: [ "1.15", "1.16", "1.17"] - env: - CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} - steps: - - name: Checkout code - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - ref: ${{ env.BRANCH }} - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - go-version-file: 'go.mod' - - run: go env - - name: Build image - run: make test-deployer-setup - - name: Upgrade Integration Tests - run: | - mkdir -p "${{ env.TEST_RESULTS_DIR }}" - export NOLOGBUFFER=1 - cd ./test-integ/upgrade - docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version - go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --raw-command \ - --format=standard-verbose \ - --debug \ - --packages="./..." \ - -- \ - go test \ - -tags "${{ env.GOTAGS }}" \ - -timeout=60m \ - -parallel=2 \ - -json \ - ./... \ - --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --target-version local \ - --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --latest-version "${{ env.CONSUL_LATEST_VERSION }}" - env: - # this is needed because of incompatibility between RYUK container and GHA - GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml - GOTESTSUM_FORMAT: standard-verbose - COMPOSE_INTERACTIVE_NO_CLI: 1 - # tput complains if this isn't set to something. - TERM: ansi - # NOTE: ENT specific step as we store secrets in Vault. - - name: Authenticate to Vault - if: ${{ endsWith(github.repository, '-enterprise') }} - id: vault-auth - run: vault-auth - - # NOTE: ENT specific step as we store secrets in Vault. - - name: Fetch Secrets - if: ${{ endsWith(github.repository, '-enterprise') }} - id: secrets - uses: hashicorp/vault-action@v2.5.0 - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - - - name: prepare datadog-ci - if: ${{ !endsWith(github.repository, '-enterprise') }} - run: | - curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" - chmod +x /usr/local/bin/datadog-ci - - - name: upload coverage - # do not run on forks - if: github.event.pull_request.head.repo.full_name == github.repository - env: - DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" - DD_ENV: ci - run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - - test-integrations-success: - needs: - - setup - - dev-build - - generate-envoy-job-matrices - - envoy-integration-test - - upgrade-integration-test - - upgrade-integration-test-deployer - runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} - if: ${{ always() }} - steps: - - name: evaluate upstream job results - run: | - # exit 1 if failure or cancelled result for any upstream job - if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then - printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}" - exit 1 - fi - - name: Notify Slack - if: ${{ failure() }} - id: slack - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 - with: - payload: | - { - "message": "One or more nightly integration tests have failed on branch ${{ env.BRANCH }} for Consul. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.CONSUL_NIGHTLY_INTEG_TEST_SLACK_WEBHOOK }} diff --git a/.github/workflows/nightly-test-integrations.yml b/.github/workflows/nightly-test-integrations.yml index 1696275c9ffb7..cb49791c15f80 100644 --- a/.github/workflows/nightly-test-integrations.yml +++ b/.github/workflows/nightly-test-integrations.yml @@ -14,7 +14,7 @@ env: TEST_RESULTS_ARTIFACT_NAME: test-results CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }} GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} - GOTESTSUM_VERSION: "1.11.0" + GOTESTSUM_VERSION: "1.10.1" CONSUL_BINARY_UPLOAD_NAME: consul-bin # strip the hashicorp/ off the front of github.repository for consul CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }} @@ -193,10 +193,10 @@ jobs: strategy: fail-fast: false matrix: - consul-version: [ "1.16", "1.17"] + consul-version: [ "1.15", "1.16", "1.17"] env: CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} - ENVOY_VERSION: "1.25.4" + ENVOY_VERSION: "1.24.6" steps: - name: Checkout code uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 @@ -252,8 +252,9 @@ jobs: docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --raw-command \ - --format=github-actions \ - --rerun-fails \ + --format=short-verbose \ + --debug \ + --rerun-fails=2 \ --packages="./..." \ -- \ go test \ @@ -307,6 +308,100 @@ jobs: DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml + + peering_commontopo-integration-test: + runs-on: ${{ fromJSON(needs.setup.outputs.compute-large ) }} + needs: + - setup + - dev-build + permissions: + id-token: write # NOTE: this permission is explicitly required for Vault auth. + contents: read + strategy: + fail-fast: false + env: + ENVOY_VERSION: "1.24.6" + steps: + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 + # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. + - name: Setup Git + if: ${{ endsWith(github.repository, '-enterprise') }} + run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" + - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + with: + go-version-file: 'go.mod' + - run: go env + + # Get go binary from workspace + - name: fetch binary + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 + with: + name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}' + path: . + - name: restore mode+x + run: chmod +x consul + - name: Build consul:local image + run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile . + - name: Peering commonTopo Integration Tests + run: | + mkdir -p "${{ env.TEST_RESULTS_DIR }}" + cd ./test-integ/peering_commontopo + docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version + go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ + --raw-command \ + --format=short-verbose \ + --debug \ + --packages="./..." \ + -- \ + go test \ + -tags "${{ env.GOTAGS }}" \ + -timeout=30m \ + -json . \ + --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ + --target-version local \ + --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \ + --latest-version latest + ls -lrt + env: + # this is needed because of incompatibility between RYUK container and GHA + GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml + GOTESTSUM_FORMAT: standard-verbose + COMPOSE_INTERACTIVE_NO_CLI: 1 + # tput complains if this isn't set to something. + TERM: ansi + # NOTE: ENT specific step as we store secrets in Vault. + - name: Authenticate to Vault + if: ${{ endsWith(github.repository, '-enterprise') }} + id: vault-auth + run: vault-auth + + # NOTE: ENT specific step as we store secrets in Vault. + - name: Fetch Secrets + if: ${{ endsWith(github.repository, '-enterprise') }} + id: secrets + uses: hashicorp/vault-action@v2.5.0 + with: + url: ${{ steps.vault-auth.outputs.addr }} + caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} + token: ${{ steps.vault-auth.outputs.token }} + secrets: | + kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; + + - name: prepare datadog-ci + if: ${{ !endsWith(github.repository, '-enterprise') }} + run: | + curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" + chmod +x /usr/local/bin/datadog-ci + + - name: upload coverage + # do not run on forks + if: github.event.pull_request.head.repo.full_name == github.repository + env: + DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" + DD_ENV: ci + run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml + + upgrade-integration-test-deployer: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large ) }} needs: @@ -338,12 +433,13 @@ jobs: - name: Upgrade Integration Tests run: | mkdir -p "${{ env.TEST_RESULTS_DIR }}" - #export NOLOGBUFFER=1 + export NOLOGBUFFER=1 cd ./test-integ/upgrade docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --raw-command \ - --format=github-actions \ + --format=standard-verbose \ + --debug \ --packages="./..." \ -- \ go test \ @@ -403,6 +499,7 @@ jobs: - envoy-integration-test - upgrade-integration-test - upgrade-integration-test-deployer + - peering_commontopo-integration-test runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} if: ${{ always() }} steps: diff --git a/.github/workflows/reusable-check-go-mod.yml b/.github/workflows/reusable-check-go-mod.yml index be228c7a2f812..51fd682776899 100644 --- a/.github/workflows/reusable-check-go-mod.yml +++ b/.github/workflows/reusable-check-go-mod.yml @@ -34,3 +34,6 @@ jobs: git status -s exit 1 fi + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh diff --git a/.github/workflows/reusable-dev-build-windows.yml b/.github/workflows/reusable-dev-build-windows.yml index b6bde2653b4bf..01247c477878c 100644 --- a/.github/workflows/reusable-dev-build-windows.yml +++ b/.github/workflows/reusable-dev-build-windows.yml @@ -42,3 +42,6 @@ jobs: with: name: ${{inputs.uploaded-binary-name}} path: consul.exe + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh diff --git a/.github/workflows/reusable-dev-build.yml b/.github/workflows/reusable-dev-build.yml index eaf9a643ebaa8..99bcb96592c3a 100644 --- a/.github/workflows/reusable-dev-build.yml +++ b/.github/workflows/reusable-dev-build.yml @@ -54,3 +54,6 @@ jobs: with: name: ${{inputs.uploaded-binary-name}} path: ./bin/consul + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh diff --git a/.github/workflows/reusable-lint.yml b/.github/workflows/reusable-lint.yml index 52d2dc67d9af3..902ff1867144f 100644 --- a/.github/workflows/reusable-lint.yml +++ b/.github/workflows/reusable-lint.yml @@ -18,7 +18,7 @@ on: elevated-github-token: required: true env: - GOTAGS: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consuldev' || '' }}" + GOTAGS: "${{ github.event.repository.name == 'consul-enterprise' && 'consulent consulprem consuldev' || '' }}" GOARCH: ${{inputs.go-arch}} GOPRIVATE: github.com/hashicorp # Required for enterprise deps @@ -55,3 +55,6 @@ jobs: version: v1.51.1 args: --build-tags="${{ env.GOTAGS }}" -v skip-cache: true + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh diff --git a/.github/workflows/reusable-unit-split.yml b/.github/workflows/reusable-unit-split.yml index 0095d7739e16e..3d959d168beda 100644 --- a/.github/workflows/reusable-unit-split.yml +++ b/.github/workflows/reusable-unit-split.yml @@ -46,7 +46,7 @@ on: required: true env: TEST_RESULTS: /tmp/test-results - GOTESTSUM_VERSION: "1.11.0" + GOTESTSUM_VERSION: "1.10.1" GOARCH: ${{inputs.go-arch}} TOTAL_RUNNERS: ${{inputs.runner-count}} CONSUL_LICENSE: ${{secrets.consul-license}} @@ -115,19 +115,21 @@ jobs: PACKAGE_NAMES="${{ join(matrix.package, ' ') }}" # PACKAGE_NAMES="${{ matrix.package }}" + ${{inputs.go-test-flags}} + # some tests expect this umask, and arm images have a different default umask 0022 go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --format=github-actions \ - --format-hide-empty-pkg \ + --format=short-verbose \ --jsonfile /tmp/jsonfile/go-test.log \ - --rerun-fails \ + --debug \ + --rerun-fails=3 \ + --rerun-fails-max-failures=40 \ --rerun-fails-report=/tmp/gotestsum-rerun-fails \ --packages="$PACKAGE_NAMES" \ --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- \ -tags="${{env.GOTAGS}}" \ - ${{inputs.go-test-flags}} \ -cover -coverprofile=coverage.txt \ -timeout=30m @@ -173,3 +175,6 @@ jobs: - name: "Re-run fails report" run: | .github/scripts/rerun_fails_report.sh /tmp/gotestsum-rerun-fails + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh diff --git a/.github/workflows/reusable-unit.yml b/.github/workflows/reusable-unit.yml index 8a69d22385e4f..3b50bfa7e3887 100644 --- a/.github/workflows/reusable-unit.yml +++ b/.github/workflows/reusable-unit.yml @@ -46,7 +46,7 @@ on: required: true env: TEST_RESULTS: /tmp/test-results - GOTESTSUM_VERSION: "1.11.0" + GOTESTSUM_VERSION: "1.10.1" GOARCH: ${{inputs.go-arch}} CONSUL_LICENSE: ${{secrets.consul-license}} GOTAGS: ${{ inputs.go-tags}} @@ -96,15 +96,19 @@ jobs: # some tests expect this umask, and arm images have a different default umask 0022 + ${{inputs.go-test-flags}} + go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --format=github-actions \ + --format=short-verbose \ --jsonfile /tmp/jsonfile/go-test.log \ - --rerun-fails \ + --debug \ + --rerun-fails=3 \ + --rerun-fails-max-failures=40 \ --rerun-fails-report=/tmp/gotestsum-rerun-fails \ --packages="$PACKAGE_NAMES" \ --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- \ -tags="${{env.GOTAGS}}" \ - ${{inputs.go-test-flags}} \ + ${GO_TEST_FLAGS-} \ -cover -coverprofile=coverage.txt \ -timeout=30m @@ -150,3 +154,6 @@ jobs: - name: "Re-run fails report" run: | .github/scripts/rerun_fails_report.sh /tmp/gotestsum-rerun-fails + - name: Notify Slack + if: ${{ failure() }} + run: .github/scripts/notify_slack.sh diff --git a/.github/workflows/test-integrations-windows.yml b/.github/workflows/test-integrations-windows.yml index 29080a10ea28b..16f7b26fdc67a 100644 --- a/.github/workflows/test-integrations-windows.yml +++ b/.github/workflows/test-integrations-windows.yml @@ -11,7 +11,7 @@ env: TEST_RESULTS_ARTIFACT_NAME: test-results CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }} GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} - GOTESTSUM_VERSION: "1.11.0" + GOTESTSUM_VERSION: "1.9.0" CONSUL_BINARY_UPLOAD_NAME: consul.exe # strip the hashicorp/ off the front of github.repository for consul CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'consul' }} diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml index 7782ec9b31d6b..87b1154f8cfbc 100644 --- a/.github/workflows/test-integrations.yml +++ b/.github/workflows/test-integrations.yml @@ -19,7 +19,7 @@ env: TEST_RESULTS_ARTIFACT_NAME: test-results CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }} GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} - GOTESTSUM_VERSION: "1.11.0" + GOTESTSUM_VERSION: "1.10.1" CONSUL_BINARY_UPLOAD_NAME: consul-bin # strip the hashicorp/ off the front of github.repository for consul CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }} @@ -81,6 +81,7 @@ jobs: strategy: matrix: nomad-version: ['v1.6.2', 'v1.5.9', 'v1.4.13'] + steps: - name: Checkout Nomad uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 @@ -110,7 +111,7 @@ jobs: run: | go install gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} && \ gotestsum \ - --format=github-actions \ + --format=short-verbose \ --rerun-fails \ --rerun-fails-report=/tmp/gotestsum-rerun-fails \ --packages="./command/agent/consul" \ @@ -184,17 +185,17 @@ jobs: run: | mkdir -p "${{ env.TEST_RESULTS_DIR }}" go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --format=github-actions \ + --format=short-verbose \ --junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report.xml" \ -- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage.txt ./agent/connect/ca # Run leader tests that require Vault go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --format=github-actions \ + --format=short-verbose \ --junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-leader.xml" \ -- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage-leader.txt -run Vault ./agent/consul # Run agent tests that require Vault go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --format=github-actions \ + --format=short-verbose \ --junitfile "${{ env.TEST_RESULTS_DIR }}/gotestsum-report-agent.xml" \ -- -tags "${{ env.GOTAGS }}" -cover -coverprofile=coverage-agent.txt -run Vault ./agent @@ -431,8 +432,9 @@ jobs: docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --raw-command \ - --format=github-actions \ - --rerun-fails \ + --format=pkgname-and-test-fails \ + --debug \ + --rerun-fails=3 \ -- \ go test \ -p=6 \ @@ -513,11 +515,12 @@ jobs: - name: Integration Tests run: | mkdir -p "${{ env.TEST_RESULTS_DIR }}" - #export NOLOGBUFFER=1 + export NOLOGBUFFER=1 cd ./test-integ go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ --raw-command \ - --format=github-actions \ + --format=standard-verbose \ + --debug \ -- \ go test \ -tags "${{ env.GOTAGS }}" \ diff --git a/.github/workflows/verify-envoy-version.yml b/.github/workflows/verify-envoy-version.yml index dafa9db6f22a6..003888eddf6e1 100644 --- a/.github/workflows/verify-envoy-version.yml +++ b/.github/workflows/verify-envoy-version.yml @@ -13,7 +13,7 @@ on: branches: - main - release/** - + env: SKIP_VERIFY_ENVOY_VERSION: ${{ vars.SKIP_VERIFY_ENVOY_VERSION }} diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml deleted file mode 100644 index ec68f1133db8e..0000000000000 --- a/.pre-commit-config.yaml +++ /dev/null @@ -1,54 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: BUSL-1.1 - -# See https://pre-commit.com for more information -# See https://pre-commit.com/hooks.html for more hooks -# -# Opt-in to running pre-commit hooks by running `make tools`. -# -# Guidelines for adding new pre-commit hooks -# ==================================================================== -# A hook SHOULD be blazingly fast (<2s) to impose minimal latency on -# developer workflows (e.g. golangci-lint takes > 8s) -# -# A hook SHOULD attempt to fix errors, not just identify them. -# -# A hook SHOULD address common errors in files that tend to change -# frequently. While surfacing esoteric issues is nice, hooks that have a -# wider impact are preferred. -# -repos: -- repo: https://github.com/tekwizely/pre-commit-golang - rev: v1.0.0-rc.1 - hooks: - # Formats go imports into deterministic sections. - # `pre-commit run gci` to run in isolation. - - id: my-cmd - name: Format go imports - alias: gci - # skip all generated go files - exclude: | - (?x)( - ^proto-public/| - ^proto/| - ^agent/xds/z_xds_packages\.go$| - ^testing/deployer/topology/default_versions\.go$| - \.deepcopy\.go$| - \.gen\.go$| - \.pb\.go$| - \.pb\.binary\.go$| - generated_funcs\.go$| - _generated_test\.go$| - mock_.+\.go$ - ) - args: - - "gci" - - "write" - - "--section" - - "standard" - - "--section" - - "default" - - "--section" - - "prefix(github.com/hashicorp/)" - - "--section" - - "prefix(github.com/hashicorp/consul/)" diff --git a/CHANGELOG.md b/CHANGELOG.md index d745a425df9d0..8bbe1143e7f76 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -88,81 +88,6 @@ BUG FIXES: * telemetry: emit consul version metric on a regular interval. [[GH-6876](https://github.com/hashicorp/consul/issues/6876)] * tlsutil: Default setting of ServerName field in outgoing TLS configuration for checks now handled by crypto/tls. [[GH-17481](https://github.com/hashicorp/consul/issues/17481)] -## 1.16.3 (October 31, 2023) - -SECURITY: - -* Update `golang.org/x/net` to v0.17.0 to address [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) -/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`x/net/http2`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)] -* Upgrade Go to 1.20.10. -This resolves vulnerability [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) -/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`net/http`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)] -* Upgrade `google.golang.org/grpc` to 1.56.3. -This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-19414](https://github.com/hashicorp/consul/issues/19414)] -* connect: update supported envoy versions to 1.24.12, 1.25.11, 1.26.6 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-19273](https://github.com/hashicorp/consul/issues/19273)] - -BUG FIXES: - -* Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. [[GH-19268](https://github.com/hashicorp/consul/issues/19268)] -* api-gateway: fix matching for different hostnames on the same listener [[GH-19120](https://github.com/hashicorp/consul/issues/19120)] -* api: add custom marshal/unmarshal for ServiceResolverConfigEntry.RequestTimeout so config entries that set this field can be read using the API. [[GH-19031](https://github.com/hashicorp/consul/issues/19031)] -* ca: Fix bug with Vault CA provider where renewing a retracted token would cause retries in a tight loop, degrading performance. [[GH-19285](https://github.com/hashicorp/consul/issues/19285)] -* ca: Fix bug with Vault CA provider where token renewal goroutines could leak if CA failed to initialize. [[GH-19285](https://github.com/hashicorp/consul/issues/19285)] -* ca: ensure Vault CA provider respects Vault Enterprise namespace configuration. [[GH-19095](https://github.com/hashicorp/consul/issues/19095)] -* catalog api: fixes a bug with catalog api where filter query parameter was not working correctly for the `/v1/catalog/services` endpoint [[GH-18322](https://github.com/hashicorp/consul/issues/18322)] -* connect: Fix bug where uncleanly closed xDS connections would influence connection balancing for too long and prevent envoy instances from starting. Two new configuration fields -`performance.grpc_keepalive_timeout` and `performance.grpc_keepalive_interval` now exist to allow for configuration on how often these dead connections will be cleaned up. [[GH-19339](https://github.com/hashicorp/consul/issues/19339)] -* dns: **(Enterprise only)** Fix bug where sameness group queries did not correctly inherit the agent's partition. -* gateways: Fix a bug where a service in a peered datacenter could not access an external node service through a terminating gateway [[GH-18959](https://github.com/hashicorp/consul/issues/18959)] -* server: **(Enterprise Only)** Fixed an issue where snake case keys were rejected when configuring the control-plane-request-limit config entry - -## 1.15.7 (October 31, 2023) - -SECURITY: - -* Update `golang.org/x/net` to v0.17.0 to address [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) -/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`x/net/http2`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)] -* Upgrade Go to 1.20.10. -This resolves vulnerability [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) -/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`net/http`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)] -* Upgrade `google.golang.org/grpc` to 1.56.3. -This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-19414](https://github.com/hashicorp/consul/issues/19414)] -* connect: update supported envoy versions to 1.24.12, 1.25.11 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-19272](https://github.com/hashicorp/consul/issues/19272)] - -BUG FIXES: - -* Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. [[GH-19268](https://github.com/hashicorp/consul/issues/19268)] -* api: add custom marshal/unmarshal for ServiceResolverConfigEntry.RequestTimeout so config entries that set this field can be read using the API. [[GH-19031](https://github.com/hashicorp/consul/issues/19031)] -* ca: Fix bug with Vault CA provider where renewing a retracted token would cause retries in a tight loop, degrading performance. [[GH-19285](https://github.com/hashicorp/consul/issues/19285)] -* ca: Fix bug with Vault CA provider where token renewal goroutines could leak if CA failed to initialize. [[GH-19285](https://github.com/hashicorp/consul/issues/19285)] -* ca: ensure Vault CA provider respects Vault Enterprise namespace configuration. [[GH-19095](https://github.com/hashicorp/consul/issues/19095)] -* catalog api: fixes a bug with catalog api where filter query parameter was not working correctly for the `/v1/catalog/services` endpoint [[GH-18322](https://github.com/hashicorp/consul/issues/18322)] -* connect: Fix bug where uncleanly closed xDS connections would influence connection balancing for too long and prevent envoy instances from starting. Two new configuration fields -`performance.grpc_keepalive_timeout` and `performance.grpc_keepalive_interval` now exist to allow for configuration on how often these dead connections will be cleaned up. [[GH-19339](https://github.com/hashicorp/consul/issues/19339)] -* gateways: Fix a bug where a service in a peered datacenter could not access an external node service through a terminating gateway [[GH-18959](https://github.com/hashicorp/consul/issues/18959)] - -## 1.14.11 (October 31, 2023) - -SECURITY: - -* Update `golang.org/x/net` to v0.17.0 to address [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) -/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`x/net/http2`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)] -* Upgrade Go to 1.20.10. -This resolves vulnerability [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) -/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)(`net/http`). [[GH-19225](https://github.com/hashicorp/consul/issues/19225)] -* Upgrade `google.golang.org/grpc` to 1.56.3. -This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-19414](https://github.com/hashicorp/consul/issues/19414)] -* connect: update supported envoy versions to 1.24.12 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-19271](https://github.com/hashicorp/consul/issues/19271)] - -BUG FIXES: - -* Mesh Gateways: Fix a bug where replicated and peered mesh gateways with hostname-based WAN addresses fail to initialize. [[GH-19268](https://github.com/hashicorp/consul/issues/19268)] -* api: add custom marshal/unmarshal for ServiceResolverConfigEntry.RequestTimeout so config entries that set this field can be read using the API. [[GH-19031](https://github.com/hashicorp/consul/issues/19031)] -* ca: ensure Vault CA provider respects Vault Enterprise namespace configuration. [[GH-19095](https://github.com/hashicorp/consul/issues/19095)] -* catalog api: fixes a bug with catalog api where filter query parameter was not working correctly for the `/v1/catalog/services` endpoint [[GH-18322](https://github.com/hashicorp/consul/issues/18322)] -* connect: Fix bug where uncleanly closed xDS connections would influence connection balancing for too long and prevent envoy instances from starting. Two new configuration fields -`performance.grpc_keepalive_timeout` and `performance.grpc_keepalive_interval` now exist to allow for configuration on how often these dead connections will be cleaned up. [[GH-19339](https://github.com/hashicorp/consul/issues/19339)] - ## 1.17.0-rc1 (October 11, 2023) BREAKING CHANGES: diff --git a/LICENSE b/LICENSE index ec2bf6861c1e0..032314fc058ea 100644 --- a/LICENSE +++ b/LICENSE @@ -6,40 +6,10 @@ Parameters Licensor: HashiCorp, Inc. Licensed Work: Consul Version 1.17.0 or later. The Licensed Work is (c) 2023 HashiCorp, Inc. -Additional Use Grant: You may make production use of the Licensed Work, provided - Your use does not include offering the Licensed Work to third - parties on a hosted or embedded basis in order to compete with - HashiCorp's paid version(s) of the Licensed Work. For purposes - of this license: - - A "competitive offering" is a Product that is offered to third - parties on a paid basis, including through paid support - arrangements, that significantly overlaps with the capabilities - of HashiCorp's paid version(s) of the Licensed Work. If Your - Product is not a competitive offering when You first make it - generally available, it will not become a competitive offering - later due to HashiCorp releasing a new version of the Licensed - Work with additional capabilities. In addition, Products that - are not provided on a paid basis are not competitive. - - "Product" means software that is offered to end users to manage - in their own environments or offered as a service on a hosted - basis. - - "Embedded" means including the source code or executable code - from the Licensed Work in a competitive offering. "Embedded" - also means packaging the competitive offering in such a way - that the Licensed Work must be accessed or downloaded for the - competitive offering to operate. - - Hosting or using the Licensed Work(s) for internal purposes - within an organization is not considered a competitive - offering. HashiCorp considers your organization to include all - of your affiliates under common control. - - For binding interpretive guidance on using HashiCorp products - under the Business Source License, please visit our FAQ. - (https://www.hashicorp.com/license-faq) +Additional Use Grant: You may make production use of the Licensed Work, + provided such use does not include offering the Licensed Work + to third parties on a hosted or embedded basis which is + competitive with HashiCorp's products. Change Date: Four years from the date the Licensed Work is published. Change License: MPL 2.0 @@ -86,7 +56,7 @@ Licensor or its affiliates (provided that you may use a trademark or logo of Licensor as expressly required by this License). TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON -AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, +AN “AS IS” BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS, EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND -TITLE. +TITLE. \ No newline at end of file diff --git a/Makefile b/Makefile index 6f0cc6249cd8b..d98335a7b9931 100644 --- a/Makefile +++ b/Makefile @@ -14,15 +14,13 @@ GOLANGCI_LINT_VERSION='v1.51.1' MOCKERY_VERSION='v2.20.0' BUF_VERSION='v1.26.0' -PROTOC_GEN_GO_GRPC_VERSION='v1.2.0' +PROTOC_GEN_GO_GRPC_VERSION="v1.2.0" MOG_VERSION='v0.4.1' PROTOC_GO_INJECT_TAG_VERSION='v1.3.0' -PROTOC_GEN_GO_BINARY_VERSION='v0.1.0' +PROTOC_GEN_GO_BINARY_VERSION="v0.1.0" DEEP_COPY_VERSION='bc3f5aa5735d8a54961580a3a24422c308c831c2' COPYWRITE_TOOL_VERSION='v0.16.4' -LINT_CONSUL_RETRY_VERSION='v1.4.0' -# Go imports formatter -GCI_VERSION='v0.11.2' +LINT_CONSUL_RETRY_VERSION='v1.3.0' MOCKED_PB_DIRS= pbdns @@ -258,15 +256,6 @@ lint/%: @echo "--> Running enumcover ($*)" @cd $* && GOWORK=off enumcover ./... -.PHONY: lint-consul-retry -lint-consul-retry: $(foreach mod,$(GO_MODULES),lint-consul-retry/$(mod)) - -.PHONY: lint-consul-retry/% -lint-consul-retry/%: lint-tools - @echo "--> Running lint-consul-retry ($*)" - @cd $* && GOWORK=off lint-consul-retry - - # check that the test-container module only imports allowlisted packages # from the root consul module. Generally we don't want to allow these imports. # In a few specific instances though it is okay to import test definitions and diff --git a/README.md b/README.md index c23053f0e1f7d..870e00f76c761 100644 --- a/README.md +++ b/README.md @@ -23,9 +23,6 @@ Consul provides several key features: can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections with Transparent Proxy. -* **API Gateway** - Consul API Gateway manages access to services within Consul Service Mesh, - allow users to define traffic and authorization policies to services deployed within the mesh. - * **Service Discovery** - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well. diff --git a/acl/validation.go b/acl/validation.go index 652a76e87930c..c0017effa15d7 100644 --- a/acl/validation.go +++ b/acl/validation.go @@ -68,10 +68,6 @@ func IsValidRoleName(name string) bool { return validRoleName.MatchString(name) } -func IsValidPolicyName(name string) bool { - return ValidatePolicyName(name) == nil -} - // IsValidRoleName returns true if the provided name can be used as an // ACLAuthMethod Name. func IsValidAuthMethodName(name string) bool { diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index 51308a7945fac..ab9a44ff98774 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -1877,7 +1877,7 @@ func TestAgent_ReloadDoesNotTriggerWatch(t *testing.T) { require.NoError(t, a.updateTTLCheck(checkID, api.HealthPassing, "testing-agent-reload-001")) checkStr := func(r *retry.R, evaluator func(string) error) { - r.Helper() + t.Helper() contentsStr := "" // Wait for watch to be populated for i := 1; i < 7; i++ { @@ -1890,14 +1890,14 @@ func TestAgent_ReloadDoesNotTriggerWatch(t *testing.T) { break } time.Sleep(time.Duration(i) * time.Second) - testutil.Logger(r).Info("Watch not yet populated, retrying") + testutil.Logger(t).Info("Watch not yet populated, retrying") } if err := evaluator(contentsStr); err != nil { r.Errorf("ERROR: Test failing: %s", err) } } ensureNothingCritical := func(r *retry.R, mustContain string) { - r.Helper() + t.Helper() eval := func(contentsStr string) error { if strings.Contains(contentsStr, "critical") { return fmt.Errorf("MUST NOT contain critical:= %s", contentsStr) @@ -1915,7 +1915,7 @@ func TestAgent_ReloadDoesNotTriggerWatch(t *testing.T) { } retry.RunWith(retriesWithDelay(), t, func(r *retry.R) { - testutil.Logger(r).Info("Consul is now ready") + testutil.Logger(t).Info("Consul is now ready") // it should contain the output checkStr(r, func(contentStr string) error { if contentStr == "[]" { @@ -4340,7 +4340,7 @@ func testDefaultSidecar(svc string, port int, fns ...func(*structs.NodeService)) } // testCreateToken creates a Policy for the provided rules and a Token linked to that Policy. -func testCreateToken(t testutil.TestingTB, a *TestAgent, rules string) string { +func testCreateToken(t *testing.T, a *TestAgent, rules string) string { policyName, err := uuid.GenerateUUID() // we just need a unique name for the test and UUIDs are definitely unique require.NoError(t, err) @@ -4369,7 +4369,7 @@ func testCreateToken(t testutil.TestingTB, a *TestAgent, rules string) string { return aclResp.SecretID } -func testCreatePolicy(t testutil.TestingTB, a *TestAgent, name, rules string) string { +func testCreatePolicy(t *testing.T, a *TestAgent, name, rules string) string { args := map[string]interface{}{ "Name": name, "Rules": rules, diff --git a/agent/agent_test.go b/agent/agent_test.go index 282e397c4b9bb..0b17190dd611e 100644 --- a/agent/agent_test.go +++ b/agent/agent_test.go @@ -90,7 +90,7 @@ func requireServiceMissing(t *testing.T, a *TestAgent, id string) { require.Nil(t, getService(a, id), "have service %q (expected missing)", id) } -func requireCheckExists(t testutil.TestingTB, a *TestAgent, id types.CheckID) *structs.HealthCheck { +func requireCheckExists(t *testing.T, a *TestAgent, id types.CheckID) *structs.HealthCheck { t.Helper() chk := getCheck(a, id) require.NotNil(t, chk, "missing check %q", id) @@ -853,7 +853,7 @@ func TestAgent_CheckAliasRPC(t *testing.T) { assert.NoError(t, err) retry.Run(t, func(r *retry.R) { - r.Helper() + t.Helper() var args structs.NodeSpecificRequest args.Datacenter = "dc1" args.Node = "node1" @@ -1888,7 +1888,7 @@ func TestAgent_RestoreServiceWithAliasCheck(t *testing.T) { // We do this so that the agent logs and the informational messages from // the test itself are interwoven properly. - logf := func(a *TestAgent, format string, args ...interface{}) { + logf := func(t *testing.T, a *TestAgent, format string, args ...interface{}) { a.logger.Info("testharness: " + fmt.Sprintf(format, args...)) } @@ -1947,12 +1947,12 @@ func TestAgent_RestoreServiceWithAliasCheck(t *testing.T) { retryUntilCheckState := func(t *testing.T, a *TestAgent, checkID string, expectedStatus string) { t.Helper() retry.Run(t, func(r *retry.R) { - chk := requireCheckExists(r, a, types.CheckID(checkID)) + chk := requireCheckExists(t, a, types.CheckID(checkID)) if chk.Status != expectedStatus { - logf(a, "check=%q expected status %q but got %q", checkID, expectedStatus, chk.Status) + logf(t, a, "check=%q expected status %q but got %q", checkID, expectedStatus, chk.Status) r.Fatalf("check=%q expected status %q but got %q", checkID, expectedStatus, chk.Status) } - logf(a, "check %q has reached desired status %q", checkID, expectedStatus) + logf(t, a, "check %q has reached desired status %q", checkID, expectedStatus) }) } @@ -1963,7 +1963,7 @@ func TestAgent_RestoreServiceWithAliasCheck(t *testing.T) { retryUntilCheckState(t, a, "service:ping", api.HealthPassing) retryUntilCheckState(t, a, "service:ping-sidecar-proxy", api.HealthPassing) - logf(a, "==== POWERING DOWN ORIGINAL ====") + logf(t, a, "==== POWERING DOWN ORIGINAL ====") require.NoError(t, a.Shutdown()) @@ -1985,7 +1985,7 @@ node_name = "` + a.Config.NodeName + `" // reregister during standup; we use an adjustable timing to try and force a race sleepDur := time.Duration(idx+1) * 500 * time.Millisecond time.Sleep(sleepDur) - logf(a2, "re-registering checks and services after a delay of %v", sleepDur) + logf(t, a2, "re-registering checks and services after a delay of %v", sleepDur) for i := 0; i < 20; i++ { // RACE RACE RACE! registerServicesAndChecks(t, a2) time.Sleep(50 * time.Millisecond) @@ -1995,7 +1995,7 @@ node_name = "` + a.Config.NodeName + `" retryUntilCheckState(t, a2, "service:ping", api.HealthPassing) - logf(a2, "giving the alias check a chance to notice...") + logf(t, a2, "giving the alias check a chance to notice...") time.Sleep(5 * time.Second) retryUntilCheckState(t, a2, "service:ping-sidecar-proxy", api.HealthPassing) diff --git a/agent/catalog_endpoint_test.go b/agent/catalog_endpoint_test.go index 10b1c8b887b5e..19d520220427c 100644 --- a/agent/catalog_endpoint_test.go +++ b/agent/catalog_endpoint_test.go @@ -1167,7 +1167,7 @@ func TestCatalogServiceNodes_DistanceSort(t *testing.T) { r.Fatalf("err: %v", err) } - assertIndex(r, resp) + assertIndex(t, resp) nodes = obj.(structs.ServiceNodes) if len(nodes) != 2 { r.Fatalf("bad: %v", obj) diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index 8890fa443df1e..7158b014d15d1 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -69,9 +69,6 @@ var defaultGrpcTlsAddr = net.TCPAddrFromAddrPort(netip.MustParseAddrPort("127.0. // checks for warnings on deprecated fields and flags. These tests // should check one option at a time if possible func TestLoad_IntegrationWithFlags(t *testing.T) { - if testing.Short() { - t.Skip("too slow for testing.Short") - } dataDir := testutil.TempDir(t, "config") run := func(t *testing.T, tc testCase) { diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go index 5b74946cada9c..edd094f5502a7 100644 --- a/agent/connect/ca/provider_vault_test.go +++ b/agent/connect/ca/provider_vault_test.go @@ -295,7 +295,7 @@ func TestVaultCAProvider_ConfigureFailureGoroutineLeakCheck(t *testing.T) { profile := pprof.Lookup("goroutine") sb := strings.Builder{} require.NoError(r, profile.WriteTo(&sb, 2)) - r.Log(sb.String()) + t.Log(sb.String()) require.Contains(r, sb.String(), "created by github.com/hashicorp/consul/agent/connect/ca.(*VaultProvider).Configure", "expected renewal goroutine, got none") @@ -628,9 +628,6 @@ func TestVaultCAProvider_SignLeaf(t *testing.T) { } func TestVaultCAProvider_CrossSignCA(t *testing.T) { - if testing.Short() { - t.Skip("too slow for testing.Short") - } SkipIfVaultNotPresent(t) t.Parallel() diff --git a/agent/connect/ca/testing.go b/agent/connect/ca/testing.go index 8fcf8a3c65331..7386deea94944 100644 --- a/agent/connect/ca/testing.go +++ b/agent/connect/ca/testing.go @@ -126,7 +126,7 @@ func SkipIfVaultNotPresent(t testing.T, reqs ...vaultRequirements) { } } -func NewTestVaultServer(t retry.TestingTB) *TestVaultServer { +func NewTestVaultServer(t testing.T) *TestVaultServer { vaultBinaryName := os.Getenv("VAULT_BINARY_NAME") if vaultBinaryName == "" { vaultBinaryName = "vault" @@ -204,7 +204,7 @@ func (v *TestVaultServer) Client() *vaultapi.Client { return v.client } -func (v *TestVaultServer) WaitUntilReady(t retry.TestingTB) { +func (v *TestVaultServer) WaitUntilReady(t testing.T) { var version string retry.Run(t, func(r *retry.R) { resp, err := v.client.Sys().Health() diff --git a/agent/connect/testing_spiffe.go b/agent/connect/testing_spiffe.go index e50b2b3b90cd8..fdbff5eda67d7 100644 --- a/agent/connect/testing_spiffe.go +++ b/agent/connect/testing_spiffe.go @@ -3,22 +3,24 @@ package connect -import "github.com/hashicorp/consul/sdk/testutil" +import ( + "github.com/mitchellh/go-testing-interface" +) // TestSpiffeIDService returns a SPIFFE ID representing a service. -func TestSpiffeIDService(t testutil.TestingTB, service string) *SpiffeIDService { +func TestSpiffeIDService(t testing.T, service string) *SpiffeIDService { return TestSpiffeIDServiceWithHost(t, service, TestClusterID+".consul") } // TestSpiffeIDServiceWithHost returns a SPIFFE ID representing a service with // the specified trust domain. -func TestSpiffeIDServiceWithHost(t testutil.TestingTB, service, host string) *SpiffeIDService { +func TestSpiffeIDServiceWithHost(t testing.T, service, host string) *SpiffeIDService { return TestSpiffeIDServiceWithHostDC(t, service, host, "dc1") } // TestSpiffeIDServiceWithHostDC returns a SPIFFE ID representing a service with // the specified trust domain for the given datacenter. -func TestSpiffeIDServiceWithHostDC(t testutil.TestingTB, service, host, datacenter string) *SpiffeIDService { +func TestSpiffeIDServiceWithHostDC(t testing.T, service, host, datacenter string) *SpiffeIDService { return &SpiffeIDService{ Host: host, Namespace: "default", diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go index 7033e90881ee9..39840942d1851 100644 --- a/agent/consul/acl_endpoint_test.go +++ b/agent/consul/acl_endpoint_test.go @@ -3663,37 +3663,6 @@ func TestACLEndpoint_BindingRuleSet(t *testing.T) { require.Equal(t, "test-node", rule.BindName) }) - t.Run("Bind Policy", func(t *testing.T) { - req := structs.ACLBindingRuleSetRequest{ - Datacenter: "dc1", - BindingRule: structs.ACLBindingRule{ - Description: "foobar policy", - AuthMethod: testAuthMethod.Name, - Selector: "serviceaccount.name==abc", - BindType: structs.BindingRuleBindTypePolicy, - BindName: "test-policy", - }, - WriteRequest: structs.WriteRequest{Token: TestDefaultInitialManagementToken}, - } - var resp structs.ACLBindingRule - - err := aclEp.BindingRuleSet(&req, &resp) - require.NoError(t, err) - require.NotNil(t, resp.ID) - - // Get the rule directly to validate that it exists - ruleResp, err := retrieveTestBindingRule(codec, TestDefaultInitialManagementToken, "dc1", resp.ID) - require.NoError(t, err) - rule := ruleResp.BindingRule - - require.NotEmpty(t, rule.ID) - require.Equal(t, rule.Description, "foobar policy") - require.Equal(t, rule.AuthMethod, testAuthMethod.Name) - require.Equal(t, "serviceaccount.name==abc", rule.Selector) - require.Equal(t, structs.BindingRuleBindTypePolicy, rule.BindType) - require.Equal(t, "test-policy", rule.BindName) - }) - t.Run("templated policy", func(t *testing.T) { req := structs.ACLBindingRuleSetRequest{ Datacenter: "dc1", @@ -3872,7 +3841,7 @@ func TestACLEndpoint_BindingRuleSet(t *testing.T) { t.Run("Create fails; invalid bind type", func(t *testing.T) { reqRule := newRule() reqRule.BindType = "invalid" - requireSetErrors(t, reqRule, "invalid Binding Rule: unknown BindType") + requireSetErrors(t, reqRule, "Invalid Binding Rule: unknown BindType") }) t.Run("Create fails; bind name with unknown vars", func(t *testing.T) { @@ -4571,11 +4540,6 @@ func TestACLEndpoint_Login(t *testing.T) { "fake-node", "default", "mynode", "jkl101", ) - testauth.InstallSessionToken( - testSessionID, - "fake-policy", // 1 rule (policy) - "default", "mypolicy", "jkl012", - ) method, err := upsertTestAuthMethod(codec, TestDefaultInitialManagementToken, "dc1", testSessionID) require.NoError(t, err) @@ -4623,15 +4587,6 @@ func TestACLEndpoint_Login(t *testing.T) { ) require.NoError(t, err) - // policy rule - _, err = upsertTestBindingRule( - codec, TestDefaultInitialManagementToken, "dc1", method.Name, - "serviceaccount.namespace==default and serviceaccount.name==mypolicy", - structs.BindingRuleBindTypePolicy, - "method-${serviceaccount.name}", - ) - require.NoError(t, err) - t.Run("do not provide a token", func(t *testing.T) { req := structs.ACLLoginRequest{ Auth: &structs.ACLLoginParams{ diff --git a/agent/consul/auth/binder.go b/agent/consul/auth/binder.go index ba66bc916bdbe..1964cc5a877ea 100644 --- a/agent/consul/auth/binder.go +++ b/agent/consul/auth/binder.go @@ -36,16 +36,14 @@ func NewBinder(store BinderStateStore, datacenter string) *Binder { type BinderStateStore interface { ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLBindingRules, error) ACLRoleGetByName(ws memdb.WatchSet, roleName string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error) - ACLPolicyGetByName(ws memdb.WatchSet, policyName string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) } -// Bindings contains the ACL roles, service identities, node identities, policies, +// Bindings contains the ACL roles, service identities, node identities, // templated policies, and enterprise meta to be assigned to the created token. type Bindings struct { Roles []structs.ACLTokenRoleLink ServiceIdentities []*structs.ACLServiceIdentity NodeIdentities []*structs.ACLNodeIdentity - Policies []structs.ACLTokenPolicyLink TemplatedPolicies structs.ACLTemplatedPolicies EnterpriseMeta acl.EnterpriseMeta } @@ -60,8 +58,7 @@ func (b *Bindings) None() bool { return len(b.ServiceIdentities) == 0 && len(b.NodeIdentities) == 0 && len(b.TemplatedPolicies) == 0 && - len(b.Roles) == 0 && - len(b.Policies) == 0 + len(b.Roles) == 0 } // Bind collects the ACL roles, service identities, etc. to be assigned to the @@ -122,24 +119,6 @@ func (b *Binder) Bind(authMethod *structs.ACLAuthMethod, verifiedIdentity *authm } bindings.TemplatedPolicies = append(bindings.TemplatedPolicies, templatedPolicy) - case structs.BindingRuleBindTypePolicy: - bindName, err := computeBindName(rule.BindName, verifiedIdentity.ProjectedVars, acl.IsValidRoleName) - if err != nil { - return nil, err - } - - _, policy, err := b.store.ACLPolicyGetByName(nil, bindName, &bindings.EnterpriseMeta) - if err != nil { - return nil, err - } - - if policy != nil { - bindings.Policies = append(bindings.Policies, structs.ACLTokenPolicyLink{ - ID: policy.ID, - Name: policy.Name, - }) - } - case structs.BindingRuleBindTypeRole: bindName, err := computeBindName(rule.BindName, verifiedIdentity.ProjectedVars, acl.IsValidRoleName) if err != nil { @@ -198,13 +177,8 @@ func IsValidBindingRule(bindType, bindName string, bindVars *structs.ACLTemplate if _, err := computeBindName(bindName, fakeVarMap, acl.IsValidRoleName); err != nil { return fmt.Errorf("failed to validate bindType %q: %w", bindType, err) } - - case structs.BindingRuleBindTypePolicy: - if _, err := computeBindName(bindName, fakeVarMap, acl.IsValidPolicyName); err != nil { - return fmt.Errorf("failed to validate bindType %q: %w", bindType, err) - } default: - return fmt.Errorf("invalid Binding Rule: unknown BindType %q", bindType) + return fmt.Errorf("Invalid Binding Rule: unknown BindType %q", bindType) } return nil diff --git a/agent/consul/auth/binder_test.go b/agent/consul/auth/binder_test.go index 3220ff2b303c1..41e0d14ddc35f 100644 --- a/agent/consul/auth/binder_test.go +++ b/agent/consul/auth/binder_test.go @@ -15,7 +15,6 @@ import ( "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/api" ) func TestBindings_None(t *testing.T) { @@ -28,79 +27,11 @@ func TestBindings_None(t *testing.T) { b = &Bindings{Roles: []structs.ACLTokenRoleLink{{ID: generateID(t)}}} require.False(t, b.None()) - b = &Bindings{Policies: []structs.ACLTokenPolicyLink{{ID: generateID(t)}}} - require.False(t, b.None()) - b = &Bindings{ServiceIdentities: []*structs.ACLServiceIdentity{{ServiceName: "web"}}} require.False(t, b.None()) b = &Bindings{NodeIdentities: []*structs.ACLNodeIdentity{{NodeName: "node-123"}}} require.False(t, b.None()) - - b = &Bindings{TemplatedPolicies: []*structs.ACLTemplatedPolicy{{TemplateName: api.ACLTemplatedPolicyDNSName}}} - require.False(t, b.None()) -} - -func TestBinder_Policy_Success(t *testing.T) { - store := testStateStore(t) - binder := &Binder{store: store} - - authMethod := &structs.ACLAuthMethod{ - Name: "test-auth-method", - Type: "testing", - } - require.NoError(t, store.ACLAuthMethodSet(0, authMethod)) - - targetPolicy := &structs.ACLPolicy{ - ID: generateID(t), - Name: "foo-policy", - } - require.NoError(t, store.ACLPolicySet(0, targetPolicy)) - - otherPolicy := &structs.ACLPolicy{ - ID: generateID(t), - Name: "not-my-policy", - } - require.NoError(t, store.ACLPolicySet(0, otherPolicy)) - - bindingRules := structs.ACLBindingRules{ - { - ID: generateID(t), - Selector: "role==engineer", - BindType: structs.BindingRuleBindTypePolicy, - BindName: "${editor}-policy", - AuthMethod: authMethod.Name, - }, - { - ID: generateID(t), - Selector: "role==engineer", - BindType: structs.BindingRuleBindTypePolicy, - BindName: "this-policy-does-not-exist", - AuthMethod: authMethod.Name, - }, - { - ID: generateID(t), - Selector: "language==js", - BindType: structs.BindingRuleBindTypePolicy, - BindName: otherPolicy.Name, - AuthMethod: authMethod.Name, - }, - } - require.NoError(t, store.ACLBindingRuleBatchSet(0, bindingRules)) - - result, err := binder.Bind(&structs.ACLAuthMethod{}, &authmethod.Identity{ - SelectableFields: map[string]string{ - "role": "engineer", - "language": "go", - }, - ProjectedVars: map[string]string{ - "editor": "foo", - }, - }) - require.NoError(t, err) - require.Equal(t, []structs.ACLTokenPolicyLink{ - {ID: targetPolicy.ID, Name: targetPolicy.Name}, - }, result.Policies) } func TestBinder_Roles_Success(t *testing.T) { @@ -191,32 +122,6 @@ func TestBinder_Roles_NameValidation(t *testing.T) { require.Contains(t, err.Error(), "invalid bind name") } -func TestBinder_Policy_NameValidation(t *testing.T) { - store := testStateStore(t) - binder := &Binder{store: store} - - authMethod := &structs.ACLAuthMethod{ - Name: "test-auth-method", - Type: "testing", - } - require.NoError(t, store.ACLAuthMethodSet(0, authMethod)) - - bindingRules := structs.ACLBindingRules{ - { - ID: generateID(t), - Selector: "", - BindType: structs.BindingRuleBindTypePolicy, - BindName: "INVALID!", - AuthMethod: authMethod.Name, - }, - } - require.NoError(t, store.ACLBindingRuleBatchSet(0, bindingRules)) - - _, err := binder.Bind(&structs.ACLAuthMethod{}, &authmethod.Identity{}) - require.Error(t, err) - require.Contains(t, err.Error(), "invalid bind name") -} - func TestBinder_ServiceIdentities_Success(t *testing.T) { store := testStateStore(t) binder := &Binder{store: store} @@ -370,60 +275,54 @@ func Test_IsValidBindingRule(t *testing.T) { "invalid", "blah", nil, "", true}, // valid HIL, invalid name {"empty", - "all", "", nil, "", true}, + "both", "", nil, "", true}, {"just end", - "all", "}", nil, "", true}, + "both", "}", nil, "", true}, {"var without start", - "all", " item }", nil, "item", true}, + "both", " item }", nil, "item", true}, {"two vars missing second start", - "all", "before-${ item }after--more }", nil, "item,more", true}, + "both", "before-${ item }after--more }", nil, "item,more", true}, // names for the two types are validated differently {"@ is disallowed", - "all", "bad@name", nil, "", true}, + "both", "bad@name", nil, "", true}, {"leading dash", "role", "-name", nil, "", false}, - {"leading dash", - "policy", "-name", nil, "", false}, {"leading dash", "service", "-name", nil, "", true}, {"trailing dash", "role", "name-", nil, "", false}, - {"trailing dash", - "policy", "name-", nil, "", false}, {"trailing dash", "service", "name-", nil, "", true}, {"inner dash", - "all", "name-end", nil, "", false}, + "both", "name-end", nil, "", false}, {"upper case", "role", "NAME", nil, "", false}, - {"upper case", - "policy", "NAME", nil, "", false}, {"upper case", "service", "NAME", nil, "", true}, // valid HIL, valid name {"no vars", - "all", "nothing", nil, "", false}, + "both", "nothing", nil, "", false}, {"just var", - "all", "${item}", nil, "item", false}, + "both", "${item}", nil, "item", false}, {"var in middle", - "all", "before-${item}after", nil, "item", false}, + "both", "before-${item}after", nil, "item", false}, {"two vars", - "all", "before-${item}after-${more}", nil, "item,more", false}, + "both", "before-${item}after-${more}", nil, "item,more", false}, // bad {"no bind name", - "all", "", nil, "", true}, + "both", "", nil, "", true}, {"just start", - "all", "${", nil, "", true}, + "both", "${", nil, "", true}, {"backwards", - "all", "}${", nil, "", true}, + "both", "}${", nil, "", true}, {"no varname", - "all", "${}", nil, "", true}, + "both", "${}", nil, "", true}, {"missing map key", - "all", "${item}", nil, "", true}, + "both", "${item}", nil, "", true}, {"var without end", - "all", "${ item ", nil, "item", true}, + "both", "${ item ", nil, "item", true}, {"two vars missing first end", - "all", "before-${ item after-${ more }", nil, "item,more", true}, + "both", "before-${ item after-${ more }", nil, "item,more", true}, // bind type: templated policy - bad input {"templated-policy missing bindvars", "templated-policy", "builtin/service", nil, "", true}, @@ -439,16 +338,12 @@ func Test_IsValidBindingRule(t *testing.T) { "templated-policy", "builtin/service", &structs.ACLTemplatedPolicyVariables{Name: "before-${item}after-${more}"}, "item,more", false}, } { var cases []testcase - if test.bindType == "all" { + if test.bindType == "both" { test1 := test test1.bindType = "role" test2 := test test2.bindType = "service" - test3 := test - test3.bindType = "policy" - test4 := test - test4.bindType = "node" - cases = []testcase{test1, test2, test3, test4} + cases = []testcase{test1, test2} } else { cases = []testcase{test} } diff --git a/agent/consul/auth/login.go b/agent/consul/auth/login.go index 0b9b5eeac77ae..a084f33bf19bf 100644 --- a/agent/consul/auth/login.go +++ b/agent/consul/auth/login.go @@ -48,7 +48,6 @@ func (l *Login) TokenForVerifiedIdentity(identity *authmethod.Identity, authMeth NodeIdentities: bindings.NodeIdentities, TemplatedPolicies: bindings.TemplatedPolicies, Roles: bindings.Roles, - Policies: bindings.Policies, EnterpriseMeta: bindings.EnterpriseMeta, } token.ACLAuthMethodEnterpriseMeta.FillWithEnterpriseMeta(&authMethod.EnterpriseMeta) diff --git a/agent/consul/client_test.go b/agent/consul/client_test.go index a3967e8c63cd1..1d6fa28b526c0 100644 --- a/agent/consul/client_test.go +++ b/agent/consul/client_test.go @@ -509,7 +509,7 @@ func newClient(t *testing.T, config *Config) *Client { return client } -func newTestResolverConfig(t testutil.TestingTB, suffix string, dc, agentType string) resolver.Config { +func newTestResolverConfig(t *testing.T, suffix string, dc, agentType string) resolver.Config { n := t.Name() s := strings.Replace(n, "/", "", -1) s = strings.Replace(s, "_", "", -1) @@ -520,7 +520,7 @@ func newTestResolverConfig(t testutil.TestingTB, suffix string, dc, agentType st } } -func newDefaultDeps(t testutil.TestingTB, c *Config) Deps { +func newDefaultDeps(t *testing.T, c *Config) Deps { t.Helper() logger := hclog.NewInterceptLogger(&hclog.LoggerOptions{ diff --git a/agent/consul/discoverychain/compile_test.go b/agent/consul/discoverychain/compile_test.go index 8c9c9dfec7f8e..29c1d7005ef88 100644 --- a/agent/consul/discoverychain/compile_test.go +++ b/agent/consul/discoverychain/compile_test.go @@ -1772,6 +1772,9 @@ func testcase_DefaultResolver_WithProxyDefaults() compileTestCase { Kind: structs.ProxyDefaults, Name: structs.ProxyConfigGlobal, Protocol: "grpc", + Config: map[string]interface{}{ + "protocol": "grpc", + }, MeshGateway: structs.MeshGatewayConfig{ Mode: structs.MeshGatewayModeRemote, }, diff --git a/agent/consul/discoverychain/gateway.go b/agent/consul/discoverychain/gateway.go index c60c77b028fbf..3435233aafed1 100644 --- a/agent/consul/discoverychain/gateway.go +++ b/agent/consul/discoverychain/gateway.go @@ -257,7 +257,7 @@ func targetForResolverNode(nodeName string, chains []*structs.CompiledDiscoveryC splitterName := splitterPrefix + strings.TrimPrefix(nodeName, resolverPrefix) for _, c := range chains { - targetChainPrefix := resolverPrefix + c.ServiceName + "." + targetChainPrefix := resolverPrefix + c.ID() if strings.HasPrefix(nodeName, targetChainPrefix) && len(c.Nodes) == 1 { // we have a virtual resolver that just maps to another resolver, return // the given node name diff --git a/agent/consul/discoverychain/gateway_test.go b/agent/consul/discoverychain/gateway_test.go index 85ad3ddfee7c2..91931337c42e2 100644 --- a/agent/consul/discoverychain/gateway_test.go +++ b/agent/consul/discoverychain/gateway_test.go @@ -712,6 +712,7 @@ func TestGatewayChainSynthesizer_Synthesize(t *testing.T) { chain: &structs.CompiledDiscoveryChain{ ServiceName: "foo", Namespace: "default", + Partition: "default", Datacenter: "dc1", StartNode: "resolver:foo-2.default.default.dc2", Nodes: map[string]*structs.DiscoveryGraphNode{ diff --git a/agent/consul/enterprise_server_ce_test.go b/agent/consul/enterprise_server_ce_test.go index c039997a03f51..1a3622d5d743c 100644 --- a/agent/consul/enterprise_server_ce_test.go +++ b/agent/consul/enterprise_server_ce_test.go @@ -6,11 +6,12 @@ package consul import ( - "github.com/hashicorp/consul/sdk/testutil" + "testing" + hclog "github.com/hashicorp/go-hclog" ) -func newDefaultDepsEnterprise(t testutil.TestingTB, _ hclog.Logger, _ *Config) EnterpriseDeps { +func newDefaultDepsEnterprise(t *testing.T, _ hclog.Logger, _ *Config) EnterpriseDeps { t.Helper() return EnterpriseDeps{} } diff --git a/agent/consul/fsm/commands_ce.go b/agent/consul/fsm/commands_ce.go index 77bc94de1a9ae..c5e7fd968238b 100644 --- a/agent/consul/fsm/commands_ce.go +++ b/agent/consul/fsm/commands_ce.go @@ -4,7 +4,6 @@ package fsm import ( - "errors" "fmt" "time" @@ -153,11 +152,7 @@ func init() { func (c *FSM) applyRegister(buf []byte, index uint64) interface{} { defer metrics.MeasureSince([]string{"fsm", "register"}, time.Now()) var req structs.RegisterRequest - if err := decodeRegistrationReq(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted register request") - return nil - } + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } @@ -172,11 +167,7 @@ func (c *FSM) applyRegister(buf []byte, index uint64) interface{} { func (c *FSM) applyDeregister(buf []byte, index uint64) interface{} { defer metrics.MeasureSince([]string{"fsm", "deregister"}, time.Now()) var req structs.DeregisterRequest - if err := decodeDeregistrationReq(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted deregister request") - return nil - } + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } @@ -204,11 +195,7 @@ func (c *FSM) applyDeregister(buf []byte, index uint64) interface{} { func (c *FSM) applyKVSOperation(buf []byte, index uint64) interface{} { var req structs.KVSRequest - if err := decodeKVSRequest(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted KV request") - return nil - } + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } defer metrics.MeasureSinceWithLabels([]string{"fsm", "kvs"}, time.Now(), @@ -253,11 +240,7 @@ func (c *FSM) applyKVSOperation(buf []byte, index uint64) interface{} { func (c *FSM) applySessionOperation(buf []byte, index uint64) interface{} { var req structs.SessionRequest - if err := decodeSessionRequest(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted session request") - return nil - } + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } defer metrics.MeasureSinceWithLabels([]string{"fsm", "session"}, time.Now(), @@ -316,11 +299,7 @@ func (c *FSM) applyCoordinateBatchUpdate(buf []byte, index uint64) interface{} { // state store. func (c *FSM) applyPreparedQueryOperation(buf []byte, index uint64) interface{} { var req structs.PreparedQueryRequest - if err := decodePreparedQueryRequest(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted prepared query request") - return nil - } + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } @@ -339,7 +318,7 @@ func (c *FSM) applyPreparedQueryOperation(buf []byte, index uint64) interface{} func (c *FSM) applyTxn(buf []byte, index uint64) interface{} { var req structs.TxnRequest - if err := decodeTxnRequest(buf, &req); err != nil { + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } defer metrics.MeasureSince([]string{"fsm", "txn"}, time.Now()) @@ -506,7 +485,7 @@ func (c *FSM) applyConnectCALeafOperation(buf []byte, index uint64) interface{} func (c *FSM) applyACLTokenSetOperation(buf []byte, index uint64) interface{} { var req structs.ACLTokenBatchSetRequest - if err := decodeACLTokenBatchSetRequest(buf, &req); err != nil { + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(), @@ -544,7 +523,7 @@ func (c *FSM) applyACLTokenBootstrap(buf []byte, index uint64) interface{} { func (c *FSM) applyACLPolicySetOperation(buf []byte, index uint64) interface{} { var req structs.ACLPolicyBatchSetRequest - if err := decodeACLPolicyBatchSetRequest(buf, &req); err != nil { + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "policy"}, time.Now(), @@ -565,12 +544,10 @@ func (c *FSM) applyACLPolicyDeleteOperation(buf []byte, index uint64) interface{ } func (c *FSM) applyConfigEntryOperation(buf []byte, index uint64) interface{} { - req := structs.ConfigEntryRequest{} - if err := decodeConfigEntryOperationRequest(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted config entry request") - return nil - } + req := structs.ConfigEntryRequest{ + Entry: &structs.ProxyConfigEntry{}, + } + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } @@ -617,7 +594,7 @@ func (c *FSM) applyConfigEntryOperation(buf []byte, index uint64) interface{} { func (c *FSM) applyACLRoleSetOperation(buf []byte, index uint64) interface{} { var req structs.ACLRoleBatchSetRequest - if err := decodeACLRoleBatchSetRequest(buf, &req); err != nil { + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "role"}, time.Now(), @@ -639,7 +616,7 @@ func (c *FSM) applyACLRoleDeleteOperation(buf []byte, index uint64) interface{} func (c *FSM) applyACLBindingRuleSetOperation(buf []byte, index uint64) interface{} { var req structs.ACLBindingRuleBatchSetRequest - if err := decodeACLBindingRuleBatchSetRequest(buf, &req); err != nil { + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "bindingrule"}, time.Now(), @@ -661,7 +638,7 @@ func (c *FSM) applyACLBindingRuleDeleteOperation(buf []byte, index uint64) inter func (c *FSM) applyACLAuthMethodSetOperation(buf []byte, index uint64) interface{} { var req structs.ACLAuthMethodBatchSetRequest - if err := decodeACLAuthMethodBatchSetRequest(buf, &req); err != nil { + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "authmethod"}, time.Now(), @@ -672,11 +649,7 @@ func (c *FSM) applyACLAuthMethodSetOperation(buf []byte, index uint64) interface func (c *FSM) applyACLAuthMethodDeleteOperation(buf []byte, index uint64) interface{} { var req structs.ACLAuthMethodBatchDeleteRequest - if err := decodeACLAuthMethodBatchDeleteRequest(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted acl auth method delete request") - return nil - } + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "authmethod"}, time.Now(), @@ -733,11 +706,7 @@ func (c *FSM) applySystemMetadataOperation(buf []byte, index uint64) interface{} func (c *FSM) applyPeeringWrite(buf []byte, index uint64) interface{} { var req pbpeering.PeeringWriteRequest - if err := decodePeeringWriteRequest(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted peering write request") - return nil - } + if err := structs.DecodeProto(buf, &req); err != nil { panic(fmt.Errorf("failed to decode peering write request: %v", err)) } @@ -749,11 +718,7 @@ func (c *FSM) applyPeeringWrite(buf []byte, index uint64) interface{} { func (c *FSM) applyPeeringDelete(buf []byte, index uint64) interface{} { var req pbpeering.PeeringDeleteRequest - if err := decodePeeringDeleteRequest(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted peering delete request") - return nil - } + if err := structs.DecodeProto(buf, &req); err != nil { panic(fmt.Errorf("failed to decode peering delete request: %v", err)) } @@ -793,11 +758,7 @@ func (c *FSM) applyPeeringTerminate(buf []byte, index uint64) interface{} { func (c *FSM) applyPeeringTrustBundleWrite(buf []byte, index uint64) interface{} { var req pbpeering.PeeringTrustBundleWriteRequest - if err := decodePeeringTrustBundleWriteRequest(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted peering trust bundle write request") - return nil - } + if err := structs.DecodeProto(buf, &req); err != nil { panic(fmt.Errorf("failed to decode peering trust bundle write request: %v", err)) } @@ -809,11 +770,7 @@ func (c *FSM) applyPeeringTrustBundleWrite(buf []byte, index uint64) interface{} func (c *FSM) applyPeeringTrustBundleDelete(buf []byte, index uint64) interface{} { var req pbpeering.PeeringTrustBundleDeleteRequest - if err := decodePeeringTrustBundleDeleteRequest(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted peering trust bundle delete request") - return nil - } + if err := structs.DecodeProto(buf, &req); err != nil { panic(fmt.Errorf("failed to decode peering trust bundle delete request: %v", err)) } @@ -833,11 +790,7 @@ func (f *FSM) applyResourceOperation(buf []byte, idx uint64) any { func (c *FSM) applyManualVirtualIPs(buf []byte, index uint64) interface{} { var req state.ServiceVirtualIP - if err := decodeServiceVirtualIPRequest(buf, &req); err != nil { - if errors.Is(err, ErrDroppingTenantedReq) { - c.logger.Warn("dropping tenanted virtual ip request") - return nil - } + if err := structs.Decode(buf, &req); err != nil { panic(fmt.Errorf("failed to decode request: %v", err)) } diff --git a/agent/consul/fsm/decode_ce.go b/agent/consul/fsm/decode_ce.go deleted file mode 100644 index 2f4d3da3a26cb..0000000000000 --- a/agent/consul/fsm/decode_ce.go +++ /dev/null @@ -1,145 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -//go:build !consulent -// +build !consulent - -package fsm - -import ( - "github.com/hashicorp/consul/agent/consul/state" - "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto/private/pbpeering" -) - -func decodeRegistrationReq(buf []byte, req *structs.RegisterRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodeRegistration(buf, req) -} - -func decodeDeregistrationReq(buf []byte, req *structs.DeregisterRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodeDeregistration(buf, req) -} - -func decodeKVSRequest(buf []byte, req *structs.KVSRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodeKVS(buf, req) -} - -func decodeSessionRequest(buf []byte, req *structs.SessionRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - - return decodeSession(buf, req) -} - -func decodePreparedQueryRequest(buf []byte, req *structs.PreparedQueryRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodePreparedQuery(buf, req) -} - -func decodeTxnRequest(buf []byte, req *structs.TxnRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodeTxn(buf, req) -} - -func decodeACLTokenBatchSetRequest(buf []byte, req *structs.ACLTokenBatchSetRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodeACLTokenBatchSet(buf, req) - -} - -func decodeACLPolicyBatchSetRequest(buf []byte, req *structs.ACLPolicyBatchSetRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodeACLPolicyBatchSet(buf, req) - -} - -func decodeACLRoleBatchSetRequest(buf []byte, req *structs.ACLRoleBatchSetRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodeACLRoleBatchSet(buf, req) -} - -func decodeACLBindingRuleBatchSetRequest(buf []byte, req *structs.ACLBindingRuleBatchSetRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodeACLBindingRuleBatchSet(buf, req) -} - -func decodeACLAuthMethodBatchSetRequest(buf []byte, req *structs.ACLAuthMethodBatchSetRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodeACLAuthMethodBatchSet(buf, req) -} - -func decodeACLAuthMethodBatchDeleteRequest(buf []byte, req *structs.ACLAuthMethodBatchDeleteRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - - return decodeACLAuthMethodBatchDelete(buf, req) -} - -func decodeServiceVirtualIPRequest(buf []byte, req *state.ServiceVirtualIP) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - return decodeServiceVirtualIP(buf, req) -} - -func decodePeeringWriteRequest(buf []byte, req *pbpeering.PeeringWriteRequest) error { - if !structs.CEDowngrade { - return structs.DecodeProto(buf, req) - } - return decodePeeringWrite(buf, req) -} - -func decodePeeringDeleteRequest(buf []byte, req *pbpeering.PeeringDeleteRequest) error { - if !structs.CEDowngrade { - return structs.DecodeProto(buf, req) - } - - return decodePeeringDelete(buf, req) -} - -func decodePeeringTrustBundleWriteRequest(buf []byte, req *pbpeering.PeeringTrustBundleWriteRequest) error { - if !structs.CEDowngrade { - return structs.DecodeProto(buf, req) - } - return decodePeeringTrustBundleWrite(buf, req) -} - -func decodePeeringTrustBundleDeleteRequest(buf []byte, req *pbpeering.PeeringTrustBundleDeleteRequest) error { - if !structs.CEDowngrade { - return structs.DecodeProto(buf, req) - } - return decodePeeringTrustBundleDelete(buf, req) -} - -func decodeConfigEntryOperationRequest(buf []byte, req *structs.ConfigEntryRequest) error { - if !structs.CEDowngrade { - return structs.Decode(buf, req) - } - - return decodeConfigEntryOperation(buf, req) -} diff --git a/agent/consul/fsm/decode_downgrade.go b/agent/consul/fsm/decode_downgrade.go deleted file mode 100644 index 7b8e2fce719f2..0000000000000 --- a/agent/consul/fsm/decode_downgrade.go +++ /dev/null @@ -1,1011 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package fsm - -import ( - "errors" - "fmt" - - "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" - "github.com/hashicorp/consul/agent/consul/state" - "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/lib" - "github.com/hashicorp/consul/proto/private/pbpeering" -) - -func IsEnterpriseData(namespace, partition string) bool { - if (namespace != "" && namespace != "default") || (partition != "" && partition != "default") { - return true - } - return false -} - -var errIncompatibleTenantedData = errors.New("incompatible tenanted data") -var ErrDroppingTenantedReq = errors.New("dropping tenanted request") - -func decodeRegistration(buf []byte, req *structs.RegisterRequest) error { - type serviceRequest struct { - Namespace string - Partition string - *structs.NodeService - } - type checkRequest struct { - Namespace string - Partition string - *structs.HealthCheck - } - type NewRegReq struct { - - // shadows the Service field from the register request so that we can detect - // tenanted service registrations for untenanted nodes - Service *serviceRequest - - // shadows the Check field from the register request so that we can detect - // tenanted check registrations for untenanted nodes. - Check *checkRequest - - // shadows the Checks field for the same reasons as the singular version. - Checks []*checkRequest - - // Allows parsing the namespace of the whole request/node - Namespace string - - // Allows parsing the partition of the whole request/node - Partition string - *structs.RegisterRequest - } - var newReq NewRegReq - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - - // checks if the node is tenanted - if IsEnterpriseData(newReq.Namespace, newReq.Partition) { - // the whole request can be dropped because the node itself is tenanted - return ErrDroppingTenantedReq - } - - // check if the service is tenanted - if newReq.Service != nil && !IsEnterpriseData(newReq.Service.Namespace, newReq.Service.Partition) { - // copy the shadow service pointer into the real RegisterRequest - newReq.RegisterRequest.Service = newReq.Service.NodeService - } - - // check if the singular check is tenanted - if newReq.Check != nil && !IsEnterpriseData(newReq.Check.Namespace, newReq.Check.Partition) { - newReq.RegisterRequest.Check = newReq.Check.HealthCheck - } - - // check for tenanted checks in the slice - for _, chk := range newReq.Checks { - if !IsEnterpriseData(chk.Namespace, chk.Partition) { - newReq.RegisterRequest.Checks = append(newReq.RegisterRequest.Checks, chk.HealthCheck) - } - } - // copy the data to the output request value - *req = *newReq.RegisterRequest - return nil -} - -func decodeDeregistration(buf []byte, req *structs.DeregisterRequest) error { - type NewDeRegReq struct { - Namespace string - - // Allows parsing the partition of the whole request/node - Partition string - - *structs.DeregisterRequest - - // Allows parsing the namespace of the whole request/node - - } - var newReq NewDeRegReq - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - - // checks if the node is tenanted - if IsEnterpriseData(newReq.Namespace, newReq.Partition) { - // the whole request can be dropped because the node itself is tenanted - return ErrDroppingTenantedReq - } - - // copy the data to the output request value - *req = *newReq.DeregisterRequest - return nil -} - -func decodeKVS(buf []byte, req *structs.KVSRequest) error { - type dirEntryReq struct { - Namespace string - Partition string - *structs.DirEntry - } - type NewDirEntReq struct { - // shadows the DirEnt field from KVSRequest so that we can detect - // tenanted service registrations for untenanted nodes - DirEnt *dirEntryReq - *structs.KVSRequest - } - var newReq NewDirEntReq - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - - if newReq.DirEnt != nil && IsEnterpriseData(newReq.DirEnt.Namespace, newReq.DirEnt.Partition) { - return ErrDroppingTenantedReq - } - - newReq.KVSRequest.DirEnt = *newReq.DirEnt.DirEntry - *req = *newReq.KVSRequest - return nil -} - -func decodeSession(buf []byte, req *structs.SessionRequest) error { - type sessionReq struct { - Namespace string - Partition string - *structs.Session - } - type NewSessionReq struct { - // shadows the Session field from SessionRequest so that we can detect - // tenanted service registrations for untenanted nodes - Session *sessionReq - *structs.SessionRequest - } - var newReq NewSessionReq - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - - if newReq.Session != nil && IsEnterpriseData(newReq.Session.Namespace, newReq.Session.Partition) { - return ErrDroppingTenantedReq - - } - serviceChecks := newReq.Session.ServiceChecks - newReq.Session.ServiceChecks = nil - for _, sessionServiceCheck := range serviceChecks { - if !IsEnterpriseData(sessionServiceCheck.Namespace, "") { - newReq.Session.ServiceChecks = append(newReq.Session.ServiceChecks, sessionServiceCheck) - } - } - - newReq.SessionRequest.Session = *newReq.Session.Session - *req = *newReq.SessionRequest - return nil -} - -func decodePreparedQuery(buf []byte, req *structs.PreparedQueryRequest) error { - type serviceQuery struct { - Namespace string - Partition string - *structs.ServiceQuery - } - type prepQuery struct { - Service *serviceQuery - *structs.PreparedQuery - } - type NewPreparedQueryReq struct { - Query *prepQuery - *structs.PreparedQueryRequest - } - var newReq NewPreparedQueryReq - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - - if newReq.Query != nil && newReq.Query.Service != nil && IsEnterpriseData(newReq.Query.Service.Namespace, newReq.Query.Service.Partition) { - return ErrDroppingTenantedReq - } - - newReq.Query.PreparedQuery.Service = *newReq.Query.Service.ServiceQuery - newReq.PreparedQueryRequest.Query = newReq.Query.PreparedQuery - *req = *newReq.PreparedQueryRequest - return nil -} - -func decodeTxn(buf []byte, req *structs.TxnRequest) error { - type dirEntryReq struct { - Namespace string - Partition string - *structs.DirEntry - } - type txnKVOp struct { - DirEnt *dirEntryReq - *structs.TxnKVOp - } - type nodeService struct { - Namespace string - Partition string - *structs.NodeService - } - type txnServiceOp struct { - Service *nodeService - *structs.TxnServiceOp - } - type healthCheck struct { - Namespace string - Partition string - *structs.HealthCheck - } - type txnCheckOp struct { - Check *healthCheck - *structs.TxnCheckOp - } - type session struct { - Namespace string - Partition string - *structs.Session - } - type txnSessionOp struct { - Session *session - *structs.TxnSessionOp - } - // Only one of the types should be filled out per entry. - type txnOp struct { - KV *txnKVOp - Service *txnServiceOp - Check *txnCheckOp - Session *txnSessionOp - *structs.TxnOp - } - type NewTxnRequest struct { - Ops []*txnOp - *structs.TxnRequest - } - var newReq NewTxnRequest - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - for _, op := range newReq.Ops { - if op.KV != nil && op.KV.DirEnt != nil && !IsEnterpriseData(op.KV.DirEnt.Namespace, op.KV.DirEnt.Partition) { - txnOp := &structs.TxnOp{ - KV: &structs.TxnKVOp{ - Verb: op.KV.Verb, - DirEnt: *op.KV.DirEnt.DirEntry, - }, - } - newReq.TxnRequest.Ops = append(newReq.TxnRequest.Ops, txnOp) - continue - } - - if op.Service != nil && op.Service.Service != nil && !IsEnterpriseData(op.Service.Service.Namespace, op.Service.Service.Partition) { - txnOp := &structs.TxnOp{ - Service: &structs.TxnServiceOp{ - Verb: op.Service.Verb, - Node: op.Service.Node, - Service: *op.Service.Service.NodeService, - }, - } - newReq.TxnRequest.Ops = append(newReq.TxnRequest.Ops, txnOp) - continue - } - - if op.Check != nil && op.Check.Check != nil && !IsEnterpriseData(op.Check.Check.Namespace, op.Check.Check.Partition) { - txnOp := &structs.TxnOp{ - Check: &structs.TxnCheckOp{ - Verb: op.Check.Verb, - Check: *op.Check.Check.HealthCheck, - }, - } - newReq.TxnRequest.Ops = append(newReq.TxnRequest.Ops, txnOp) - continue - } - - if op.Session != nil && op.Session.Session != nil && !IsEnterpriseData(op.Session.Session.Namespace, op.Session.Session.Partition) { - txnOp := &structs.TxnOp{ - Session: &structs.TxnSessionOp{ - Verb: op.Session.Verb, - Session: *op.Session.Session.Session, - }, - } - txnOp.Session.Session.ServiceChecks = nil - for _, sessionServiceCheck := range op.Session.Session.ServiceChecks { - if !IsEnterpriseData(sessionServiceCheck.Namespace, "") { - txnOp.Session.Session.ServiceChecks = append(txnOp.Session.Session.ServiceChecks, sessionServiceCheck) - } - } - newReq.TxnRequest.Ops = append(newReq.TxnRequest.Ops, txnOp) - } - } - - *req = *newReq.TxnRequest - return nil -} - -func decodeACLTokenBatchSet(buf []byte, req *structs.ACLTokenBatchSetRequest) error { - type aclToken struct { - Namespace string - Partition string - *structs.ACLToken - } - type NewACLTokenBatchSetRequest struct { - Tokens []*aclToken - *structs.ACLTokenBatchSetRequest - } - var newReq NewACLTokenBatchSetRequest - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - - for _, token := range newReq.Tokens { - if !IsEnterpriseData(token.Namespace, token.Partition) { - newReq.ACLTokenBatchSetRequest.Tokens = append(newReq.ACLTokenBatchSetRequest.Tokens, token.ACLToken) - } - } - - *req = *newReq.ACLTokenBatchSetRequest - return nil - -} - -func decodeACLPolicyBatchSet(buf []byte, req *structs.ACLPolicyBatchSetRequest) error { - type aclPolicy struct { - Namespace string - Partition string - *structs.ACLPolicy - } - type NewACLPolicyBatchSetRequest struct { - Policies []*aclPolicy - *structs.ACLPolicyBatchSetRequest - } - var newReq NewACLPolicyBatchSetRequest - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - if newReq.ACLPolicyBatchSetRequest == nil { - newReq.ACLPolicyBatchSetRequest = &structs.ACLPolicyBatchSetRequest{} - } - for _, policy := range newReq.Policies { - if !IsEnterpriseData(policy.Namespace, policy.Partition) { - newReq.ACLPolicyBatchSetRequest.Policies = append(newReq.ACLPolicyBatchSetRequest.Policies, policy.ACLPolicy) - } - } - - *req = *newReq.ACLPolicyBatchSetRequest - return nil - -} - -func decodeACLRoleBatchSet(buf []byte, req *structs.ACLRoleBatchSetRequest) error { - type aclRole struct { - Namespace string - Partition string - *structs.ACLRole - } - type NewACLRoleBatchSetRequest struct { - Roles []*aclRole - *structs.ACLRoleBatchSetRequest - } - var newReq NewACLRoleBatchSetRequest - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - - for _, role := range newReq.Roles { - if !IsEnterpriseData(role.Namespace, role.Partition) { - newReq.ACLRoleBatchSetRequest.Roles = append(newReq.ACLRoleBatchSetRequest.Roles, role.ACLRole) - } - } - - *req = *newReq.ACLRoleBatchSetRequest - return nil -} - -func decodeACLBindingRuleBatchSet(buf []byte, req *structs.ACLBindingRuleBatchSetRequest) error { - type aCLBindingRule struct { - Namespace string - Partition string - *structs.ACLBindingRule - } - type NewACLBindingRuleBatchSetRequest struct { - BindingRules []*aCLBindingRule - *structs.ACLBindingRuleBatchSetRequest - } - var newReq NewACLBindingRuleBatchSetRequest - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - if newReq.ACLBindingRuleBatchSetRequest == nil { - newReq.ACLBindingRuleBatchSetRequest = &structs.ACLBindingRuleBatchSetRequest{} - } - for _, rule := range newReq.BindingRules { - if !IsEnterpriseData(rule.Namespace, rule.Partition) { - newReq.ACLBindingRuleBatchSetRequest.BindingRules = append(newReq.ACLBindingRuleBatchSetRequest.BindingRules, rule.ACLBindingRule) - } - } - - *req = *newReq.ACLBindingRuleBatchSetRequest - return nil -} - -func decodeACLAuthMethodBatchSet(buf []byte, req *structs.ACLAuthMethodBatchSetRequest) error { - type aCLAuthMethod struct { - Namespace string - Partition string - *structs.ACLAuthMethod - } - type NewACLAuthMethodBatchSetRequest struct { - AuthMethods []*aCLAuthMethod - *structs.ACLAuthMethodBatchSetRequest - } - var newReq NewACLAuthMethodBatchSetRequest - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - if newReq.ACLAuthMethodBatchSetRequest == nil { - newReq.ACLAuthMethodBatchSetRequest = &structs.ACLAuthMethodBatchSetRequest{} - } - for _, authMethod := range newReq.AuthMethods { - if !IsEnterpriseData(authMethod.Namespace, authMethod.Partition) { - newReq.ACLAuthMethodBatchSetRequest.AuthMethods = append(newReq.ACLAuthMethodBatchSetRequest.AuthMethods, authMethod.ACLAuthMethod) - } - } - - *req = *newReq.ACLAuthMethodBatchSetRequest - return nil -} - -func decodeACLAuthMethodBatchDelete(buf []byte, req *structs.ACLAuthMethodBatchDeleteRequest) error { - type NewACLAuthMethodBatchDeleteRequest struct { - Namespace string - Partition string - *structs.ACLAuthMethodBatchDeleteRequest - } - - var newReq NewACLAuthMethodBatchDeleteRequest - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - - if IsEnterpriseData(newReq.Namespace, newReq.Partition) { - return ErrDroppingTenantedReq - } - - *req = *newReq.ACLAuthMethodBatchDeleteRequest - return nil -} - -func decodeServiceVirtualIP(buf []byte, req *state.ServiceVirtualIP) error { - type serviceName struct { - Namespace string - Partition string - *structs.ServiceName - } - type peeredServiceName struct { - ServiceName *serviceName - *structs.PeeredServiceName - } - type NewServiceVirtualIP struct { - Service *peeredServiceName - *state.ServiceVirtualIP - } - var newReq NewServiceVirtualIP - if err := structs.Decode(buf, &newReq); err != nil { - return err - } - - if newReq.Service != nil && newReq.Service.ServiceName != nil && IsEnterpriseData(newReq.Service.ServiceName.Namespace, newReq.Service.ServiceName.Partition) { - return ErrDroppingTenantedReq - } - newReq.ServiceVirtualIP.Service.ServiceName = *newReq.Service.ServiceName.ServiceName - *req = *newReq.ServiceVirtualIP - return nil -} - -func decodePeeringWrite(buf []byte, req *pbpeering.PeeringWriteRequest) error { - if err := structs.DecodeProto(buf, req); err != nil { - return err - } - - if req.Peering != nil && IsEnterpriseData("", req.Peering.Partition) { - return ErrDroppingTenantedReq - } - - return nil -} - -func decodePeeringDelete(buf []byte, req *pbpeering.PeeringDeleteRequest) error { - if err := structs.DecodeProto(buf, req); err != nil { - return err - } - - if IsEnterpriseData("", req.Partition) { - return ErrDroppingTenantedReq - } - - return nil -} - -func decodePeeringTrustBundleWrite(buf []byte, req *pbpeering.PeeringTrustBundleWriteRequest) error { - if err := structs.DecodeProto(buf, req); err != nil { - return err - } - - if IsEnterpriseData("", req.PeeringTrustBundle.Partition) { - return ErrDroppingTenantedReq - } - - return nil -} - -func decodePeeringTrustBundleDelete(buf []byte, req *pbpeering.PeeringTrustBundleDeleteRequest) error { - if err := structs.DecodeProto(buf, req); err != nil { - return err - } - - if IsEnterpriseData("", req.Partition) { - return ErrDroppingTenantedReq - } - - return nil -} - -func decodeConfigEntryOperation(buf []byte, req *structs.ConfigEntryRequest) error { - - newReq := &ShadowConfigEntryRequest{ - ConfigEntryRequest: req, - } - if err := structs.Decode(buf, newReq); err != nil { - return err - } - shadowConfigEntry := newReq.ConfigEntryRequest.Entry.(ShadowConfigentry) - if err := shadowConfigEntry.CheckEnt(); err != nil { - return err - } - req.Entry = shadowConfigEntry.GetRealConfigEntry() - return nil -} - -type ShadowConfigEntryRequest struct { - *structs.ConfigEntryRequest -} - -func (c *ShadowConfigEntryRequest) UnmarshalBinary(data []byte) error { - // First decode the kind prefix - var kind string - dec := codec.NewDecoderBytes(data, structs.MsgpackHandle) - if err := dec.Decode(&kind); err != nil { - return err - } - - // Then decode the real thing with appropriate kind of ConfigEntry - entry, err := MakeShadowConfigEntry(kind, "") - if err != nil { - return err - } - c.Entry = entry - // Alias juggling to prevent infinite recursive calls back to this decode - // method. - type Alias structs.ConfigEntryRequest - as := struct { - *Alias - }{ - Alias: (*Alias)(c.ConfigEntryRequest), - } - if err := dec.Decode(&as); err != nil { - return err - } - return nil -} -func MakeShadowConfigEntry(kind, name string) (structs.ConfigEntry, error) { - switch kind { - case structs.RateLimitIPConfig: - return nil, ErrDroppingTenantedReq - case structs.ServiceDefaults: - return &ShadowServiceConfigEntry{ServiceConfigEntry: &structs.ServiceConfigEntry{Name: name}}, nil - case structs.ProxyDefaults: - return &ShadowProxyConfigEntry{ProxyConfigEntry: &structs.ProxyConfigEntry{Name: name}}, nil - case structs.ServiceRouter: - return &ShadowServiceRouterConfigEntry{ServiceRouterConfigEntry: &structs.ServiceRouterConfigEntry{Name: name}}, nil - case structs.ServiceSplitter: - return &ShadowServiceSplitterConfigEntry{ServiceSplitterConfigEntry: &structs.ServiceSplitterConfigEntry{Name: name}}, nil - case structs.ServiceResolver: - return &ShadowServiceResolverConfigEntry{ServiceResolverConfigEntry: &structs.ServiceResolverConfigEntry{Name: name}}, nil - case structs.IngressGateway: - return &ShadowIngressGatewayConfigEntry{IngressGatewayConfigEntry: &structs.IngressGatewayConfigEntry{Name: name}}, nil - case structs.TerminatingGateway: - return &ShadowTerminatingGatewayConfigEntry{TerminatingGatewayConfigEntry: &structs.TerminatingGatewayConfigEntry{Name: name}}, nil - case structs.ServiceIntentions: - return &ShadowServiceIntentionsConfigEntry{ServiceIntentionsConfigEntry: &structs.ServiceIntentionsConfigEntry{Name: name}}, nil - case structs.MeshConfig: - return &ShadowMeshConfigEntry{MeshConfigEntry: &structs.MeshConfigEntry{}}, nil - case structs.ExportedServices: - return &ShadowExportedServicesConfigEntry{ExportedServicesConfigEntry: &structs.ExportedServicesConfigEntry{Name: name}}, nil - case structs.SamenessGroup: - return &ShadowSamenessGroupConfigEntry{SamenessGroupConfigEntry: &structs.SamenessGroupConfigEntry{Name: name}}, nil - case structs.APIGateway: - return &ShadowAPIGatewayConfigEntry{APIGatewayConfigEntry: &structs.APIGatewayConfigEntry{Name: name}}, nil - case structs.BoundAPIGateway: - return &ShadowBoundAPIGatewayConfigEntry{BoundAPIGatewayConfigEntry: &structs.BoundAPIGatewayConfigEntry{Name: name}}, nil - case structs.InlineCertificate: - return &ShadowInlineCertificateConfigEntry{InlineCertificateConfigEntry: &structs.InlineCertificateConfigEntry{Name: name}}, nil - case structs.HTTPRoute: - return &ShadowHTTPRouteConfigEntry{HTTPRouteConfigEntry: &structs.HTTPRouteConfigEntry{Name: name}}, nil - case structs.TCPRoute: - return &ShadowTCPRouteConfigEntry{TCPRouteConfigEntry: &structs.TCPRouteConfigEntry{Name: name}}, nil - case structs.JWTProvider: - return &ShadowJWTProviderConfigEntry{JWTProviderConfigEntry: &structs.JWTProviderConfigEntry{Name: name}}, nil - default: - return nil, fmt.Errorf("invalid config entry kind: %s", kind) - } -} - -type ShadowBase struct { - Namespace string - Partition string -} - -func (s ShadowBase) CheckEnt() error { - if IsEnterpriseData(s.Namespace, s.Partition) { - return ErrDroppingTenantedReq - } - return nil -} - -type ShadowConfigentry interface { - CheckEnt() error - GetRealConfigEntry() structs.ConfigEntry -} - -type ShadowProxyConfigEntry struct { - ShadowBase - *structs.ProxyConfigEntry -} - -func (s ShadowProxyConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - return s.ProxyConfigEntry -} - -type ShadowServiceResolverConfigEntry struct { - ShadowBase - *structs.ServiceResolverConfigEntry -} - -func (s ShadowServiceResolverConfigEntry) CheckEnt() error { - if err := s.ShadowBase.CheckEnt(); err != nil { - return err - } - if s.ServiceResolverConfigEntry.Redirect != nil && (IsEnterpriseData(s.ServiceResolverConfigEntry.Redirect.Namespace, s.ServiceResolverConfigEntry.Redirect.Partition) || s.ServiceResolverConfigEntry.Redirect.SamenessGroup != "") { - return errIncompatibleTenantedData - } - for _, failover := range s.ServiceResolverConfigEntry.Failover { - if IsEnterpriseData(failover.Namespace, "") || failover.SamenessGroup != "" { - return errIncompatibleTenantedData - } - for _, target := range failover.Targets { - if IsEnterpriseData(target.Namespace, target.Partition) { - return errIncompatibleTenantedData - } - } - } - return nil -} - -func (s ShadowServiceResolverConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - return s.ServiceResolverConfigEntry -} - -func (e *ShadowProxyConfigEntry) UnmarshalBinary(data []byte) error { - // The goal here is to add a post-decoding operation to - // decoding of a ProxyConfigEntry. The cleanest way I could - // find to do so was to implement the BinaryMarshaller interface - // and use a type alias to do the original round of decoding, - // followed by a MapWalk of the Config to coerce everything - // into JSON compatible types. - type Alias structs.ProxyConfigEntry - as := struct { - *ShadowBase - *Alias - }{ - ShadowBase: &e.ShadowBase, - Alias: (*Alias)(e.ProxyConfigEntry), - } - dec := codec.NewDecoderBytes(data, structs.MsgpackHandle) - if err := dec.Decode(&as); err != nil { - return err - } - config, err := lib.MapWalk(e.Config) - if err != nil { - return err - } - e.Config = config - return nil -} - -type ShadowUpstreamConfig struct { - ShadowBase - *structs.UpstreamConfig -} -type ShadowUpstreamConfiguration struct { - Overrides []*ShadowUpstreamConfig - *structs.UpstreamConfiguration -} -type ShadowServiceConfigEntry struct { - ShadowBase - UpstreamConfig *ShadowUpstreamConfiguration - *structs.ServiceConfigEntry -} - -func (s ShadowServiceConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - if s.UpstreamConfig != nil { - for _, override := range s.UpstreamConfig.Overrides { - if !IsEnterpriseData(override.Namespace, override.Partition) { - if s.ServiceConfigEntry.UpstreamConfig == nil { - s.ServiceConfigEntry.UpstreamConfig = &structs.UpstreamConfiguration{} - } - s.ServiceConfigEntry.UpstreamConfig.Overrides = append(s.ServiceConfigEntry.UpstreamConfig.Overrides, override.UpstreamConfig) - } - } - } - return s.ServiceConfigEntry -} - -type ShadowServiceRouterConfigEntry struct { - ShadowBase - *structs.ServiceRouterConfigEntry -} - -func (s ShadowServiceRouterConfigEntry) CheckEnt() error { - if err := s.ShadowBase.CheckEnt(); err != nil { - return err - } - for _, route := range s.ServiceRouterConfigEntry.Routes { - if IsEnterpriseData(route.Destination.Namespace, route.Destination.Partition) { - return errIncompatibleTenantedData - } - } - return nil -} - -func (s ShadowServiceRouterConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - return s.ServiceRouterConfigEntry -} - -type ShadowServiceSplitterConfigEntry struct { - ShadowBase - *structs.ServiceSplitterConfigEntry -} - -func (s ShadowServiceSplitterConfigEntry) CheckEnt() error { - if err := s.ShadowBase.CheckEnt(); err != nil { - return err - } - for _, split := range s.ServiceSplitterConfigEntry.Splits { - if IsEnterpriseData(split.Namespace, split.Partition) { - return errIncompatibleTenantedData - } - } - return nil -} -func (s ShadowServiceSplitterConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - return s.ServiceSplitterConfigEntry -} - -type ShadowIngressService struct { - ShadowBase - *structs.IngressService -} -type ShadowIngressListener struct { - Services []ShadowIngressService - *structs.IngressListener -} -type ShadowIngressGatewayConfigEntry struct { - ShadowBase - Listeners []ShadowIngressListener - *structs.IngressGatewayConfigEntry -} - -func (s ShadowIngressGatewayConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - for _, listner := range s.Listeners { - for _, svc := range listner.Services { - if !IsEnterpriseData(svc.Namespace, svc.Partition) { - listner.IngressListener.Services = append(listner.IngressListener.Services, *svc.IngressService) - } - } - if len(listner.IngressListener.Services) == 0 { - continue - } - s.IngressGatewayConfigEntry.Listeners = append(s.IngressGatewayConfigEntry.Listeners, *listner.IngressListener) - } - return s.IngressGatewayConfigEntry -} - -type ShadowLinkedService struct { - ShadowBase - *structs.LinkedService -} - -type ShadowTerminatingGatewayConfigEntry struct { - ShadowBase - Services []ShadowLinkedService - *structs.TerminatingGatewayConfigEntry -} - -func (s ShadowTerminatingGatewayConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - for _, svc := range s.Services { - if !IsEnterpriseData(svc.Namespace, svc.Partition) { - s.TerminatingGatewayConfigEntry.Services = append(s.TerminatingGatewayConfigEntry.Services, *svc.LinkedService) - } - } - return s.TerminatingGatewayConfigEntry -} - -type ShadowSourceIntention struct { - ShadowBase - *structs.SourceIntention -} -type ShadowServiceIntentionsConfigEntry struct { - ShadowBase - Sources []*ShadowSourceIntention - *structs.ServiceIntentionsConfigEntry -} - -func (s ShadowServiceIntentionsConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - for _, source := range s.Sources { - if !IsEnterpriseData(source.Namespace, source.Partition) && source.SamenessGroup == "" { - s.ServiceIntentionsConfigEntry.Sources = append(s.ServiceIntentionsConfigEntry.Sources, source.SourceIntention) - } - } - return s.ServiceIntentionsConfigEntry -} - -type ShadowMeshConfigEntry struct { - ShadowBase - *structs.MeshConfigEntry -} - -func (s ShadowMeshConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - return s.MeshConfigEntry -} - -type ShadowExportedServicesConfigEntry struct { - ShadowBase - *structs.ExportedServicesConfigEntry -} - -func (s ShadowExportedServicesConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - services := []structs.ExportedService{} - for _, svc := range s.ExportedServicesConfigEntry.Services { - if !IsEnterpriseData(svc.Namespace, "") { - consumers := []structs.ServiceConsumer{} - for _, consumer := range svc.Consumers { - if !IsEnterpriseData("", consumer.Partition) && consumer.SamenessGroup == "" { - consumers = append(consumers, consumer) - } - } - if len(consumers) == 0 { - continue - } - services = append(services, svc) - } - } - s.ExportedServicesConfigEntry.Services = services - return s.ExportedServicesConfigEntry -} - -type ShadowSamenessGroupConfigEntry struct { - ShadowBase - *structs.SamenessGroupConfigEntry -} - -func (s ShadowSamenessGroupConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - return s.SamenessGroupConfigEntry -} - -type ShadowAPIGatewayConfigEntry struct { - ShadowBase - *structs.APIGatewayConfigEntry -} - -func (s ShadowAPIGatewayConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - return s.APIGatewayConfigEntry -} - -type ShadowBoundAPIGatewayListener struct { - Routes []ShadowResourceReference - Certificates []ShadowResourceReference - *structs.BoundAPIGatewayListener -} -type ShadowBoundAPIGatewayConfigEntry struct { - ShadowBase - Listeners []ShadowBoundAPIGatewayListener - *structs.BoundAPIGatewayConfigEntry -} - -func (s ShadowBoundAPIGatewayConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - for _, listner := range s.Listeners { - for _, route := range listner.Routes { - if !IsEnterpriseData(route.Namespace, route.Partition) { - listner.BoundAPIGatewayListener.Routes = append(listner.BoundAPIGatewayListener.Routes, *route.ResourceReference) - } - } - for _, cf := range listner.Certificates { - if !IsEnterpriseData(cf.Namespace, cf.Partition) { - listner.BoundAPIGatewayListener.Certificates = append(listner.BoundAPIGatewayListener.Certificates, *cf.ResourceReference) - } - } - s.BoundAPIGatewayConfigEntry.Listeners = append(s.BoundAPIGatewayConfigEntry.Listeners, *listner.BoundAPIGatewayListener) - } - return s.BoundAPIGatewayConfigEntry -} - -type ShadowInlineCertificateConfigEntry struct { - ShadowBase - *structs.InlineCertificateConfigEntry -} - -func (s ShadowInlineCertificateConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - return s.InlineCertificateConfigEntry -} - -type ShadowHTTPService struct { - ShadowBase - *structs.HTTPService -} -type ShadowHTTPRouteRule struct { - Services []ShadowHTTPService - *structs.HTTPRouteRule -} -type ShadowResourceReference struct { - ShadowBase - *structs.ResourceReference -} -type ShadowHTTPRouteConfigEntry struct { - ShadowBase - Parents []ShadowResourceReference - Rules []ShadowHTTPRouteRule - *structs.HTTPRouteConfigEntry -} - -func (s ShadowHTTPRouteConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - for _, parent := range s.Parents { - if !IsEnterpriseData(parent.Namespace, parent.Partition) { - s.HTTPRouteConfigEntry.Parents = append(s.HTTPRouteConfigEntry.Parents, *parent.ResourceReference) - } - } - for _, rule := range s.Rules { - for _, svc := range rule.Services { - if !IsEnterpriseData(svc.Namespace, svc.Partition) { - rule.HTTPRouteRule.Services = append(rule.HTTPRouteRule.Services, *svc.HTTPService) - } - } - s.HTTPRouteConfigEntry.Rules = append(s.HTTPRouteConfigEntry.Rules, *rule.HTTPRouteRule) - } - return s.HTTPRouteConfigEntry -} - -type ShadowTCPService struct { - ShadowBase - *structs.TCPService -} -type ShadowTCPRouteConfigEntry struct { - ShadowBase - Parents []ShadowResourceReference - Services []ShadowTCPService - *structs.TCPRouteConfigEntry -} - -func (s ShadowTCPRouteConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - for _, parent := range s.Parents { - if !IsEnterpriseData(parent.Namespace, parent.Partition) { - s.TCPRouteConfigEntry.Parents = append(s.TCPRouteConfigEntry.Parents, *parent.ResourceReference) - } - } - for _, svc := range s.Services { - if !IsEnterpriseData(svc.Namespace, svc.Partition) { - s.TCPRouteConfigEntry.Services = append(s.TCPRouteConfigEntry.Services, *svc.TCPService) - } - } - return s.TCPRouteConfigEntry -} - -type ShadowJWTProviderConfigEntry struct { - ShadowBase - *structs.JWTProviderConfigEntry -} - -func (s ShadowJWTProviderConfigEntry) GetRealConfigEntry() structs.ConfigEntry { - return s.JWTProviderConfigEntry -} diff --git a/agent/consul/fsm/fsm.go b/agent/consul/fsm/fsm.go index 5a350e4dae778..92a3931b5b331 100644 --- a/agent/consul/fsm/fsm.go +++ b/agent/consul/fsm/fsm.go @@ -195,10 +195,6 @@ func (c *FSM) Apply(log *raft.Log) interface{} { c.logger.Warn("ignoring unknown message type, upgrade to newer version", "type", msgType) return nil } - if structs.CEDowngrade && msgType >= 64 { - c.logger.Warn("ignoring enterprise message, for downgrading to oss", "type", msgType) - return nil - } panic(fmt.Errorf("failed to apply request: %#v", buf)) } @@ -267,10 +263,7 @@ func (c *FSM) Restore(old io.ReadCloser) error { return err } default: - if structs.CEDowngrade && msg >= 64 { - c.logger.Warn("ignoring enterprise message , for downgrading to oss", "type", msg) - return nil - } else if msg >= 64 { + if msg >= 64 { return fmt.Errorf("msg type <%d> is a Consul Enterprise log entry. Consul CE cannot restore it", msg) } else { return fmt.Errorf("Unrecognized msg type %d", msg) diff --git a/agent/consul/leader.go b/agent/consul/leader.go index 86ac10bb1287c..fcbf794541f3d 100644 --- a/agent/consul/leader.go +++ b/agent/consul/leader.go @@ -5,7 +5,6 @@ package consul import ( "context" - "errors" "fmt" "net" "reflect" @@ -17,27 +16,20 @@ import ( "github.com/armon/go-metrics" "github.com/armon/go-metrics/prometheus" - "github.com/oklog/ulid/v2" - "golang.org/x/time/rate" - "google.golang.org/protobuf/types/known/anypb" - "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-uuid" "github.com/hashicorp/go-version" "github.com/hashicorp/raft" "github.com/hashicorp/serf/serf" + "golang.org/x/time/rate" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs/aclfilter" "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/storage" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/logging" - "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" "github.com/hashicorp/consul/types" ) @@ -349,12 +341,6 @@ func (s *Server) establishLeadership(ctx context.Context) error { s.startLogVerification(ctx) } - if s.useV2Tenancy { - if err := s.initTenancy(ctx, s.resourceServiceServer.Backend); err != nil { - return err - } - } - if s.config.Reporting.License.Enabled && s.reportingManager != nil { s.reportingManager.StartReportingAgent() } @@ -1463,61 +1449,3 @@ func (s *serversIntentionsAsConfigEntriesInfo) update(srv *metadata.Server) bool // prevent continuing server evaluation return false } - -func (s *Server) initTenancy(ctx context.Context, b storage.Backend) error { - // we write these defaults directly to the storage backend - // without going through the resource service since tenancy - // validation hooks block writes to the default namespace - // and partition. - if err := s.createDefaultPartition(ctx, b); err != nil { - return err - } - - if err := s.createDefaultNamespace(ctx, b); err != nil { - return err - } - return nil -} - -func (s *Server) createDefaultNamespace(ctx context.Context, b storage.Backend) error { - readID := &pbresource.ID{ - Type: pbtenancy.NamespaceType, - Name: resource.DefaultNamespaceName, - Tenancy: resource.DefaultPartitionedTenancy(), - } - - read, err := b.Read(ctx, storage.StrongConsistency, readID) - - if err != nil && !errors.Is(err, storage.ErrNotFound) { - return fmt.Errorf("failed to read the %q namespace: %v", resource.DefaultNamespaceName, err) - } - if read == nil && errors.Is(err, storage.ErrNotFound) { - nsData, err := anypb.New(&pbtenancy.Namespace{Description: "default namespace in default partition"}) - if err != nil { - return err - } - - // create a default namespace in default partition - nsID := &pbresource.ID{ - Type: pbtenancy.NamespaceType, - Name: resource.DefaultNamespaceName, - Tenancy: resource.DefaultPartitionedTenancy(), - Uid: ulid.Make().String(), - } - - _, err = b.WriteCAS(ctx, &pbresource.Resource{ - Id: nsID, - Generation: ulid.Make().String(), - Data: nsData, - Metadata: map[string]string{ - "generated_at": time.Now().Format(time.RFC3339), - }, - }) - - if err != nil { - return fmt.Errorf("failed to create the %q namespace: %v", resource.DefaultNamespaceName, err) - } - } - s.logger.Info("Created", "namespace", resource.DefaultNamespaceName) - return nil -} diff --git a/agent/consul/leader_ce.go b/agent/consul/leader_ce.go deleted file mode 100644 index 2d67b7bdedd8f..0000000000000 --- a/agent/consul/leader_ce.go +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -//go:build !consulent - -package consul - -import ( - "context" - - "github.com/hashicorp/consul/internal/storage" -) - -func (s *Server) createDefaultPartition(ctx context.Context, b storage.Backend) error { - // no-op - return nil -} diff --git a/agent/consul/leader_ce_test.go b/agent/consul/leader_ce_test.go index 23009cfbc39bf..8988adb9f7782 100644 --- a/agent/consul/leader_ce_test.go +++ b/agent/consul/leader_ce_test.go @@ -5,19 +5,7 @@ package consul -import ( - "context" - "testing" - - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/storage" - libserf "github.com/hashicorp/consul/lib/serf" - "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" - "github.com/hashicorp/consul/testrpc" -) +import libserf "github.com/hashicorp/consul/lib/serf" func updateSerfTags(s *Server, key, value string) { libserf.UpdateTag(s.serfLAN, key, value) @@ -26,41 +14,3 @@ func updateSerfTags(s *Server, key, value string) { libserf.UpdateTag(s.serfWAN, key, value) } } - -func TestServer_InitTenancy(t *testing.T) { - t.Parallel() - - _, conf := testServerConfig(t) - deps := newDefaultDeps(t, conf) - deps.Experiments = []string{"v2tenancy"} - deps.Registry = NewTypeRegistry() - - s, err := newServerWithDeps(t, conf, deps) - require.NoError(t, err) - - // first initTenancy call happens here - waitForLeaderEstablishment(t, s) - testrpc.WaitForLeader(t, s.RPC, "dc1") - - nsID := &pbresource.ID{ - Type: pbtenancy.NamespaceType, - Tenancy: resource.DefaultPartitionedTenancy(), - Name: resource.DefaultNamespaceName, - } - - ns, err := s.resourceServiceServer.Backend.Read(context.Background(), storage.StrongConsistency, nsID) - require.NoError(t, err) - require.Equal(t, resource.DefaultNamespaceName, ns.Id.Name) - - // explicitly call initiTenancy to verify we do not re-create namespace - err = s.initTenancy(context.Background(), s.resourceServiceServer.Backend) - require.NoError(t, err) - - // read again - actual, err := s.resourceServiceServer.Backend.Read(context.Background(), storage.StrongConsistency, nsID) - require.NoError(t, err) - - require.Equal(t, ns.Id.Uid, actual.Id.Uid) - require.Equal(t, ns.Generation, actual.Generation) - require.Equal(t, ns.Version, actual.Version) -} diff --git a/agent/consul/options.go b/agent/consul/options.go index 88c16bd1a99c5..6dc754b3aef70 100644 --- a/agent/consul/options.go +++ b/agent/consul/options.go @@ -49,7 +49,7 @@ type Deps struct { EnterpriseDeps } -// UseV2Resources returns true if "resource-apis" is present in the Experiments +// useV2Resources returns true if "resource-apis" is present in the Experiments // array of the agent config. func (d Deps) UseV2Resources() bool { if stringslice.Contains(d.Experiments, CatalogResourceExperimentName) { @@ -58,15 +58,6 @@ func (d Deps) UseV2Resources() bool { return false } -// UseV2Tenancy returns true if "v2tenancy" is present in the Experiments -// array of the agent config. -func (d Deps) UseV2Tenancy() bool { - if stringslice.Contains(d.Experiments, V2TenancyExperimentName) { - return true - } - return false -} - type GRPCClientConner interface { ClientConn(datacenter string) (*grpc.ClientConn, error) ClientConnLeader() (*grpc.ClientConn, error) diff --git a/agent/consul/server.go b/agent/consul/server.go index 505430d634ca8..2e32fa7786810 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -20,13 +20,6 @@ import ( "time" "github.com/armon/go-metrics" - "go.etcd.io/bbolt" - "golang.org/x/time/rate" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" - "google.golang.org/grpc/reflection" - - "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/go-connlimit" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" @@ -37,7 +30,13 @@ import ( walmetrics "github.com/hashicorp/raft-wal/metrics" "github.com/hashicorp/raft-wal/verifier" "github.com/hashicorp/serf/serf" + "go.etcd.io/bbolt" + "golang.org/x/time/rate" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" + "google.golang.org/grpc/reflection" + "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl/resolver" "github.com/hashicorp/consul/agent/blockingquery" @@ -77,12 +76,10 @@ import ( "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/mesh" proxysnapshot "github.com/hashicorp/consul/internal/mesh/proxy-snapshot" - "github.com/hashicorp/consul/internal/multicluster" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" "github.com/hashicorp/consul/internal/resource/reaper" raftstorage "github.com/hashicorp/consul/internal/storage/raft" - "github.com/hashicorp/consul/internal/tenancy" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/lib/routine" "github.com/hashicorp/consul/lib/stringslice" @@ -471,9 +468,6 @@ type Server struct { registry resource.Registry useV2Resources bool - - // useV2Tenancy is tied to the "v2tenancy" feature flag. - useV2Tenancy bool } func (s *Server) DecrementBlockingQueries() uint64 { @@ -563,7 +557,6 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, routineManager: routine.NewManager(logger.Named(logging.ConsulServer)), registry: flat.Registry, useV2Resources: flat.UseV2Resources(), - useV2Tenancy: flat.UseV2Tenancy(), } incomingRPCLimiter.Register(s) @@ -841,7 +834,7 @@ func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, go s.reportingManager.Run(&lib.StopChannelContext{StopCh: s.shutdownCh}) // Setup insecure resource service client. - if err := s.setupInsecureResourceServiceClient(flat.Registry, logger); err != nil { + if err := s.setupInsecureResourceServiceClient(flat.Registry, logger, flat); err != nil { return nil, err } @@ -938,17 +931,9 @@ func isV1CatalogRequest(rpcName string) bool { } func (s *Server) registerControllers(deps Deps, proxyUpdater ProxyUpdater) error { - // When not enabled, the v1 tenancy bridge is used by default. - if s.useV2Tenancy { - tenancy.RegisterControllers( - s.controllerManager, - tenancy.Dependencies{Registry: deps.Registry}, - ) - } - if s.useV2Resources { catalog.RegisterControllers(s.controllerManager, catalog.DefaultControllerDependencies()) - multicluster.RegisterControllers(s.controllerManager) + defaultAllow, err := s.config.ACLResolverSettings.IsDefaultAllow() if err != nil { return err @@ -992,7 +977,7 @@ func (s *Server) registerControllers(deps Deps, proxyUpdater ProxyUpdater) error demo.RegisterControllers(s.controllerManager) } - return s.controllerManager.ValidateDependencies(s.registry.Types()) + return nil } func newGRPCHandlerFromConfig(deps Deps, config *Config, s *Server) connHandler { @@ -1471,9 +1456,8 @@ func (s *Server) setupExternalGRPC(config *Config, deps Deps, logger hclog.Logge s.peerStreamServer.Register(s.externalGRPCServer) tenancyBridge := NewV1TenancyBridge(s) - if s.useV2Tenancy { - tenancyBridgeV2 := tenancy.NewV2TenancyBridge() - tenancyBridge = tenancyBridgeV2.WithClient(s.insecureResourceServiceClient) + if stringslice.Contains(deps.Experiments, V2TenancyExperimentName) { + tenancyBridge = resource.NewV2TenancyBridge() } s.resourceServiceServer = resourcegrpc.NewServer(resourcegrpc.Config{ @@ -1482,23 +1466,20 @@ func (s *Server) setupExternalGRPC(config *Config, deps Deps, logger hclog.Logge ACLResolver: s.ACLResolver, Logger: logger.Named("grpc-api.resource"), TenancyBridge: tenancyBridge, - UseV2Tenancy: s.useV2Tenancy, }) s.resourceServiceServer.Register(s.externalGRPCServer) reflection.Register(s.externalGRPCServer) } -func (s *Server) setupInsecureResourceServiceClient(typeRegistry resource.Registry, logger hclog.Logger) error { +func (s *Server) setupInsecureResourceServiceClient(typeRegistry resource.Registry, logger hclog.Logger, deps Deps) error { if s.raftStorageBackend == nil { return fmt.Errorf("raft storage backend cannot be nil") } - // Can't use interface type var here since v2 specific "WithClient(...)" is called futher down. tenancyBridge := NewV1TenancyBridge(s) - tenancyBridgeV2 := tenancy.NewV2TenancyBridge() - if s.useV2Tenancy { - tenancyBridge = tenancyBridgeV2 + if stringslice.Contains(deps.Experiments, V2TenancyExperimentName) { + tenancyBridge = resource.NewV2TenancyBridge() } server := resourcegrpc.NewServer(resourcegrpc.Config{ Registry: typeRegistry, @@ -1506,7 +1487,6 @@ func (s *Server) setupInsecureResourceServiceClient(typeRegistry resource.Regist ACLResolver: resolver.DANGER_NO_AUTH{}, Logger: logger.Named("grpc-api.resource"), TenancyBridge: tenancyBridge, - UseV2Tenancy: s.useV2Tenancy, }) conn, err := s.runInProcessGRPCServer(server.Register) @@ -1514,7 +1494,7 @@ func (s *Server) setupInsecureResourceServiceClient(typeRegistry resource.Regist return err } s.insecureResourceServiceClient = pbresource.NewResourceServiceClient(conn) - tenancyBridgeV2.WithClient(s.insecureResourceServiceClient) + return nil } diff --git a/agent/consul/server_ce.go b/agent/consul/server_ce.go index fd554ca2c3432..fb3e55e76519f 100644 --- a/agent/consul/server_ce.go +++ b/agent/consul/server_ce.go @@ -11,11 +11,10 @@ import ( "time" "github.com/armon/go-metrics" - "google.golang.org/grpc" - "github.com/hashicorp/go-multierror" "github.com/hashicorp/serf/coordinate" "github.com/hashicorp/serf/serf" + "google.golang.org/grpc" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/reporting" diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index 620df6bfa6c44..e72549babbef1 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -7,11 +7,9 @@ import ( "context" "crypto/tls" "crypto/x509" - "flag" "fmt" "net" "os" - "path/filepath" "reflect" "strings" "sync" @@ -39,12 +37,10 @@ import ( external "github.com/hashicorp/consul/agent/grpc-external" grpcmiddleware "github.com/hashicorp/consul/agent/grpc-middleware" hcpclient "github.com/hashicorp/consul/agent/hcp/client" - "github.com/hashicorp/consul/agent/leafcert" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/rpc/middleware" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/token" - proxytracker "github.com/hashicorp/consul/internal/mesh/proxy-tracker" "github.com/hashicorp/consul/ipaddr" "github.com/hashicorp/consul/sdk/freeport" "github.com/hashicorp/consul/sdk/testutil" @@ -121,7 +117,7 @@ func waitForLeaderEstablishment(t *testing.T, servers ...*Server) { }) } -func testServerConfig(t testutil.TestingTB) (string, *Config) { +func testServerConfig(t *testing.T) (string, *Config) { dir := testutil.TempDir(t, "consul") config := DefaultConfig() @@ -237,7 +233,7 @@ func testServerWithConfig(t *testing.T, configOpts ...func(*Config)) (string, *S var deps Deps // Retry added to avoid cases where bind addr is already in use retry.RunWith(retry.ThreeTimes(), t, func(r *retry.R) { - dir, config = testServerConfig(r) + dir, config = testServerConfig(t) for _, fn := range configOpts { fn(config) } @@ -250,8 +246,8 @@ func testServerWithConfig(t *testing.T, configOpts ...func(*Config)) (string, *S config.ACLResolverSettings.EnterpriseMeta = *config.AgentEnterpriseMeta() var err error - deps = newDefaultDeps(r, config) - srv, err = newServerWithDeps(r, config, deps) + deps = newDefaultDeps(t, config) + srv, err = newServerWithDeps(t, config, deps) if err != nil { r.Fatalf("err: %v", err) } @@ -331,7 +327,7 @@ func newServer(t *testing.T, c *Config) (*Server, error) { return newServerWithDeps(t, c, newDefaultDeps(t, c)) } -func newServerWithDeps(t testutil.TestingTB, c *Config, deps Deps) (*Server, error) { +func newServerWithDeps(t *testing.T, c *Config, deps Deps) (*Server, error) { // chain server up notification oldNotify := c.NotifyListen up := make(chan struct{}) @@ -342,8 +338,7 @@ func newServerWithDeps(t testutil.TestingTB, c *Config, deps Deps) (*Server, err } } grpcServer := external.NewServer(deps.Logger.Named("grpc.external"), nil, deps.TLSConfigurator, rpcRate.NullRequestLimitsHandler(), keepalive.ServerParameters{}) - proxyUpdater := proxytracker.NewProxyTracker(proxytracker.ProxyTrackerConfig{}) - srv, err := NewServer(c, deps, grpcServer, nil, deps.Logger, proxyUpdater) + srv, err := NewServer(c, deps, grpcServer, nil, deps.Logger, nil) if err != nil { return nil, err } @@ -2251,38 +2246,3 @@ func TestServer_addServerTLSInfo(t *testing.T) { }) } } - -// goldenMarkdown reads and optionally writes the expected data to the goldenMarkdown file, -// returning the contents as a string. -func goldenMarkdown(t *testing.T, name, got string) string { - t.Helper() - - golden := filepath.Join("testdata", name+".md") - update := flag.Lookup("update").Value.(flag.Getter).Get().(bool) - if update && got != "" { - err := os.WriteFile(golden, []byte(got), 0644) - require.NoError(t, err) - } - - expected, err := os.ReadFile(golden) - require.NoError(t, err) - - return string(expected) -} - -func TestServer_ControllerDependencies(t *testing.T) { - t.Parallel() - - _, conf := testServerConfig(t) - deps := newDefaultDeps(t, conf) - deps.Experiments = []string{"resource-apis"} - deps.LeafCertManager = &leafcert.Manager{} - - s1, err := newServerWithDeps(t, conf, deps) - require.NoError(t, err) - - waitForLeaderEstablishment(t, s1) - actual := fmt.Sprintf("```mermaid\n%s\n```", s1.controllerManager.CalculateDependencies(s1.registry.Types()).ToMermaid()) - expected := goldenMarkdown(t, "v2-resource-dependencies", actual) - require.Equal(t, expected, actual) -} diff --git a/agent/consul/state/peering.go b/agent/consul/state/peering.go index 05dfa59a37af3..1763777cff838 100644 --- a/agent/consul/state/peering.go +++ b/agent/consul/state/peering.go @@ -202,9 +202,6 @@ func (s *Store) peeringSecretsWriteTxn(tx WriteTxn, req *pbpeering.SecretsWriteR return fmt.Errorf("failed to read peering by id: %w", err) } if peering == nil { - if structs.CEDowngrade { - return nil - } return fmt.Errorf("unknown peering %q for secret", req.PeerID) } diff --git a/agent/consul/testdata/v2-resource-dependencies.md b/agent/consul/testdata/v2-resource-dependencies.md deleted file mode 100644 index 0d0d811236113..0000000000000 --- a/agent/consul/testdata/v2-resource-dependencies.md +++ /dev/null @@ -1,52 +0,0 @@ -```mermaid -flowchart TD - auth/v2beta1/computedtrafficpermissions --> auth/v2beta1/trafficpermissions - auth/v2beta1/computedtrafficpermissions --> auth/v2beta1/workloadidentity - catalog/v2beta1/failoverpolicy --> catalog/v2beta1/service - catalog/v2beta1/healthstatus - catalog/v2beta1/node --> catalog/v2beta1/nodehealthstatus - catalog/v2beta1/nodehealthstatus - catalog/v2beta1/service - catalog/v2beta1/serviceendpoints --> catalog/v2beta1/service - catalog/v2beta1/serviceendpoints --> catalog/v2beta1/workload - catalog/v2beta1/workload --> catalog/v2beta1/healthstatus - catalog/v2beta1/workload --> catalog/v2beta1/node - demo/v1/album - demo/v1/artist - demo/v1/concept - demo/v1/executive - demo/v1/recordlabel - demo/v2/album - demo/v2/artist - internal/v1/tombstone - mesh/v2beta1/computedexplicitdestinations --> catalog/v2beta1/service - mesh/v2beta1/computedexplicitdestinations --> catalog/v2beta1/workload - mesh/v2beta1/computedexplicitdestinations --> mesh/v2beta1/computedroutes - mesh/v2beta1/computedexplicitdestinations --> mesh/v2beta1/destinations - mesh/v2beta1/computedproxyconfiguration --> catalog/v2beta1/workload - mesh/v2beta1/computedproxyconfiguration --> mesh/v2beta1/proxyconfiguration - mesh/v2beta1/computedroutes --> catalog/v2beta1/failoverpolicy - mesh/v2beta1/computedroutes --> catalog/v2beta1/service - mesh/v2beta1/computedroutes --> mesh/v2beta1/destinationpolicy - mesh/v2beta1/computedroutes --> mesh/v2beta1/grpcroute - mesh/v2beta1/computedroutes --> mesh/v2beta1/httproute - mesh/v2beta1/computedroutes --> mesh/v2beta1/tcproute - mesh/v2beta1/destinationpolicy - mesh/v2beta1/destinations - mesh/v2beta1/grpcroute - mesh/v2beta1/httproute - mesh/v2beta1/meshconfiguration - mesh/v2beta1/meshgateway - mesh/v2beta1/proxyconfiguration - mesh/v2beta1/proxystatetemplate --> auth/v2beta1/computedtrafficpermissions - mesh/v2beta1/proxystatetemplate --> catalog/v2beta1/service - mesh/v2beta1/proxystatetemplate --> catalog/v2beta1/workload - mesh/v2beta1/proxystatetemplate --> mesh/v2beta1/computedexplicitdestinations - mesh/v2beta1/proxystatetemplate --> mesh/v2beta1/computedproxyconfiguration - mesh/v2beta1/proxystatetemplate --> mesh/v2beta1/computedroutes - mesh/v2beta1/tcproute - multicluster/v2beta1/computedexportedservices --> catalog/v2beta1/service - multicluster/v2beta1/computedexportedservices --> multicluster/v2beta1/exportedservices - multicluster/v2beta1/computedexportedservices --> multicluster/v2beta1/namespaceexportedservices - multicluster/v2beta1/computedexportedservices --> multicluster/v2beta1/partitionexportedservices -``` \ No newline at end of file diff --git a/agent/consul/type_registry.go b/agent/consul/type_registry.go index 8bf093c41a112..d93309159d4bb 100644 --- a/agent/consul/type_registry.go +++ b/agent/consul/type_registry.go @@ -7,7 +7,6 @@ import ( "github.com/hashicorp/consul/internal/auth" "github.com/hashicorp/consul/internal/catalog" "github.com/hashicorp/consul/internal/mesh" - "github.com/hashicorp/consul/internal/multicluster" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" "github.com/hashicorp/consul/internal/tenancy" @@ -28,7 +27,6 @@ func NewTypeRegistry() resource.Registry { catalog.RegisterTypes(registry) auth.RegisterTypes(registry) tenancy.RegisterTypes(registry) - multicluster.RegisterTypes(registry) return registry } diff --git a/agent/event_endpoint_test.go b/agent/event_endpoint_test.go index f28b913cfd009..a041088c448c7 100644 --- a/agent/event_endpoint_test.go +++ b/agent/event_endpoint_test.go @@ -234,7 +234,7 @@ func TestEventList_ACLFilter(t *testing.T) { t.Run("token with access to one event type", func(t *testing.T) { retry.Run(t, func(r *retry.R) { - token := testCreateToken(r, a, ` + token := testCreateToken(t, a, ` event "foo" { policy = "read" } diff --git a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go index 2a50094029076..3ae0670e5cf08 100644 --- a/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go +++ b/agent/grpc-external/services/dataplane/get_envoy_bootstrap_params_test.go @@ -7,29 +7,29 @@ import ( "context" "testing" + "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "google.golang.org/protobuf/types/known/structpb" - "github.com/hashicorp/go-hclog" - - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/acl/resolver" - external "github.com/hashicorp/consul/agent/grpc-external" svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" - "github.com/hashicorp/consul/agent/grpc-external/testutils" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/internal/catalog" "github.com/hashicorp/consul/internal/mesh" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - "github.com/hashicorp/consul/proto-public/pbdataplane" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/proto/private/prototest" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/acl/resolver" + external "github.com/hashicorp/consul/agent/grpc-external" + "github.com/hashicorp/consul/agent/grpc-external/testutils" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/proto-public/pbdataplane" ) const ( @@ -262,9 +262,7 @@ func TestGetEnvoyBootstrapParams_Success_EnableV2(t *testing.T) { } run := func(t *testing.T, tc testCase) { - resourceClient := svctest.NewResourceServiceBuilder(). - WithRegisterFns(catalog.RegisterTypes, mesh.RegisterTypes). - Run(t) + resourceClient := svctest.RunResourceService(t, catalog.RegisterTypes, mesh.RegisterTypes) options := structs.QueryOptions{Token: testToken} ctx, err := external.ContextWithQueryOptions(context.Background(), options) @@ -492,9 +490,7 @@ func TestGetEnvoyBootstrapParams_Error_EnableV2(t *testing.T) { } run := func(t *testing.T, tc testCase) { - resourceClient := svctest.NewResourceServiceBuilder(). - WithRegisterFns(catalog.RegisterTypes, mesh.RegisterTypes). - Run(t) + resourceClient := svctest.RunResourceService(t, catalog.RegisterTypes, mesh.RegisterTypes) options := structs.QueryOptions{Token: testToken} ctx, err := external.ContextWithQueryOptions(context.Background(), options) diff --git a/agent/grpc-external/services/peerstream/stream_test.go b/agent/grpc-external/services/peerstream/stream_test.go index d5a0abd6b444e..ad3399b79f5a9 100644 --- a/agent/grpc-external/services/peerstream/stream_test.go +++ b/agent/grpc-external/services/peerstream/stream_test.go @@ -690,7 +690,7 @@ func TestStreamResources_Server_StreamTracker(t *testing.T) { req := msg.GetRequest() require.NotNil(r, req) require.Equal(r, pbpeerstream.TypeURLExportedService, req.ResourceURL) - prototest.AssertDeepEqual(r, expectAck, msg) + prototest.AssertDeepEqual(t, expectAck, msg) }) expect := Status{ diff --git a/agent/grpc-external/services/resource/delete.go b/agent/grpc-external/services/resource/delete.go index 582cc5dbc0a26..2f30e27f983fb 100644 --- a/agent/grpc-external/services/resource/delete.go +++ b/agent/grpc-external/services/resource/delete.go @@ -7,7 +7,6 @@ import ( "context" "errors" "fmt" - "strings" "time" "github.com/oklog/ulid/v2" @@ -19,7 +18,6 @@ import ( "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/storage" "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" ) // Delete deletes a resource. @@ -29,7 +27,7 @@ import ( // - Errors with Aborted if the requested Version does not match the stored Version. // - Errors with PermissionDenied if ACL check fails func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pbresource.DeleteResponse, error) { - reg, err := s.ensureDeleteRequestValid(req) + reg, err := s.validateDeleteRequest(req) if err != nil { return nil, err } @@ -75,21 +73,6 @@ func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pb deleteId = existing.Id } - // Check finalizers for a deferred delete - if resource.HasFinalizers(existing) { - if resource.IsMarkedForDeletion(existing) { - // Delete previously requested and finalizers still present so nothing to do - return &pbresource.DeleteResponse{}, nil - } - - // Mark for deletion and let controllers that put finalizers in place do their - // thing. Note we're passing in a clone of the recently read resource since - // we've not crossed a network/serialization boundary since the read and we - // don't want to mutate the in-mem reference. - return s.markForDeletion(ctx, clone(existing)) - } - - // Continue with an immediate delete if err := s.maybeCreateTombstone(ctx, deleteId); err != nil { return nil, err } @@ -105,16 +88,6 @@ func (s *Server) Delete(ctx context.Context, req *pbresource.DeleteRequest) (*pb } } -func (s *Server) markForDeletion(ctx context.Context, res *pbresource.Resource) (*pbresource.DeleteResponse, error) { - // Write the deletion timestamp - res.Metadata[resource.DeletionTimestampKey] = time.Now().Format(time.RFC3339) - _, err := s.Write(ctx, &pbresource.WriteRequest{Resource: res}) - if err != nil { - return nil, err - } - return &pbresource.DeleteResponse{}, nil -} - // Create a tombstone to capture the intent to delete child resources. // Tombstones are created preemptively to prevent partial failures even though // we are currently unaware of the success/failure/no-op of DeleteCAS. In @@ -146,7 +119,7 @@ func (s *Server) maybeCreateTombstone(ctx context.Context, deleteId *pbresource. Id: &pbresource.ID{ Type: resource.TypeV1Tombstone, Tenancy: deleteId.Tenancy, - Name: TombstoneNameFor(deleteId), + Name: tombstoneName(deleteId), Uid: ulid.Make().String(), }, Generation: ulid.Make().String(), @@ -171,7 +144,7 @@ func (s *Server) maybeCreateTombstone(ctx context.Context, deleteId *pbresource. } } -func (s *Server) ensureDeleteRequestValid(req *pbresource.DeleteRequest) (*resource.Registration, error) { +func (s *Server) validateDeleteRequest(req *pbresource.DeleteRequest) (*resource.Registration, error) { if req.Id == nil { return nil, status.Errorf(codes.InvalidArgument, "id is required") } @@ -185,32 +158,22 @@ func (s *Server) ensureDeleteRequestValid(req *pbresource.DeleteRequest) (*resou return nil, err } - if err = checkV2Tenancy(s.UseV2Tenancy, req.Id.Type); err != nil { - return nil, err - } - - if err := validateScopedTenancy(reg.Scope, reg.Type, req.Id.Tenancy); err != nil { - return nil, err + // Check scope + if reg.Scope == resource.ScopePartition && req.Id.Tenancy.Namespace != "" { + return nil, status.Errorf( + codes.InvalidArgument, + "partition scoped resource %s cannot have a namespace. got: %s", + resource.ToGVK(req.Id.Type), + req.Id.Tenancy.Namespace, + ) } - if err := blockBuiltinsDeletion(reg.Type, req.Id); err != nil { - return nil, err - } return reg, nil } // Maintains a deterministic mapping between a resource and it's tombstone's // name by embedding the resources's Uid in the name. -func TombstoneNameFor(deleteId *pbresource.ID) string { +func tombstoneName(deleteId *pbresource.ID) string { // deleteId.Name is just included for easier identification - return fmt.Sprintf("tombstone-%v-%v", deleteId.Name, strings.ToLower(deleteId.Uid)) -} - -func blockDefaultNamespaceDeletion(rtype *pbresource.Type, id *pbresource.ID) error { - if id.Name == resource.DefaultNamespaceName && - id.Tenancy.Partition == resource.DefaultPartitionName && - resource.EqualType(rtype, pbtenancy.NamespaceType) { - return status.Errorf(codes.InvalidArgument, "cannot delete default namespace") - } - return nil + return fmt.Sprintf("tombstone-%v-%v", deleteId.Name, deleteId.Uid) } diff --git a/agent/grpc-external/services/resource/delete_ce.go b/agent/grpc-external/services/resource/delete_ce.go deleted file mode 100644 index d2ff805a24a47..0000000000000 --- a/agent/grpc-external/services/resource/delete_ce.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -//go:build !consulent - -package resource - -import "github.com/hashicorp/consul/proto-public/pbresource" - -func blockBuiltinsDeletion(rtype *pbresource.Type, id *pbresource.ID) error { - if err := blockDefaultNamespaceDeletion(rtype, id); err != nil { - return err - } - return nil -} diff --git a/agent/grpc-external/services/resource/delete_test.go b/agent/grpc-external/services/resource/delete_test.go index fd5ed321c806e..5f5d7d7e21920 100644 --- a/agent/grpc-external/services/resource/delete_test.go +++ b/agent/grpc-external/services/resource/delete_test.go @@ -1,12 +1,10 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: BUSL-1.1 -package resource_test +package resource import ( "context" - "fmt" - "strings" "testing" "github.com/stretchr/testify/mock" @@ -16,158 +14,62 @@ import ( "google.golang.org/protobuf/proto" "github.com/hashicorp/consul/acl/resolver" - svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" - svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" - rtest "github.com/hashicorp/consul/internal/resource/resourcetest" "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" - pbdemo "github.com/hashicorp/consul/proto/private/pbdemo/v1" ) func TestDelete_InputValidation(t *testing.T) { - type testCase struct { - modFn func(artistId, recordLabelId, executiveId *pbresource.ID) *pbresource.ID - errContains string - } - - run := func(t *testing.T, client pbresource.ResourceServiceClient, tc testCase) { - executive, err := demo.GenerateV1Executive("marvin", "CEO") - require.NoError(t, err) - - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") - require.NoError(t, err) + server := testServer(t) + client := testClient(t, server) - artist, err := demo.GenerateV2Artist() - require.NoError(t, err) + demo.RegisterTypes(server.Registry) - req := &pbresource.DeleteRequest{Id: tc.modFn(artist.Id, recordLabel.Id, executive.Id), Version: ""} - _, err = client.Delete(context.Background(), req) - require.Error(t, err) - require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, tc.errContains) - } - - testCases := map[string]testCase{ - "no id": { - modFn: func(_, _, _ *pbresource.ID) *pbresource.ID { - return nil - }, - errContains: "id is required", - }, - "no type": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Type = nil - return artistId - }, - errContains: "id.type is required", - }, - "no name": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Name = "" - return artistId - }, - errContains: "id.name invalid", - }, - "mixed case name": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Name = "DepecheMode" - return artistId - }, - errContains: "id.name invalid", - }, - "name too long": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Name = strings.Repeat("n", resource.MaxNameLength+1) - return artistId - }, - errContains: "id.name invalid", - }, - "partition mixed case": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Partition = "Default" - return artistId - }, - errContains: "id.tenancy.partition invalid", - }, - "partition name too long": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Partition = strings.Repeat("p", resource.MaxNameLength+1) - return artistId - }, - errContains: "id.tenancy.partition invalid", - }, - "namespace mixed case": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Namespace = "Default" - return artistId - }, - errContains: "id.tenancy.namespace invalid", + testCases := map[string]func(artistId, recordLabelId *pbresource.ID) *pbresource.ID{ + "no id": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID { + return nil }, - "namespace name too long": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Namespace = strings.Repeat("n", resource.MaxNameLength+1) - return artistId - }, - errContains: "id.tenancy.namespace invalid", + "no type": func(artistId, _ *pbresource.ID) *pbresource.ID { + artistId.Type = nil + return artistId }, - "partition scoped resource with namespace": { - modFn: func(_, recordLabelId, _ *pbresource.ID) *pbresource.ID { - recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace" - return recordLabelId - }, - errContains: "cannot have a namespace", + "no name": func(artistId, _ *pbresource.ID) *pbresource.ID { + artistId.Name = "" + return artistId }, - "cluster scoped resource with partition": { - modFn: func(_, _, executiveId *pbresource.ID) *pbresource.ID { - executiveId.Tenancy.Partition = "ishouldnothaveapartition" - executiveId.Tenancy.Namespace = "" - return executiveId - }, - errContains: "cannot have a partition", - }, - "cluster scoped resource with namespace": { - modFn: func(_, _, executiveId *pbresource.ID) *pbresource.ID { - executiveId.Tenancy.Partition = "" - executiveId.Tenancy.Namespace = "ishouldnothaveanamespace" - return executiveId - }, - errContains: "cannot have a namespace", + "partition scoped resource with namespace": func(_, recordLabelId *pbresource.ID) *pbresource.ID { + recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace" + return recordLabelId }, } + for desc, modFn := range testCases { + t.Run(desc, func(t *testing.T) { + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") + require.NoError(t, err) - for _, useV2Tenancy := range []bool{false, true} { - t.Run(fmt.Sprintf("v2tenancy %v", useV2Tenancy), func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(useV2Tenancy). - WithRegisterFns(demo.RegisterTypes). - Run(t) + artist, err := demo.GenerateV2Artist() + require.NoError(t, err) - for desc, tc := range testCases { - t.Run(desc, func(t *testing.T) { - run(t, client, tc) - }) - } + req := &pbresource.DeleteRequest{Id: modFn(artist.Id, recordLabel.Id), Version: ""} + + _, err = client.Delete(testContext(t), req) + require.Error(t, err) + require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) }) } } func TestDelete_TypeNotRegistered(t *testing.T) { - for _, useV2Tenancy := range []bool{false, true} { - t.Run(fmt.Sprintf("v2tenancy %v", useV2Tenancy), func(t *testing.T) { - client := svctest.NewResourceServiceBuilder().WithV2Tenancy(useV2Tenancy).Run(t) + t.Parallel() - artist, err := demo.GenerateV2Artist() - require.NoError(t, err) + _, client, ctx := testDeps(t) + artist, err := demo.GenerateV2Artist() + require.NoError(t, err) - // delete artist with unregistered type - _, err = client.Delete(context.Background(), &pbresource.DeleteRequest{Id: artist.Id, Version: ""}) - require.Error(t, err) - require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, "not registered") - }) - } + // delete artist with unregistered type + _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: artist.Id, Version: ""}) + require.Error(t, err) + require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) } func TestDelete_ACLs(t *testing.T) { @@ -193,8 +95,9 @@ func TestDelete_ACLs(t *testing.T) { for desc, tc := range testcases { t.Run(desc, func(t *testing.T) { - builder := svctest.NewResourceServiceBuilder().WithRegisterFns(demo.RegisterTypes) - client := builder.Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) artist, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -204,10 +107,10 @@ func TestDelete_ACLs(t *testing.T) { require.NoError(t, err) // Mock is put in place after the above "write" since the "write" must also pass the ACL check. - mockACLResolver := &svc.MockACLResolver{} + mockACLResolver := &MockACLResolver{} mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). Return(tc.authz, nil) - builder.ServiceImpl().Config.ACLResolver = mockACLResolver + server.ACLResolver = mockACLResolver // Exercise ACL. _, err = client.Delete(testContext(t), &pbresource.DeleteRequest{Id: rsp.Resource.Id}) @@ -219,70 +122,59 @@ func TestDelete_ACLs(t *testing.T) { func TestDelete_Success(t *testing.T) { t.Parallel() - run := func(t *testing.T, client pbresource.ResourceServiceClient, tc deleteTestCase, modFn func(artistId, recordlabelId *pbresource.ID) *pbresource.ID) { - ctx := context.Background() - - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") - require.NoError(t, err) - writeRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: recordLabel}) - require.NoError(t, err) - recordLabel = writeRsp.Resource - originalRecordLabelId := clone(recordLabel.Id) - - artist, err := demo.GenerateV2Artist() - require.NoError(t, err) - writeRsp, err = client.Write(ctx, &pbresource.WriteRequest{Resource: artist}) - require.NoError(t, err) - artist = writeRsp.Resource - originalArtistId := clone(artist.Id) - - // Pick the resource to be deleted based on type's scope and mod tenancy - // based on the tenancy test case. - deleteId := modFn(artist.Id, recordLabel.Id) - deleteReq := tc.deleteReqFn(recordLabel) - if proto.Equal(deleteId.Type, demo.TypeV2Artist) { - deleteReq = tc.deleteReqFn(artist) - } - - // Delete - _, err = client.Delete(ctx, deleteReq) - require.NoError(t, err) - - // Verify deleted - _, err = client.Read(ctx, &pbresource.ReadRequest{Id: deleteId}) - require.Error(t, err) - require.Equal(t, codes.NotFound.String(), status.Code(err).String()) - - // Derive tombstone name from resource that was deleted. - tname := svc.TombstoneNameFor(originalRecordLabelId) - if proto.Equal(deleteId.Type, demo.TypeV2Artist) { - tname = svc.TombstoneNameFor(originalArtistId) - } - - // Verify tombstone created - _, err = client.Read(ctx, &pbresource.ReadRequest{ - Id: &pbresource.ID{ - Name: tname, - Type: resource.TypeV1Tombstone, - Tenancy: deleteReq.Id.Tenancy, - }, - }) - require.NoError(t, err, "expected tombstone to be found") - } - for desc, tc := range deleteTestCases() { t.Run(desc, func(t *testing.T) { for tenancyDesc, modFn := range tenancyCases() { t.Run(tenancyDesc, func(t *testing.T) { - for _, useV2Tenancy := range []bool{false, true} { - t.Run(fmt.Sprintf("v2tenancy %v", useV2Tenancy), func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(useV2Tenancy). - WithRegisterFns(demo.RegisterTypes). - Run(t) - run(t, client, tc, modFn) - }) + server, client, ctx := testDeps(t) + demo.RegisterTypes(server.Registry) + + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") + require.NoError(t, err) + writeRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: recordLabel}) + require.NoError(t, err) + recordLabel = writeRsp.Resource + originalRecordLabelId := clone(recordLabel.Id) + + artist, err := demo.GenerateV2Artist() + require.NoError(t, err) + writeRsp, err = client.Write(ctx, &pbresource.WriteRequest{Resource: artist}) + require.NoError(t, err) + artist = writeRsp.Resource + originalArtistId := clone(artist.Id) + + // Pick the resource to be deleted based on type's scope and mod tenancy + // based on the tenancy test case. + deleteId := modFn(artist.Id, recordLabel.Id) + deleteReq := tc.deleteReqFn(recordLabel) + if proto.Equal(deleteId.Type, demo.TypeV2Artist) { + deleteReq = tc.deleteReqFn(artist) } + + // Delete + _, err = client.Delete(ctx, deleteReq) + require.NoError(t, err) + + // Verify deleted + _, err = client.Read(ctx, &pbresource.ReadRequest{Id: deleteId}) + require.Error(t, err) + require.Equal(t, codes.NotFound.String(), status.Code(err).String()) + + // Derive tombstone name from resource that was deleted. + tname := tombstoneName(originalRecordLabelId) + if proto.Equal(deleteId.Type, demo.TypeV2Artist) { + tname = tombstoneName(originalArtistId) + } + + // Verify tombstone created + _, err = client.Read(ctx, &pbresource.ReadRequest{ + Id: &pbresource.ID{ + Name: tname, + Type: resource.TypeV1Tombstone, + Tenancy: deleteReq.Id.Tenancy, + }, + }) + require.NoError(t, err, "expected tombstone to be found") }) } }) @@ -292,188 +184,79 @@ func TestDelete_Success(t *testing.T) { func TestDelete_TombstoneDeletionDoesNotCreateNewTombstone(t *testing.T) { t.Parallel() - for _, useV2Tenancy := range []bool{false, true} { - t.Run(fmt.Sprintf("v2tenancy %v", useV2Tenancy), func(t *testing.T) { - ctx := context.Background() - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(useV2Tenancy). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server, client, ctx := testDeps(t) + demo.RegisterTypes(server.Registry) - artist, err := demo.GenerateV2Artist() - require.NoError(t, err) + artist, err := demo.GenerateV2Artist() + require.NoError(t, err) - rsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: artist}) - require.NoError(t, err) - artist = rsp.Resource - - // delete artist - _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: artist.Id, Version: ""}) - require.NoError(t, err) + rsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: artist}) + require.NoError(t, err) + artist = rsp.Resource - // verify artist's tombstone created - rsp2, err := client.Read(ctx, &pbresource.ReadRequest{ - Id: &pbresource.ID{ - Name: svc.TombstoneNameFor(artist.Id), - Type: resource.TypeV1Tombstone, - Tenancy: artist.Id.Tenancy, - }, - }) - require.NoError(t, err) - tombstone := rsp2.Resource + // delete artist + _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: artist.Id, Version: ""}) + require.NoError(t, err) - // delete artist's tombstone - _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: tombstone.Id, Version: tombstone.Version}) - require.NoError(t, err) - - // verify no new tombstones created and artist's existing tombstone deleted - rsp3, err := client.List(ctx, &pbresource.ListRequest{Type: resource.TypeV1Tombstone, Tenancy: artist.Id.Tenancy}) - require.NoError(t, err) - require.Empty(t, rsp3.Resources) - }) - } + // verify artist's tombstone created + rsp2, err := client.Read(ctx, &pbresource.ReadRequest{ + Id: &pbresource.ID{ + Name: tombstoneName(artist.Id), + Type: resource.TypeV1Tombstone, + Tenancy: artist.Id.Tenancy, + }, + }) + require.NoError(t, err) + tombstone := rsp2.Resource + + // delete artist's tombstone + _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: tombstone.Id, Version: tombstone.Version}) + require.NoError(t, err) + + // verify no new tombstones created and artist's existing tombstone deleted + rsp3, err := client.List(ctx, &pbresource.ListRequest{Type: resource.TypeV1Tombstone, Tenancy: artist.Id.Tenancy}) + require.NoError(t, err) + require.Empty(t, rsp3.Resources) } func TestDelete_NotFound(t *testing.T) { t.Parallel() - run := func(t *testing.T, client pbresource.ResourceServiceClient, tc deleteTestCase) { - artist, err := demo.GenerateV2Artist() - require.NoError(t, err) - - // verify delete of non-existant or already deleted resource is a no-op - _, err = client.Delete(context.Background(), tc.deleteReqFn(artist)) - require.NoError(t, err) - } - - for _, useV2Tenancy := range []bool{false, true} { - t.Run(fmt.Sprintf("v2tenancy %v", useV2Tenancy), func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(useV2Tenancy). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - for desc, tc := range deleteTestCases() { - t.Run(desc, func(t *testing.T) { - run(t, client, tc) - }) - } - }) - } -} - -func TestDelete_VersionMismatch(t *testing.T) { - t.Parallel() - - for _, useV2Tenancy := range []bool{false, true} { - t.Run(fmt.Sprintf("v2tenancy %v", useV2Tenancy), func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(useV2Tenancy). - WithRegisterFns(demo.RegisterTypes). - Run(t) - + for desc, tc := range deleteTestCases() { + t.Run(desc, func(t *testing.T) { + server, client, ctx := testDeps(t) + demo.RegisterTypes(server.Registry) artist, err := demo.GenerateV2Artist() require.NoError(t, err) - rsp, err := client.Write(context.Background(), &pbresource.WriteRequest{Resource: artist}) - require.NoError(t, err) - - // delete with a version that is different from the stored version - _, err = client.Delete(context.Background(), &pbresource.DeleteRequest{Id: rsp.Resource.Id, Version: "non-existent-version"}) - require.Error(t, err) - require.Equal(t, codes.Aborted.String(), status.Code(err).String()) - require.ErrorContains(t, err, "CAS operation failed") - }) - } -} - -func TestDelete_MarkedForDeletionWhenFinalizersPresent(t *testing.T) { - for _, useV2Tenancy := range []bool{false, true} { - t.Run(fmt.Sprintf("v2tenancy %v", useV2Tenancy), func(t *testing.T) { - ctx := context.Background() - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(useV2Tenancy). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - // Create a resource with a finalizer - res := rtest.Resource(demo.TypeV1Artist, "manwithnoname"). - WithTenancy(resource.DefaultClusteredTenancy()). - WithData(t, &pbdemo.Artist{Name: "Man With No Name"}). - WithMeta(resource.FinalizerKey, "finalizer1"). - Write(t, client) - - // Delete it - _, err := client.Delete(ctx, &pbresource.DeleteRequest{Id: res.Id}) - require.NoError(t, err) - - // Verify resource has been marked for deletion - rsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: res.Id}) - require.NoError(t, err) - require.True(t, resource.IsMarkedForDeletion(rsp.Resource)) - // Delete again - should be no-op - _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: res.Id}) + // verify delete of non-existant or already deleted resource is a no-op + _, err = client.Delete(ctx, tc.deleteReqFn(artist)) require.NoError(t, err) - - // Verify no-op by checking version still the same - rsp2, err := client.Read(ctx, &pbresource.ReadRequest{Id: res.Id}) - require.NoError(t, err) - rtest.RequireVersionUnchanged(t, rsp2.Resource, rsp.Resource.Version) }) } } -func TestDelete_ImmediatelyDeletedAfterFinalizersRemoved(t *testing.T) { - for _, useV2Tenancy := range []bool{false, true} { - t.Run(fmt.Sprintf("v2tenancy %v", useV2Tenancy), func(t *testing.T) { - ctx := context.Background() - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(useV2Tenancy). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - // Create a resource with a finalizer - res := rtest.Resource(demo.TypeV1Artist, "manwithnoname"). - WithTenancy(resource.DefaultClusteredTenancy()). - WithData(t, &pbdemo.Artist{Name: "Man With No Name"}). - WithMeta(resource.FinalizerKey, "finalizer1"). - Write(t, client) - - // Delete should mark it for deletion - _, err := client.Delete(ctx, &pbresource.DeleteRequest{Id: res.Id}) - require.NoError(t, err) - - // Remove the finalizer - rsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: res.Id}) - require.NoError(t, err) - resource.RemoveFinalizer(rsp.Resource, "finalizer1") - _, err = client.Write(ctx, &pbresource.WriteRequest{Resource: rsp.Resource}) - require.NoError(t, err) +func TestDelete_VersionMismatch(t *testing.T) { + t.Parallel() - // Delete should be immediate - _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: rsp.Resource.Id}) - require.NoError(t, err) + server, client, ctx := testDeps(t) + demo.RegisterTypes(server.Registry) + artist, err := demo.GenerateV2Artist() + require.NoError(t, err) + rsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: artist}) + require.NoError(t, err) - // Verify deleted - _, err = client.Read(ctx, &pbresource.ReadRequest{Id: rsp.Resource.Id}) - require.Error(t, err) - require.Equal(t, codes.NotFound.String(), status.Code(err).String()) - }) - } + // delete with a version that is different from the stored version + _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: rsp.Resource.Id, Version: "non-existent-version"}) + require.Error(t, err) + require.Equal(t, codes.Aborted.String(), status.Code(err).String()) + require.ErrorContains(t, err, "CAS operation failed") } -func TestDelete_BlockDeleteDefaultNamespace(t *testing.T) { - client := svctest.NewResourceServiceBuilder().WithV2Tenancy(true).Run(t) - - id := &pbresource.ID{ - Name: resource.DefaultNamespaceName, - Type: pbtenancy.NamespaceType, - Tenancy: &pbresource.Tenancy{Partition: resource.DefaultPartitionName}, - } - _, err := client.Delete(context.Background(), &pbresource.DeleteRequest{Id: id}) - require.Error(t, err) - require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, "cannot delete default namespace") +func testDeps(t *testing.T) (*Server, pbresource.ResourceServiceClient, context.Context) { + server := testServer(t) + client := testClient(t, server) + return server, client, context.Background() } type deleteTestCase struct { diff --git a/agent/grpc-external/services/resource/list.go b/agent/grpc-external/services/resource/list.go index dc7f88a404c8e..c1ecb253448ce 100644 --- a/agent/grpc-external/services/resource/list.go +++ b/agent/grpc-external/services/resource/list.go @@ -16,7 +16,7 @@ import ( ) func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbresource.ListResponse, error) { - reg, err := s.ensureListRequestValid(req) + reg, err := s.validateListRequest(req) if err != nil { return nil, err } @@ -81,7 +81,7 @@ func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbreso return &pbresource.ListResponse{Resources: result}, nil } -func (s *Server) ensureListRequestValid(req *pbresource.ListRequest) (*resource.Registration, error) { +func (s *Server) validateListRequest(req *pbresource.ListRequest) (*resource.Registration, error) { var field string switch { case req.Type == nil: @@ -100,13 +100,8 @@ func (s *Server) ensureListRequestValid(req *pbresource.ListRequest) (*resource. return nil, err } - if err = checkV2Tenancy(s.UseV2Tenancy, req.Type); err != nil { - return nil, err - } - - if err := validateWildcardTenancy(req.Tenancy, req.NamePrefix); err != nil { - return nil, err - } + // Lowercase + resource.Normalize(req.Tenancy) // Error when partition scoped and namespace not empty. if reg.Scope == resource.ScopePartition && req.Tenancy.Namespace != "" { diff --git a/agent/grpc-external/services/resource/list_by_owner.go b/agent/grpc-external/services/resource/list_by_owner.go index 781f36069cf51..2310a5b50eda2 100644 --- a/agent/grpc-external/services/resource/list_by_owner.go +++ b/agent/grpc-external/services/resource/list_by_owner.go @@ -15,7 +15,7 @@ import ( ) func (s *Server) ListByOwner(ctx context.Context, req *pbresource.ListByOwnerRequest) (*pbresource.ListByOwnerResponse, error) { - reg, err := s.ensureListByOwnerRequestValid(req) + reg, err := s.validateListByOwnerRequest(req) if err != nil { return nil, err } @@ -42,6 +42,11 @@ func (s *Server) ListByOwner(ctx context.Context, req *pbresource.ListByOwnerReq return nil, status.Errorf(codes.Internal, "failed list acl: %v", err) } + // Check v1 tenancy exists for the v2 resource. + if err = v1TenancyExists(reg, s.TenancyBridge, req.Owner.Tenancy, codes.InvalidArgument); err != nil { + return nil, err + } + // Get owned resources. children, err := s.Backend.ListByOwner(ctx, req.Owner) if err != nil { @@ -82,7 +87,7 @@ func (s *Server) ListByOwner(ctx context.Context, req *pbresource.ListByOwnerReq return &pbresource.ListByOwnerResponse{Resources: result}, nil } -func (s *Server) ensureListByOwnerRequestValid(req *pbresource.ListByOwnerRequest) (*resource.Registration, error) { +func (s *Server) validateListByOwnerRequest(req *pbresource.ListByOwnerRequest) (*resource.Registration, error) { if req.Owner == nil { return nil, status.Errorf(codes.InvalidArgument, "owner is required") } @@ -100,12 +105,17 @@ func (s *Server) ensureListByOwnerRequestValid(req *pbresource.ListByOwnerReques return nil, err } - if err = checkV2Tenancy(s.UseV2Tenancy, req.Owner.Type); err != nil { - return nil, err - } - - if err = validateScopedTenancy(reg.Scope, reg.Type, req.Owner.Tenancy); err != nil { - return nil, err + // Lowercase + resource.Normalize(req.Owner.Tenancy) + + // Error when partition scoped and namespace not empty. + if reg.Scope == resource.ScopePartition && req.Owner.Tenancy.Namespace != "" { + return nil, status.Errorf( + codes.InvalidArgument, + "partition scoped type %s cannot have a namespace. got: %s", + resource.ToGVK(req.Owner.Type), + req.Owner.Tenancy.Namespace, + ) } return reg, nil diff --git a/agent/grpc-external/services/resource/list_by_owner_test.go b/agent/grpc-external/services/resource/list_by_owner_test.go index 92167042ea154..11c6027c0b642 100644 --- a/agent/grpc-external/services/resource/list_by_owner_test.go +++ b/agent/grpc-external/services/resource/list_by_owner_test.go @@ -1,162 +1,73 @@ // // Copyright (c) HashiCorp, Inc. // // SPDX-License-Identifier: BUSL-1.1 -package resource_test +package resource import ( "context" "fmt" - "strings" "testing" - "github.com/oklog/ulid/v2" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - "google.golang.org/protobuf/proto" - "github.com/hashicorp/consul/acl" - svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" - svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" - "github.com/hashicorp/consul/internal/resource/resourcetest" "github.com/hashicorp/consul/proto-public/pbresource" - pbdemo "github.com/hashicorp/consul/proto/private/pbdemo/v1" "github.com/hashicorp/consul/proto/private/prototest" -) -// TODO: Update all tests to use true/false table test for v2tenancy + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" +) func TestListByOwner_InputValidation(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) - type testCase struct { - modFn func(artistId, recordlabelId, executiveId *pbresource.ID) *pbresource.ID - errContains string - } - testCases := map[string]testCase{ - "no owner": { - modFn: func(_, _, _ *pbresource.ID) *pbresource.ID { - return nil - }, - errContains: "owner is required", - }, - "no type": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Type = nil - return artistId - }, - errContains: "owner.type is required", - }, - "no name": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Name = "" - return artistId - }, - errContains: "owner.name invalid", - }, - "name mixed case": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Name = "U2" - return artistId - }, - errContains: "owner.name invalid", + testCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{ + "no owner": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID { + return nil }, - "name too long": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Name = strings.Repeat("n", resource.MaxNameLength+1) - return artistId - }, - errContains: "owner.name invalid", + "no type": func(artistId, _ *pbresource.ID) *pbresource.ID { + artistId.Type = nil + return artistId }, - "partition mixed case": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Partition = "Default" - return artistId - }, - errContains: "owner.tenancy.partition invalid", + "no name": func(artistId, _ *pbresource.ID) *pbresource.ID { + artistId.Name = "" + return artistId }, - "partition too long": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Partition = strings.Repeat("p", resource.MaxNameLength+1) - return artistId - }, - errContains: "owner.tenancy.partition invalid", + "no uid": func(artistId, _ *pbresource.ID) *pbresource.ID { + artistId.Uid = "" + return artistId }, - "namespace mixed case": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Namespace = "Default" - return artistId - }, - errContains: "owner.tenancy.namespace invalid", - }, - "namespace too long": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Namespace = strings.Repeat("n", resource.MaxNameLength+1) - return artistId - }, - errContains: "owner.tenancy.namespace invalid", - }, - "no uid": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Uid = "" - return artistId - }, - errContains: "owner uid is required", - }, - "partition scope with non-empty namespace": { - modFn: func(_, recordLabelId, _ *pbresource.ID) *pbresource.ID { - recordLabelId.Uid = ulid.Make().String() - recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace" - return recordLabelId - }, - errContains: "cannot have a namespace", - }, - "cluster scope with non-empty partition": { - modFn: func(_, _, executiveId *pbresource.ID) *pbresource.ID { - executiveId.Uid = ulid.Make().String() - executiveId.Tenancy.Partition = "ishouldnothaveapartition" - return executiveId - }, - errContains: "cannot have a partition", - }, - "cluster scope with non-empty namespace": { - modFn: func(_, _, executiveId *pbresource.ID) *pbresource.ID { - executiveId.Uid = ulid.Make().String() - executiveId.Tenancy.Namespace = "ishouldnothaveanamespace" - return executiveId - }, - errContains: "cannot have a namespace", + "partition scope with non-empty namespace": func(_, recordLabelId *pbresource.ID) *pbresource.ID { + recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace" + return recordLabelId }, } - for desc, tc := range testCases { + for desc, modFn := range testCases { t.Run(desc, func(t *testing.T) { artist, err := demo.GenerateV2Artist() require.NoError(t, err) - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") - require.NoError(t, err) - - executive, err := demo.GenerateV1Executive("marvin", "CEO") + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") require.NoError(t, err) // Each test case picks which resource to use based on the resource type's scope. - req := &pbresource.ListByOwnerRequest{Owner: tc.modFn(artist.Id, recordLabel.Id, executive.Id)} + req := &pbresource.ListByOwnerRequest{Owner: modFn(artist.Id, recordLabel.Id)} _, err = client.ListByOwner(testContext(t), req) require.Error(t, err) require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, tc.errContains) }) } } func TestListByOwner_TypeNotRegistered(t *testing.T) { - client := svctest.NewResourceServiceBuilder().Run(t) + server := testServer(t) + client := testClient(t, server) _, err := client.ListByOwner(context.Background(), &pbresource.ListByOwnerRequest{ Owner: &pbresource.ID{ @@ -172,9 +83,9 @@ func TestListByOwner_TypeNotRegistered(t *testing.T) { } func TestListByOwner_Empty(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + demo.RegisterTypes(server.Registry) + client := testClient(t, server) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -188,9 +99,9 @@ func TestListByOwner_Empty(t *testing.T) { } func TestListByOwner_Many(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + demo.RegisterTypes(server.Registry) + client := testClient(t, server) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -220,53 +131,47 @@ func TestListByOwner_Many(t *testing.T) { } func TestListByOwner_OwnerTenancyDoesNotExist(t *testing.T) { - type testCase struct { - modFn func(artistId, recordlabelId *pbresource.ID) *pbresource.ID - } - tenancyCases := map[string]testCase{ - "namespace scoped owner with non-existent partition": { - modFn: func(artistId, _ *pbresource.ID) *pbresource.ID { - id := clone(artistId) - id.Tenancy.Partition = "boguspartition" - return id - }, + tenancyCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{ + "partition not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID { + id := clone(artistId) + id.Uid = "doesnotmatter" + id.Tenancy.Partition = "boguspartition" + return id }, - "namespace scoped owner with non-existent namespace": { - modFn: func(artistId, _ *pbresource.ID) *pbresource.ID { - id := clone(artistId) - id.Tenancy.Namespace = "bogusnamespace" - return id - }, + "namespace not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID { + id := clone(artistId) + id.Uid = "doesnotmatter" + id.Tenancy.Namespace = "bogusnamespace" + return id }, - "partition scoped owner with non-existent partition": { - modFn: func(_, recordLabelId *pbresource.ID) *pbresource.ID { - id := clone(recordLabelId) - id.Tenancy.Partition = "boguspartition" - return id - }, + "partition not found when partition scoped": func(_, recordLabelId *pbresource.ID) *pbresource.ID { + id := clone(recordLabelId) + id.Uid = "doesnotmatter" + id.Tenancy.Partition = "boguspartition" + return id }, } - for desc, tc := range tenancyCases { + for desc, modFn := range tenancyCases { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - recordLabel := resourcetest.Resource(demo.TypeV1RecordLabel, "looney-tunes"). - WithTenancy(resource.DefaultPartitionedTenancy()). - WithData(t, &pbdemo.RecordLabel{Name: "Looney Tunes"}). - Write(t, client) - - artist := resourcetest.Resource(demo.TypeV1Artist, "blur"). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, &pbdemo.Artist{Name: "Blur"}). - WithOwner(recordLabel.Id). - Write(t, client) - - // Verify non-existant tenancy units in owner return empty list. - rsp, err := client.ListByOwner(testContext(t), &pbresource.ListByOwnerRequest{Owner: tc.modFn(artist.Id, recordLabel.Id)}) + server := testServer(t) + demo.RegisterTypes(server.Registry) + client := testClient(t, server) + + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") require.NoError(t, err) - require.Empty(t, rsp.Resources) + recordLabel, err = server.Backend.WriteCAS(testContext(t), recordLabel) + require.NoError(t, err) + + artist, err := demo.GenerateV2Artist() + require.NoError(t, err) + artist, err = server.Backend.WriteCAS(testContext(t), artist) + require.NoError(t, err) + + // Verify non-existant tenancy units in owner err with not found. + _, err = client.ListByOwner(testContext(t), &pbresource.ListByOwnerRequest{Owner: modFn(artist.Id, recordLabel.Id)}) + require.Error(t, err) + require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) + require.Contains(t, err.Error(), "resource not found") }) } } @@ -274,12 +179,12 @@ func TestListByOwner_OwnerTenancyDoesNotExist(t *testing.T) { func TestListByOwner_Tenancy_Defaults_And_Normalization(t *testing.T) { for tenancyDesc, modFn := range tenancyCases() { t.Run(tenancyDesc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + demo.RegisterTypes(server.Registry) + client := testClient(t, server) // Create partition scoped recordLabel. - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") require.NoError(t, err) rsp1, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: recordLabel}) require.NoError(t, err) @@ -346,9 +251,9 @@ func TestListByOwner_ACL_PerTypeAllowed(t *testing.T) { // roundtrip a ListByOwner which attempts to return a single resource func roundTripListByOwner(t *testing.T, authz acl.Authorizer) (*pbresource.Resource, *pbresource.ListByOwnerResponse, error) { - builder := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes) - client := builder.Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) artist, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -364,11 +269,10 @@ func roundTripListByOwner(t *testing.T, authz acl.Authorizer) (*pbresource.Resou album = rsp2.Resource require.NoError(t, err) - // Mock has to be put in place after the above writes so writes will succeed. - mockACLResolver := &svc.MockACLResolver{} + mockACLResolver := &MockACLResolver{} mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). Return(authz, nil) - builder.ServiceImpl().ACLResolver = mockACLResolver + server.ACLResolver = mockACLResolver rsp3, err := client.ListByOwner(testContext(t), &pbresource.ListByOwnerRequest{Owner: artist.Id}) return album, rsp3, err diff --git a/agent/grpc-external/services/resource/list_test.go b/agent/grpc-external/services/resource/list_test.go index 780497ec0f458..64026b7d34e59 100644 --- a/agent/grpc-external/services/resource/list_test.go +++ b/agent/grpc-external/services/resource/list_test.go @@ -1,103 +1,60 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: BUSL-1.1 -package resource_test +package resource import ( "context" "fmt" - "strconv" - "strings" "testing" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/metadata" - "google.golang.org/grpc/status" - "github.com/hashicorp/consul/acl" - svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" - svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" "github.com/hashicorp/consul/internal/storage" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/proto/private/prototest" -) -// TODO: Update all tests to use true/false table test for v2tenancy + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/metadata" + "google.golang.org/grpc/status" +) func TestList_InputValidation(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) - type testCase struct { - modReqFn func(req *pbresource.ListRequest) - errContains string - } + demo.RegisterTypes(server.Registry) - testCases := map[string]testCase{ - "no type": { - modReqFn: func(req *pbresource.ListRequest) { req.Type = nil }, - errContains: "type is required", - }, - "no tenancy": { - modReqFn: func(req *pbresource.ListRequest) { req.Tenancy = nil }, - errContains: "tenancy is required", - }, - "partition mixed case": { - modReqFn: func(req *pbresource.ListRequest) { req.Tenancy.Partition = "Default" }, - errContains: "tenancy.partition invalid", - }, - "partition too long": { - modReqFn: func(req *pbresource.ListRequest) { - req.Tenancy.Partition = strings.Repeat("p", resource.MaxNameLength+1) - }, - errContains: "tenancy.partition invalid", - }, - "namespace mixed case": { - modReqFn: func(req *pbresource.ListRequest) { req.Tenancy.Namespace = "Default" }, - errContains: "tenancy.namespace invalid", - }, - "namespace too long": { - modReqFn: func(req *pbresource.ListRequest) { - req.Tenancy.Namespace = strings.Repeat("n", resource.MaxNameLength+1) - }, - errContains: "tenancy.namespace invalid", - }, - "name_prefix mixed case": { - modReqFn: func(req *pbresource.ListRequest) { req.NamePrefix = "Violator" }, - errContains: "name_prefix invalid", - }, - "partitioned resource provides non-empty namespace": { - modReqFn: func(req *pbresource.ListRequest) { - req.Type = demo.TypeV1RecordLabel - req.Tenancy.Namespace = "bad" - }, - errContains: "cannot have a namespace", + testCases := map[string]func(*pbresource.ListRequest){ + "no type": func(req *pbresource.ListRequest) { req.Type = nil }, + "no tenancy": func(req *pbresource.ListRequest) { req.Tenancy = nil }, + "partitioned resource provides non-empty namespace": func(req *pbresource.ListRequest) { + req.Type = demo.TypeV1RecordLabel + req.Tenancy.Namespace = "bad" }, } - for desc, tc := range testCases { + for desc, modFn := range testCases { t.Run(desc, func(t *testing.T) { req := &pbresource.ListRequest{ Type: demo.TypeV2Album, Tenancy: resource.DefaultNamespacedTenancy(), } - tc.modReqFn(req) + modFn(req) _, err := client.List(testContext(t), req) require.Error(t, err) require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, tc.errContains) }) } } func TestList_TypeNotFound(t *testing.T) { - client := svctest.NewResourceServiceBuilder().Run(t) + server := testServer(t) + client := testClient(t, server) _, err := client.List(context.Background(), &pbresource.ListRequest{ Type: demo.TypeV2Artist, @@ -112,9 +69,9 @@ func TestList_TypeNotFound(t *testing.T) { func TestList_Empty(t *testing.T) { for desc, tc := range listTestCases() { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + demo.RegisterTypes(server.Registry) + client := testClient(t, server) rsp, err := client.List(tc.ctx, &pbresource.ListRequest{ Type: demo.TypeV1Artist, @@ -130,9 +87,9 @@ func TestList_Empty(t *testing.T) { func TestList_Many(t *testing.T) { for desc, tc := range listTestCases() { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + demo.RegisterTypes(server.Registry) + client := testClient(t, server) resources := make([]*pbresource.Resource, 10) for i := 0; i < len(resources); i++ { @@ -159,57 +116,17 @@ func TestList_Many(t *testing.T) { } } -func TestList_NamePrefix(t *testing.T) { - for desc, tc := range listTestCases() { - t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - expectedResources := []*pbresource.Resource{} - - namePrefixIndex := 0 - // create a name prefix that is always present - namePrefix := fmt.Sprintf("%s-", strconv.Itoa(namePrefixIndex)) - for i := 0; i < 10; i++ { - artist, err := demo.GenerateV2Artist() - require.NoError(t, err) - - // Prevent test flakes if the generated names collide. - artist.Id.Name = fmt.Sprintf("%d-%s", i, artist.Id.Name) - - rsp, err := client.Write(tc.ctx, &pbresource.WriteRequest{Resource: artist}) - require.NoError(t, err) - - // only matching name prefix are expected - if i == namePrefixIndex { - expectedResources = append(expectedResources, rsp.Resource) - } - } - - rsp, err := client.List(tc.ctx, &pbresource.ListRequest{ - Type: demo.TypeV2Artist, - Tenancy: resource.DefaultNamespacedTenancy(), - NamePrefix: namePrefix, - }) - - require.NoError(t, err) - prototest.AssertElementsMatch(t, expectedResources, rsp.Resources) - }) - } -} - func TestList_Tenancy_Defaults_And_Normalization(t *testing.T) { // Test units of tenancy get defaulted correctly when empty. ctx := context.Background() for desc, tc := range wildcardTenancyCases() { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + demo.RegisterTypes(server.Registry) + client := testClient(t, server) // Write partition scoped record label - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") + recordLabel, err := demo.GenerateV1RecordLabel("LooneyTunes") require.NoError(t, err) recordLabelRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: recordLabel}) require.NoError(t, err) @@ -233,20 +150,21 @@ func TestList_Tenancy_Defaults_And_Normalization(t *testing.T) { prototest.AssertDeepEqual(t, artistRsp.Resource, listRsp.Resources[0]) } }) + } } func TestList_GroupVersionMismatch(t *testing.T) { for desc, tc := range listTestCases() { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + demo.RegisterTypes(server.Registry) + client := testClient(t, server) artist, err := demo.GenerateV2Artist() require.NoError(t, err) - _, err = client.Write(tc.ctx, &pbresource.WriteRequest{Resource: artist}) + _, err = server.Backend.WriteCAS(tc.ctx, artist) require.NoError(t, err) rsp, err := client.List(tc.ctx, &pbresource.ListRequest{ @@ -264,7 +182,7 @@ func TestList_VerifyReadConsistencyArg(t *testing.T) { // Uses a mockBackend instead of the inmem Backend to verify the ReadConsistency argument is set correctly. for desc, tc := range listTestCases() { t.Run(desc, func(t *testing.T) { - mockBackend := svc.NewMockBackend(t) + mockBackend := NewMockBackend(t) server := testServer(t) server.Backend = mockBackend demo.RegisterTypes(server.Registry) @@ -325,24 +243,25 @@ func TestList_ACL_ListAllowed_ReadAllowed(t *testing.T) { prototest.AssertDeepEqual(t, artist, rsp.Resources[0]) } +// roundtrip a List which attempts to return a single resource func roundTripList(t *testing.T, authz acl.Authorizer) (*pbresource.Resource, *pbresource.ListResponse, error) { + server := testServer(t) + client := testClient(t, server) ctx := testContext(t) - builder := svctest.NewResourceServiceBuilder().WithRegisterFns(demo.RegisterTypes) - client := builder.Run(t) + + mockACLResolver := &MockACLResolver{} + mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(authz, nil) + server.ACLResolver = mockACLResolver + demo.RegisterTypes(server.Registry) artist, err := demo.GenerateV2Artist() require.NoError(t, err) - rsp1, err := client.Write(ctx, &pbresource.WriteRequest{Resource: artist}) + artist, err = server.Backend.WriteCAS(ctx, artist) require.NoError(t, err) - // Put ACLResolver in place after above writes so writes not subject to ACLs - mockACLResolver := &svc.MockACLResolver{} - mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). - Return(authz, nil) - builder.ServiceImpl().Config.ACLResolver = mockACLResolver - - rsp2, err := client.List( + rsp, err := client.List( ctx, &pbresource.ListRequest{ Type: artist.Id.Type, @@ -350,7 +269,8 @@ func roundTripList(t *testing.T, authz acl.Authorizer) (*pbresource.Resource, *p NamePrefix: "", }, ) - return rsp1.Resource, rsp2, err + + return artist, rsp, err } type listTestCase struct { diff --git a/agent/grpc-external/services/resource/read.go b/agent/grpc-external/services/resource/read.go index 9fe59024ce8e6..b6cec37254566 100644 --- a/agent/grpc-external/services/resource/read.go +++ b/agent/grpc-external/services/resource/read.go @@ -18,7 +18,7 @@ import ( func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbresource.ReadResponse, error) { // Light first pass validation based on what user passed in and not much more. - reg, err := s.ensureReadRequestValid(req) + reg, err := s.validateReadRequest(req) if err != nil { return nil, err } @@ -59,8 +59,8 @@ func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbreso return nil, status.Errorf(codes.Internal, "failed read acl: %v", err) } - // Check tenancy exists for the V2 resource. - if err = tenancyExists(reg, s.TenancyBridge, req.Id.Tenancy, codes.NotFound); err != nil { + // Check V1 tenancy exists for the V2 resource. + if err = v1TenancyExists(reg, s.TenancyBridge, req.Id.Tenancy, codes.NotFound); err != nil { return nil, err } @@ -87,7 +87,7 @@ func (s *Server) Read(ctx context.Context, req *pbresource.ReadRequest) (*pbreso return &pbresource.ReadResponse{Resource: resource}, nil } -func (s *Server) ensureReadRequestValid(req *pbresource.ReadRequest) (*resource.Registration, error) { +func (s *Server) validateReadRequest(req *pbresource.ReadRequest) (*resource.Registration, error) { if req.Id == nil { return nil, status.Errorf(codes.InvalidArgument, "id is required") } @@ -102,14 +102,32 @@ func (s *Server) ensureReadRequestValid(req *pbresource.ReadRequest) (*resource. return nil, err } - if err = checkV2Tenancy(s.UseV2Tenancy, req.Id.Type); err != nil { - return nil, err - } - // Check scope - if err = validateScopedTenancy(reg.Scope, req.Id.Type, req.Id.Tenancy); err != nil { - return nil, err + if reg.Scope == resource.ScopePartition && req.Id.Tenancy.Namespace != "" { + return nil, status.Errorf( + codes.InvalidArgument, + "partition scoped resource %s cannot have a namespace. got: %s", + resource.ToGVK(req.Id.Type), + req.Id.Tenancy.Namespace, + ) + } + if reg.Scope == resource.ScopeCluster { + if req.Id.Tenancy.Partition != "" { + return nil, status.Errorf( + codes.InvalidArgument, + "cluster scoped resource %s cannot have a partition: %s", + resource.ToGVK(req.Id.Type), + req.Id.Tenancy.Partition, + ) + } + if req.Id.Tenancy.Namespace != "" { + return nil, status.Errorf( + codes.InvalidArgument, + "cluster scoped resource %s cannot have a namespace: %s", + resource.ToGVK(req.Id.Type), + req.Id.Tenancy.Namespace, + ) + } } - return reg, nil } diff --git a/agent/grpc-external/services/resource/read_test.go b/agent/grpc-external/services/resource/read_test.go index b7367e6390319..2601689bc6c4b 100644 --- a/agent/grpc-external/services/resource/read_test.go +++ b/agent/grpc-external/services/resource/read_test.go @@ -1,12 +1,11 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: BUSL-1.1 -package resource_test +package resource import ( "context" "fmt" - "strings" "sync" "testing" @@ -19,138 +18,68 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl/resolver" - svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" - svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" "github.com/hashicorp/consul/internal/storage" + "github.com/hashicorp/consul/internal/tenancy" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/proto/private/prototest" "github.com/hashicorp/consul/sdk/testutil" ) -// TODO: Update all tests to use true/false table test for v2tenancy - func TestRead_InputValidation(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - type testCase struct { - modFn func(artistId, recordlabelId, executiveId *pbresource.ID) *pbresource.ID - errContains string - } - - testCases := map[string]testCase{ - "no id": { - modFn: func(_, _, _ *pbresource.ID) *pbresource.ID { - return nil - }, - errContains: "id is required", - }, - "no type": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Type = nil - return artistId - }, - errContains: "id.type is required", - }, - "no name": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Name = "" - return artistId - }, - errContains: "id.name invalid", - }, - "name is mixed case": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Name = "MixedCaseNotAllowed" - return artistId - }, - errContains: "id.name invalid", - }, - "name too long": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Name = strings.Repeat("a", resource.MaxNameLength+1) - return artistId - }, - errContains: "id.name invalid", - }, - "partition is mixed case": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Partition = "Default" - return artistId - }, - errContains: "id.tenancy.partition invalid", - }, - "partition too long": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Partition = strings.Repeat("p", resource.MaxNameLength+1) - return artistId - }, - errContains: "id.tenancy.partition invalid", - }, - "namespace is mixed case": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Namespace = "Default" - return artistId - }, - errContains: "id.tenancy.namespace invalid", + server := testServer(t) + client := testClient(t, server) + tenancy.RegisterTypes(server.Registry) + demo.RegisterTypes(server.Registry) + + testCases := map[string]func(artistId, recordlabelId, executiveId *pbresource.ID) *pbresource.ID{ + "no id": func(_, _, _ *pbresource.ID) *pbresource.ID { return nil }, + "no type": func(artistId, _, _ *pbresource.ID) *pbresource.ID { + artistId.Type = nil + return artistId }, - "namespace too long": { - modFn: func(artistId, _, _ *pbresource.ID) *pbresource.ID { - artistId.Tenancy.Namespace = strings.Repeat("n", resource.MaxNameLength+1) - return artistId - }, - errContains: "id.tenancy.namespace invalid", + "no name": func(artistId, _, _ *pbresource.ID) *pbresource.ID { + artistId.Name = "" + return artistId }, - "partition scope with non-empty namespace": { - modFn: func(_, recordLabelId, _ *pbresource.ID) *pbresource.ID { - recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace" - return recordLabelId - }, - errContains: "cannot have a namespace", + "partition scope with non-empty namespace": func(_, recordLabelId, _ *pbresource.ID) *pbresource.ID { + recordLabelId.Tenancy.Namespace = "ishouldnothaveanamespace" + return recordLabelId }, - "cluster scope with non-empty partition": { - modFn: func(_, _, executiveId *pbresource.ID) *pbresource.ID { - executiveId.Tenancy = &pbresource.Tenancy{Partition: resource.DefaultPartitionName} - return executiveId - }, - errContains: "cannot have a partition", + "cluster scope with non-empty partition": func(_, _, executiveId *pbresource.ID) *pbresource.ID { + executiveId.Tenancy = &pbresource.Tenancy{Partition: resource.DefaultPartitionName} + return executiveId }, - "cluster scope with non-empty namespace": { - modFn: func(_, _, executiveId *pbresource.ID) *pbresource.ID { - executiveId.Tenancy = &pbresource.Tenancy{Namespace: resource.DefaultNamespaceName} - return executiveId - }, - errContains: "cannot have a namespace", + "cluster scope with non-empty namespace": func(_, _, executiveId *pbresource.ID) *pbresource.ID { + executiveId.Tenancy = &pbresource.Tenancy{Namespace: resource.DefaultNamespaceName} + return executiveId }, } - for desc, tc := range testCases { + for desc, modFn := range testCases { t.Run(desc, func(t *testing.T) { artist, err := demo.GenerateV2Artist() require.NoError(t, err) - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") require.NoError(t, err) - executive, err := demo.GenerateV1Executive("music-man", "CEO") + executive, err := demo.GenerateV1Executive("MusicMan", "CEO") require.NoError(t, err) // Each test case picks which resource to use based on the resource type's scope. - req := &pbresource.ReadRequest{Id: tc.modFn(artist.Id, recordLabel.Id, executive.Id)} + req := &pbresource.ReadRequest{Id: modFn(artist.Id, recordLabel.Id, executive.Id)} _, err = client.Read(testContext(t), req) require.Error(t, err) require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, tc.errContains) }) } } func TestRead_TypeNotFound(t *testing.T) { - server := svc.NewServer(svc.Config{Registry: resource.NewRegistry()}) + server := NewServer(Config{Registry: resource.NewRegistry()}) client := testClient(t, server) artist, err := demo.GenerateV2Artist() @@ -165,65 +94,48 @@ func TestRead_TypeNotFound(t *testing.T) { func TestRead_ResourceNotFound(t *testing.T) { for desc, tc := range readTestCases() { t.Run(desc, func(t *testing.T) { - type tenancyCase struct { - modFn func(artistId, recordlabelId *pbresource.ID) *pbresource.ID - errContains string - } - tenancyCases := map[string]tenancyCase{ - "resource not found by name": { - modFn: func(artistId, _ *pbresource.ID) *pbresource.ID { - artistId.Name = "bogusname" - return artistId - }, - errContains: "resource not found", + tenancyCases := map[string]func(artistId, recordlabelId *pbresource.ID) *pbresource.ID{ + "resource not found by name": func(artistId, _ *pbresource.ID) *pbresource.ID { + artistId.Name = "bogusname" + return artistId }, - "partition not found when namespace scoped": { - modFn: func(artistId, _ *pbresource.ID) *pbresource.ID { - id := clone(artistId) - id.Tenancy.Partition = "boguspartition" - return id - }, - errContains: "partition not found", + "partition not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID { + id := clone(artistId) + id.Tenancy.Partition = "boguspartition" + return id }, - "namespace not found when namespace scoped": { - modFn: func(artistId, _ *pbresource.ID) *pbresource.ID { - id := clone(artistId) - id.Tenancy.Namespace = "bogusnamespace" - return id - }, - errContains: "namespace not found", + "namespace not found when namespace scoped": func(artistId, _ *pbresource.ID) *pbresource.ID { + id := clone(artistId) + id.Tenancy.Namespace = "bogusnamespace" + return id }, - "partition not found when partition scoped": { - modFn: func(_, recordLabelId *pbresource.ID) *pbresource.ID { - id := clone(recordLabelId) - id.Tenancy.Partition = "boguspartition" - return id - }, - errContains: "partition not found", + "partition not found when partition scoped": func(_, recordLabelId *pbresource.ID) *pbresource.ID { + id := clone(recordLabelId) + id.Tenancy.Partition = "boguspartition" + return id }, } - for tenancyDesc, tenancyCase := range tenancyCases { + for tenancyDesc, modFn := range tenancyCases { t.Run(tenancyDesc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(true). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + demo.RegisterTypes(server.Registry) + client := testClient(t, server) - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") require.NoError(t, err) - _, err = client.Write(context.Background(), &pbresource.WriteRequest{Resource: recordLabel}) + recordLabel, err = server.Backend.WriteCAS(tc.ctx, recordLabel) require.NoError(t, err) artist, err := demo.GenerateV2Artist() require.NoError(t, err) - _, err = client.Write(context.Background(), &pbresource.WriteRequest{Resource: artist}) + artist, err = server.Backend.WriteCAS(tc.ctx, artist) require.NoError(t, err) // Each tenancy test case picks which resource to use based on the resource type's scope. - _, err = client.Read(tc.ctx, &pbresource.ReadRequest{Id: tenancyCase.modFn(artist.Id, recordLabel.Id)}) + _, err = client.Read(tc.ctx, &pbresource.ReadRequest{Id: modFn(artist.Id, recordLabel.Id)}) require.Error(t, err) require.Equal(t, codes.NotFound.String(), status.Code(err).String()) - require.ErrorContains(t, err, tenancyCase.errContains) + require.Contains(t, err.Error(), "resource not found") }) } }) @@ -233,14 +145,15 @@ func TestRead_ResourceNotFound(t *testing.T) { func TestRead_GroupVersionMismatch(t *testing.T) { for desc, tc := range readTestCases() { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + + demo.RegisterTypes(server.Registry) + client := testClient(t, server) artist, err := demo.GenerateV2Artist() require.NoError(t, err) - _, err = client.Write(tc.ctx, &pbresource.WriteRequest{Resource: artist}) + _, err = server.Backend.WriteCAS(tc.ctx, artist) require.NoError(t, err) id := clone(artist.Id) @@ -259,20 +172,18 @@ func TestRead_Success(t *testing.T) { t.Run(desc, func(t *testing.T) { for tenancyDesc, modFn := range tenancyCases() { t.Run(tenancyDesc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + demo.RegisterTypes(server.Registry) + client := testClient(t, server) - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") require.NoError(t, err) - rsp1, err := client.Write(tc.ctx, &pbresource.WriteRequest{Resource: recordLabel}) - recordLabel = rsp1.Resource + recordLabel, err = server.Backend.WriteCAS(tc.ctx, recordLabel) require.NoError(t, err) artist, err := demo.GenerateV2Artist() require.NoError(t, err) - rsp2, err := client.Write(tc.ctx, &pbresource.WriteRequest{Resource: artist}) - artist = rsp2.Resource + artist, err = server.Backend.WriteCAS(tc.ctx, artist) require.NoError(t, err) // Each tenancy test case picks which resource to use based on the resource type's scope. @@ -299,7 +210,7 @@ func TestRead_VerifyReadConsistencyArg(t *testing.T) { for desc, tc := range readTestCases() { t.Run(desc, func(t *testing.T) { server := testServer(t) - mockBackend := svc.NewMockBackend(t) + mockBackend := NewMockBackend(t) server.Backend = mockBackend demo.RegisterTypes(server.Registry) @@ -368,14 +279,15 @@ func TestRead_ACLs(t *testing.T) { for desc, tc := range testcases { t.Run(desc, func(t *testing.T) { + server := testServer(t) + client := testClient(t, server) + dr := &dummyACLResolver{ result: testutils.ACLsDisabled(t), } + server.ACLResolver = dr - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - WithACLResolver(dr). - Run(t) + demo.RegisterTypes(server.Registry) dr.SetResult(tc.authz) testutil.RunStep(t, "does not exist", func(t *testing.T) { @@ -413,7 +325,7 @@ type dummyACLResolver struct { result resolver.Result } -var _ svc.ACLResolver = (*dummyACLResolver)(nil) +var _ ACLResolver = (*dummyACLResolver)(nil) func (r *dummyACLResolver) SetResult(result resolver.Result) { r.lock.Lock() diff --git a/agent/grpc-external/services/resource/server.go b/agent/grpc-external/services/resource/server.go index b07ebaff38b98..5fc5a01fafd77 100644 --- a/agent/grpc-external/services/resource/server.go +++ b/agent/grpc-external/services/resource/server.go @@ -5,16 +5,14 @@ package resource import ( "context" - "strings" + "github.com/hashicorp/go-hclog" "google.golang.org/grpc" "google.golang.org/grpc/codes" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" "google.golang.org/protobuf/proto" - "github.com/hashicorp/go-hclog" - "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl/resolver" "github.com/hashicorp/consul/internal/resource" @@ -36,11 +34,6 @@ type Config struct { // TenancyBridge temporarily allows us to use V1 implementations of // partitions and namespaces until V2 implementations are available. TenancyBridge TenancyBridge - - // UseV2Tenancy is true if the "v2tenancy" experiement is active, false otherwise. - // Attempts to create v2 tenancy resources (partition or namespace) will fail when the - // flag is false. - UseV2Tenancy bool } //go:generate mockery --name Registry --inpackage @@ -136,12 +129,16 @@ func isGRPCStatusError(err error) bool { } func validateId(id *pbresource.ID, errorPrefix string) error { - if id.Type == nil { - return status.Errorf(codes.InvalidArgument, "%s.type is required", errorPrefix) + var field string + switch { + case id.Type == nil: + field = "type" + case id.Name == "": + field = "name" } - if err := resource.ValidateName(id.Name); err != nil { - return status.Errorf(codes.InvalidArgument, "%s.name invalid: %v", errorPrefix, err) + if field != "" { + return status.Errorf(codes.InvalidArgument, "%s.%s is required", errorPrefix, field) } // Better UX: Allow callers to pass in nil tenancy. Defaulting and inheritance of tenancy @@ -155,145 +152,57 @@ func validateId(id *pbresource.ID, errorPrefix string) error { } } - if id.Tenancy.Partition != "" { - if err := resource.ValidateName(id.Tenancy.Partition); err != nil { - return status.Errorf(codes.InvalidArgument, "%s.tenancy.partition invalid: %v", errorPrefix, err) - } - } - if id.Tenancy.Namespace != "" { - if err := resource.ValidateName(id.Tenancy.Namespace); err != nil { - return status.Errorf(codes.InvalidArgument, "%s.tenancy.namespace invalid: %v", errorPrefix, err) - } - } - // TODO(spatel): NET-5475 - Remove as part of peer_name moving to PeerTenancy - if id.Tenancy.PeerName == "" { - id.Tenancy.PeerName = resource.DefaultPeerName - } + resource.Normalize(id.Tenancy) return nil } -func validateRef(ref *pbresource.Reference, errorPrefix string) error { - if ref.Type == nil { - return status.Errorf(codes.InvalidArgument, "%s.type is required", errorPrefix) - } - if err := resource.ValidateName(ref.Name); err != nil { - return status.Errorf(codes.InvalidArgument, "%s.name invalid: %v", errorPrefix, err) - } - if err := resource.ValidateName(ref.Tenancy.Partition); err != nil { - return status.Errorf(codes.InvalidArgument, "%s.tenancy.partition invalid: %v", errorPrefix, err) - } - if err := resource.ValidateName(ref.Tenancy.Namespace); err != nil { - return status.Errorf(codes.InvalidArgument, "%s.tenancy.namespace invalid: %v", errorPrefix, err) - } - return nil -} - -func validateWildcardTenancy(tenancy *pbresource.Tenancy, namePrefix string) error { - // Partition has to be a valid name if not wildcard or empty - if tenancy.Partition != "" && tenancy.Partition != "*" { - if err := resource.ValidateName(tenancy.Partition); err != nil { - return status.Errorf(codes.InvalidArgument, "tenancy.partition invalid: %v", err) - } - } - - // Namespace has to be a valid name if not wildcard or empty - if tenancy.Namespace != "" && tenancy.Namespace != "*" { - if err := resource.ValidateName(tenancy.Namespace); err != nil { - return status.Errorf(codes.InvalidArgument, "tenancy.namespace invalid: %v", err) - } - } - - // Not doing a strict resource name validation here because the prefix can be - // something like "foo-" which is a valid prefix but not valid resource name. - // relax validation to just check for lowercasing - if namePrefix != strings.ToLower(namePrefix) { - return status.Errorf(codes.InvalidArgument, "name_prefix invalid: must be lowercase alphanumeric, got: %v", namePrefix) - } - - // TODO(spatel): NET-5475 - Remove as part of peer_name moving to PeerTenancy - if tenancy.PeerName == "" { - tenancy.PeerName = resource.DefaultPeerName - } - - return nil -} - -// tenancyExists return an error with the passed in gRPC status code when tenancy partition or namespace do not exist. -func tenancyExists(reg *resource.Registration, tenancyBridge TenancyBridge, tenancy *pbresource.Tenancy, errCode codes.Code) error { +// v1TenancyExists return an error with the passed in gRPC status code when tenancy partition or namespace do not exist. +func v1TenancyExists(reg *resource.Registration, v1Bridge TenancyBridge, tenancy *pbresource.Tenancy, errCode codes.Code) error { if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace { - exists, err := tenancyBridge.PartitionExists(tenancy.Partition) + exists, err := v1Bridge.PartitionExists(tenancy.Partition) switch { case err != nil: return err case !exists: - return status.Errorf(errCode, "partition not found: %v", tenancy.Partition) + return status.Errorf(errCode, "partition resource not found: %v", tenancy.Partition) } } if reg.Scope == resource.ScopeNamespace { - exists, err := tenancyBridge.NamespaceExists(tenancy.Partition, tenancy.Namespace) + exists, err := v1Bridge.NamespaceExists(tenancy.Partition, tenancy.Namespace) switch { case err != nil: return err case !exists: - return status.Errorf(errCode, "namespace not found: %v", tenancy.Namespace) - } - } - return nil -} - -func validateScopedTenancy(scope resource.Scope, resourceType *pbresource.Type, tenancy *pbresource.Tenancy) error { - if scope == resource.ScopePartition && tenancy.Namespace != "" { - return status.Errorf( - codes.InvalidArgument, - "partition scoped resource %s cannot have a namespace. got: %s", - resource.ToGVK(resourceType), - tenancy.Namespace, - ) - } - if scope == resource.ScopeCluster { - if tenancy.Partition != "" { - return status.Errorf( - codes.InvalidArgument, - "cluster scoped resource %s cannot have a partition: %s", - resource.ToGVK(resourceType), - tenancy.Partition, - ) - } - if tenancy.Namespace != "" { - return status.Errorf( - codes.InvalidArgument, - "cluster scoped resource %s cannot have a namespace: %s", - resource.ToGVK(resourceType), - tenancy.Namespace, - ) + return status.Errorf(errCode, "namespace resource not found: %v", tenancy.Namespace) } } return nil } -func isTenancyMarkedForDeletion(reg *resource.Registration, tenancyBridge TenancyBridge, tenancy *pbresource.Tenancy) (bool, error) { +// v1TenancyMarkedForDeletion returns a gRPC InvalidArgument when either partition or namespace is marked for deletion. +func v1TenancyMarkedForDeletion(reg *resource.Registration, v1Bridge TenancyBridge, tenancy *pbresource.Tenancy) error { if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace { - marked, err := tenancyBridge.IsPartitionMarkedForDeletion(tenancy.Partition) - if err != nil { - return false, err - } - if marked { - return marked, nil + marked, err := v1Bridge.IsPartitionMarkedForDeletion(tenancy.Partition) + switch { + case err != nil: + return err + case marked: + return status.Errorf(codes.InvalidArgument, "partition marked for deletion: %v", tenancy.Partition) } } if reg.Scope == resource.ScopeNamespace { - marked, err := tenancyBridge.IsNamespaceMarkedForDeletion(tenancy.Partition, tenancy.Namespace) - if err != nil { - return false, err + marked, err := v1Bridge.IsNamespaceMarkedForDeletion(tenancy.Partition, tenancy.Namespace) + switch { + case err != nil: + return err + case marked: + return status.Errorf(codes.InvalidArgument, "namespace marked for deletion: %v", tenancy.Namespace) } - return marked, nil } - - // Cluster scope has no tenancy so always return false - return false, nil + return nil } func clone[T proto.Message](v T) T { return proto.Clone(v).(T) } diff --git a/agent/grpc-external/services/resource/server_ce.go b/agent/grpc-external/services/resource/server_ce.go index 2e3f792fe1d10..bc48194574131 100644 --- a/agent/grpc-external/services/resource/server_ce.go +++ b/agent/grpc-external/services/resource/server_ce.go @@ -6,13 +6,9 @@ package resource import ( - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" ) func v2TenancyToV1EntMeta(tenancy *pbresource.Tenancy) *acl.EnterpriseMeta { @@ -28,12 +24,3 @@ func v1EntMetaToV2Tenancy(reg *resource.Registration, entMeta *acl.EnterpriseMet tenancy.Namespace = entMeta.NamespaceOrDefault() } } - -// checkV2Tenancy returns FailedPrecondition error for namespace resource type -// when the "v2tenancy" feature flag is not enabled. -func checkV2Tenancy(useV2Tenancy bool, rtype *pbresource.Type) error { - if resource.EqualType(rtype, pbtenancy.NamespaceType) && !useV2Tenancy { - return status.Errorf(codes.FailedPrecondition, "use of the v2 namespace resource requires the \"v2tenancy\" feature flag") - } - return nil -} diff --git a/agent/grpc-external/services/resource/server_ce_test.go b/agent/grpc-external/services/resource/server_ce_test.go index f48ff3b52b992..c385b65f3ceb4 100644 --- a/agent/grpc-external/services/resource/server_ce_test.go +++ b/agent/grpc-external/services/resource/server_ce_test.go @@ -3,7 +3,7 @@ //go:build !consulent -package resource_test +package resource import "github.com/hashicorp/consul/acl" diff --git a/agent/grpc-external/services/resource/server_test.go b/agent/grpc-external/services/resource/server_test.go index 6abb4564d8d0f..99add64971218 100644 --- a/agent/grpc-external/services/resource/server_test.go +++ b/agent/grpc-external/services/resource/server_test.go @@ -1,24 +1,23 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: BUSL-1.1 -package resource_test +package resource import ( "context" "fmt" + "strings" "testing" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" "google.golang.org/grpc" - "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/go-uuid" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl/resolver" - svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/internal/resource" @@ -53,8 +52,7 @@ func AuthorizerFrom(t *testing.T, policyStrs ...string) resolver.Result { } } -// Deprecated: use NewResourceServiceBuilder instead -func testServer(t *testing.T) *svc.Server { +func testServer(t *testing.T) *Server { t.Helper() backend, err := inmem.NewBackend() @@ -62,7 +60,7 @@ func testServer(t *testing.T) *svc.Server { go backend.Run(testContext(t)) // Mock the ACL Resolver to "allow all" for testing. - mockACLResolver := &svc.MockACLResolver{} + mockACLResolver := &MockACLResolver{} mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). Return(testutils.ACLsDisabled(t), nil). Run(func(args mock.Arguments) { @@ -78,8 +76,8 @@ func testServer(t *testing.T) *svc.Server { } }) - // Mock the tenancy bridge since we can't use the real thing. - mockTenancyBridge := &svc.MockTenancyBridge{} + // Mock the V1 tenancy bridge since we can't use the real thing. + mockTenancyBridge := &MockTenancyBridge{} mockTenancyBridge.On("PartitionExists", resource.DefaultPartitionName).Return(true, nil) mockTenancyBridge.On("NamespaceExists", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(true, nil) mockTenancyBridge.On("PartitionExists", mock.Anything).Return(false, nil) @@ -87,7 +85,7 @@ func testServer(t *testing.T) *svc.Server { mockTenancyBridge.On("IsPartitionMarkedForDeletion", resource.DefaultPartitionName).Return(false, nil) mockTenancyBridge.On("IsNamespaceMarkedForDeletion", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(false, nil) - return svc.NewServer(svc.Config{ + return NewServer(Config{ Logger: testutil.Logger(t), Registry: resource.NewRegistry(), Backend: backend, @@ -96,8 +94,7 @@ func testServer(t *testing.T) *svc.Server { }) } -// Deprecated: use NewResourceServiceBuilder instead -func testClient(t *testing.T, server *svc.Server) pbresource.ResourceServiceClient { +func testClient(t *testing.T, server *Server) pbresource.ResourceServiceClient { t.Helper() addr := testutils.RunTestServer(t, server) @@ -161,20 +158,19 @@ func wildcardTenancyCases() map[string]struct { PeerName: "local", }, }, - // TODO(spatel): NET-5475 - Remove as part of peer_name moving to PeerTenancy - "namespaced type with empty peername": { + "namespaced type with empty partition and namespace": { typ: demo.TypeV2Artist, tenancy: &pbresource.Tenancy{ - Partition: resource.DefaultPartitionName, - Namespace: resource.DefaultNamespaceName, - PeerName: "", + Partition: "", + Namespace: "", + PeerName: "local", }, }, - "namespaced type with empty partition and namespace": { + "namespaced type with uppercase partition and namespace": { typ: demo.TypeV2Artist, tenancy: &pbresource.Tenancy{ - Partition: "", - Namespace: "", + Partition: "DEFAULT", + Namespace: "DEFAULT", PeerName: "local", }, }, @@ -202,6 +198,14 @@ func wildcardTenancyCases() map[string]struct { PeerName: "local", }, }, + "partitioned type with uppercase partition": { + typ: demo.TypeV1RecordLabel, + tenancy: &pbresource.Tenancy{ + Partition: "DEFAULT", + Namespace: "", + PeerName: "local", + }, + }, "partitioned type with wildcard partition": { typ: demo.TypeV1RecordLabel, tenancy: &pbresource.Tenancy{ @@ -220,6 +224,12 @@ func tenancyCases() map[string]func(artistId, recordlabelId *pbresource.ID) *pbr "namespaced resource provides nonempty partition and namespace": func(artistId, recordLabelId *pbresource.ID) *pbresource.ID { return artistId }, + "namespaced resource provides uppercase partition and namespace": func(artistId, _ *pbresource.ID) *pbresource.ID { + id := clone(artistId) + id.Tenancy.Partition = strings.ToUpper(artistId.Tenancy.Partition) + id.Tenancy.Namespace = strings.ToUpper(artistId.Tenancy.Namespace) + return id + }, "namespaced resource inherits tokens partition when empty": func(artistId, _ *pbresource.ID) *pbresource.ID { id := clone(artistId) id.Tenancy.Partition = "" @@ -244,6 +254,11 @@ func tenancyCases() map[string]func(artistId, recordlabelId *pbresource.ID) *pbr "partitioned resource provides nonempty partition": func(_, recordLabelId *pbresource.ID) *pbresource.ID { return recordLabelId }, + "partitioned resource provides uppercase partition": func(_, recordLabelId *pbresource.ID) *pbresource.ID { + id := clone(recordLabelId) + id.Tenancy.Partition = strings.ToUpper(recordLabelId.Tenancy.Partition) + return id + }, "partitioned resource inherits tokens partition when empty": func(_, recordLabelId *pbresource.ID) *pbresource.ID { id := clone(recordLabelId) id.Tenancy.Partition = "" @@ -257,5 +272,3 @@ func tenancyCases() map[string]func(artistId, recordlabelId *pbresource.ID) *pbr } return tenancyCases } - -func clone[T proto.Message](v T) T { return proto.Clone(v).(T) } diff --git a/agent/grpc-external/services/resource/testing/builder.go b/agent/grpc-external/services/resource/testing/builder.go deleted file mode 100644 index 96c8379c0eae2..0000000000000 --- a/agent/grpc-external/services/resource/testing/builder.go +++ /dev/null @@ -1,201 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package testing - -import ( - "context" - "testing" - - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" - - "github.com/hashicorp/consul/acl" - svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" - "github.com/hashicorp/consul/agent/grpc-external/testutils" - internal "github.com/hashicorp/consul/agent/grpc-internal" - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/storage/inmem" - "github.com/hashicorp/consul/internal/tenancy" - "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/consul/sdk/testutil" -) - -type builder struct { - registry resource.Registry - registerFns []func(resource.Registry) - useV2Tenancy bool - tenancies []*pbresource.Tenancy - aclResolver svc.ACLResolver - serviceImpl *svc.Server -} - -// NewResourceServiceBuilder is the preferred way to configure and run -// an isolated in-process instance of the resource service for unit -// testing. The final call to `Run()` returns a client you can use for -// making requests. -func NewResourceServiceBuilder() *builder { - b := &builder{ - useV2Tenancy: false, - registry: resource.NewRegistry(), - // Regardless of whether using mock of v2tenancy, always make sure - // the builtin tenancy exists. - tenancies: []*pbresource.Tenancy{resource.DefaultNamespacedTenancy()}, - } - return b -} - -// WithV2Tenancy configures which tenancy bridge is used. -// -// true => real v2 default partition and namespace via v2 tenancy bridge -// false => mock default partition and namespace since v1 tenancy bridge can't be used (not spinning up an entire server here) -func (b *builder) WithV2Tenancy(useV2Tenancy bool) *builder { - b.useV2Tenancy = useV2Tenancy - return b -} - -// Registry provides access to the constructed registry post-Run() when -// needed by other test dependencies. -func (b *builder) Registry() resource.Registry { - return b.registry -} - -// ServiceImpl provides access to the actual server side implemenation of the resource service. This should never be used -// used/accessed without good reason. The current justifying use case is to monkeypatch the ACL resolver post-creation -// to allow unfettered writes which some ACL related tests require to put test data in place. -func (b *builder) ServiceImpl() *svc.Server { - return b.serviceImpl -} - -func (b *builder) WithRegisterFns(registerFns ...func(resource.Registry)) *builder { - for _, registerFn := range registerFns { - b.registerFns = append(b.registerFns, registerFn) - } - return b -} - -func (b *builder) WithACLResolver(aclResolver svc.ACLResolver) *builder { - b.aclResolver = aclResolver - return b -} - -// WithTenancies adds additional partitions and namespaces if default/default -// is not sufficient. -func (b *builder) WithTenancies(tenancies ...*pbresource.Tenancy) *builder { - for _, tenancy := range tenancies { - b.tenancies = append(b.tenancies, tenancy) - } - return b -} - -// Run starts the resource service and returns a client. -func (b *builder) Run(t *testing.T) pbresource.ResourceServiceClient { - // backend cannot be customized - backend, err := inmem.NewBackend() - require.NoError(t, err) - - // start the backend and add teardown hook - ctx, cancel := context.WithCancel(context.Background()) - t.Cleanup(cancel) - go backend.Run(ctx) - - // Automatically add tenancy types if v2 tenancy enabled - if b.useV2Tenancy { - b.registerFns = append(b.registerFns, tenancy.RegisterTypes) - } - - for _, registerFn := range b.registerFns { - registerFn(b.registry) - } - - var tenancyBridge resource.TenancyBridge - if !b.useV2Tenancy { - // use mock tenancy bridge. default/default has already been added out of the box - mockTenancyBridge := &svc.MockTenancyBridge{} - - for _, tenancy := range b.tenancies { - mockTenancyBridge.On("PartitionExists", tenancy.Partition).Return(true, nil) - mockTenancyBridge.On("NamespaceExists", tenancy.Partition, tenancy.Namespace).Return(true, nil) - mockTenancyBridge.On("IsPartitionMarkedForDeletion", tenancy.Partition).Return(false, nil) - mockTenancyBridge.On("IsNamespaceMarkedForDeletion", tenancy.Partition, tenancy.Namespace).Return(false, nil) - } - - tenancyBridge = mockTenancyBridge - } else { - // use v2 tenancy bridge. population comes later after client injected. - tenancyBridge = tenancy.NewV2TenancyBridge() - } - - if b.aclResolver == nil { - // When not provided (regardless of V1 tenancy or V2 tenancy), configure an ACL resolver - // that has ACLs disabled and fills in "default" for the partition and namespace when - // not provided. This is similar to user initiated requests. - // - // Controllers under test should be providing full tenancy since they will run with the DANGER_NO_AUTH. - mockACLResolver := &svc.MockACLResolver{} - mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). - Return(testutils.ACLsDisabled(t), nil). - Run(func(args mock.Arguments) { - // Caller expecting passed in tokenEntMeta and authorizerContext to be filled in. - tokenEntMeta := args.Get(1).(*acl.EnterpriseMeta) - if tokenEntMeta != nil { - FillEntMeta(tokenEntMeta) - } - - authzContext := args.Get(2).(*acl.AuthorizerContext) - if authzContext != nil { - FillAuthorizerContext(authzContext) - } - }) - b.aclResolver = mockACLResolver - } - - config := svc.Config{ - Logger: testutil.Logger(t), - Registry: b.registry, - Backend: backend, - ACLResolver: b.aclResolver, - TenancyBridge: tenancyBridge, - UseV2Tenancy: b.useV2Tenancy, - } - - server := grpc.NewServer() - - b.serviceImpl = svc.NewServer(config) - b.serviceImpl.Register(server) - - pipe := internal.NewPipeListener() - go server.Serve(pipe) - t.Cleanup(server.Stop) - - conn, err := grpc.Dial("", - grpc.WithTransportCredentials(insecure.NewCredentials()), - grpc.WithContextDialer(pipe.DialContext), - grpc.WithBlock(), - ) - require.NoError(t, err) - t.Cleanup(func() { _ = conn.Close() }) - - client := pbresource.NewResourceServiceClient(conn) - - // HACK ALERT: The client needs to be injected into the V2TenancyBridge - // after it has been created due the the circular dependency. This will - // go away when the tenancy bridge is removed and V1 is no more, however - // long that takes. - switch config.TenancyBridge.(type) { - case *tenancy.V2TenancyBridge: - config.TenancyBridge.(*tenancy.V2TenancyBridge).WithClient(client) - // Default partition namespace can finally be created - require.NoError(t, initTenancy(ctx, backend)) - - for _, tenancy := range b.tenancies { - if tenancy.Partition == resource.DefaultPartitionName && tenancy.Namespace == resource.DefaultNamespaceName { - continue - } - t.Fatalf("TODO: implement creation of passed in v2 tenancy: %v", tenancy) - } - } - return client -} diff --git a/agent/grpc-external/services/resource/testing/testing.go b/agent/grpc-external/services/resource/testing/testing.go index 906953b034af1..2375ae95b8894 100644 --- a/agent/grpc-external/services/resource/testing/testing.go +++ b/agent/grpc-external/services/resource/testing/testing.go @@ -4,15 +4,26 @@ package testing import ( + "context" "testing" + "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" "github.com/hashicorp/go-uuid" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl/resolver" + svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" + "github.com/hashicorp/consul/agent/grpc-external/testutils" + internal "github.com/hashicorp/consul/agent/grpc-internal" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/internal/storage/inmem" + "github.com/hashicorp/consul/proto-public/pbresource" + "github.com/hashicorp/consul/sdk/testutil" ) func randomACLIdentity(t *testing.T) structs.ACLIdentity { @@ -38,3 +49,97 @@ func AuthorizerFrom(t *testing.T, policyStrs ...string) resolver.Result { ACLIdentity: randomACLIdentity(t), } } + +// RunResourceService runs a Resource Service for the duration of the test and +// returns a client to interact with it. ACLs will be disabled and only the +// default partition and namespace are available. +func RunResourceService(t *testing.T, registerFns ...func(resource.Registry)) pbresource.ResourceServiceClient { + return RunResourceServiceWithConfig(t, svc.Config{}, registerFns...) +} + +// RunResourceServiceWithConfig runs a ResourceService with caller injectable config to ease mocking dependencies. +// Any nil config field is replaced with a reasonable default with the following behavior: +// +// config.Backend - cannot be configured and must be nil +// config.Registry - empty registry +// config.TenancyBridge - mock provided with only the default partition and namespace +// config.ACLResolver - mock provided with ACLs disabled. Fills entMeta and authzContext with default partition and namespace +func RunResourceServiceWithConfig(t *testing.T, config svc.Config, registerFns ...func(resource.Registry)) pbresource.ResourceServiceClient { + t.Helper() + + if config.Backend != nil { + panic("backend can not be configured") + } + + backend, err := inmem.NewBackend() + require.NoError(t, err) + + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(cancel) + go backend.Run(ctx) + config.Backend = backend + + if config.Registry == nil { + config.Registry = resource.NewRegistry() + } + + for _, fn := range registerFns { + fn(config.Registry) + } + + server := grpc.NewServer() + + if config.TenancyBridge == nil { + mockTenancyBridge := &svc.MockTenancyBridge{} + mockTenancyBridge.On("PartitionExists", resource.DefaultPartitionName).Return(true, nil) + mockTenancyBridge.On("PartitionExists", "foo").Return(true, nil) + mockTenancyBridge.On("NamespaceExists", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(true, nil) + mockTenancyBridge.On("IsPartitionMarkedForDeletion", resource.DefaultPartitionName).Return(false, nil) + mockTenancyBridge.On("IsPartitionMarkedForDeletion", "foo").Return(false, nil) + mockTenancyBridge.On("IsNamespaceMarkedForDeletion", resource.DefaultPartitionName, resource.DefaultNamespaceName).Return(false, nil) + config.TenancyBridge = mockTenancyBridge + } + + if config.ACLResolver == nil { + // Provide a resolver which will default partition and namespace when not provided. This is similar to user + // initiated requests. + // + // Controllers under test should be providing full tenancy since they will run with the DANGER_NO_AUTH. + mockACLResolver := &svc.MockACLResolver{} + mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). + Return(testutils.ACLsDisabled(t), nil). + Run(func(args mock.Arguments) { + // Caller expecting passed in tokenEntMeta and authorizerContext to be filled in. + tokenEntMeta := args.Get(1).(*acl.EnterpriseMeta) + if tokenEntMeta != nil { + FillEntMeta(tokenEntMeta) + } + + authzContext := args.Get(2).(*acl.AuthorizerContext) + if authzContext != nil { + FillAuthorizerContext(authzContext) + } + }) + config.ACLResolver = mockACLResolver + } + + if config.Logger == nil { + config.Logger = testutil.Logger(t) + } + + svc.NewServer(config).Register(server) + + pipe := internal.NewPipeListener() + go server.Serve(pipe) + t.Cleanup(server.Stop) + + conn, err := grpc.Dial("", + grpc.WithTransportCredentials(insecure.NewCredentials()), + grpc.WithContextDialer(pipe.DialContext), + grpc.WithBlock(), + ) + require.NoError(t, err) + t.Cleanup(func() { _ = conn.Close() }) + + return pbresource.NewResourceServiceClient(conn) +} diff --git a/agent/grpc-external/services/resource/testing/testing_ce.go b/agent/grpc-external/services/resource/testing/testing_ce.go index 8042eba55096b..023fa5189cccc 100644 --- a/agent/grpc-external/services/resource/testing/testing_ce.go +++ b/agent/grpc-external/services/resource/testing/testing_ce.go @@ -6,19 +6,7 @@ package testing import ( - "context" - "errors" - "time" - - "github.com/oklog/ulid/v2" - "google.golang.org/protobuf/types/known/anypb" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/storage" - "github.com/hashicorp/consul/internal/storage/inmem" - "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" ) func FillEntMeta(entMeta *acl.EnterpriseMeta) { @@ -28,35 +16,3 @@ func FillEntMeta(entMeta *acl.EnterpriseMeta) { func FillAuthorizerContext(authzContext *acl.AuthorizerContext) { // nothing to to in CE. } - -// initTenancy create the base tenancy objects (default/default) -func initTenancy(ctx context.Context, b *inmem.Backend) error { - nsData, err := anypb.New(&pbtenancy.Namespace{Description: "default namespace in default partition"}) - if err != nil { - return err - } - nsID := &pbresource.ID{ - Type: pbtenancy.NamespaceType, - Name: resource.DefaultNamespaceName, - Tenancy: resource.DefaultPartitionedTenancy(), - Uid: ulid.Make().String(), - } - read, err := b.Read(ctx, storage.StrongConsistency, nsID) - if err != nil && !errors.Is(err, storage.ErrNotFound) { - return err - } - if read == nil && errors.Is(err, storage.ErrNotFound) { - _, err = b.WriteCAS(ctx, &pbresource.Resource{ - Id: nsID, - Generation: ulid.Make().String(), - Data: nsData, - Metadata: map[string]string{ - "generated_at": time.Now().Format(time.RFC3339), - }, - }) - if err != nil { - return err - } - } - return nil -} diff --git a/agent/grpc-external/services/resource/watch.go b/agent/grpc-external/services/resource/watch.go index adabb3d256ee0..f20d3f00f875a 100644 --- a/agent/grpc-external/services/resource/watch.go +++ b/agent/grpc-external/services/resource/watch.go @@ -16,7 +16,7 @@ import ( ) func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.ResourceService_WatchListServer) error { - reg, err := s.ensureWatchListRequestValid(req) + reg, err := s.validateWatchListRequest(req) if err != nil { return err } @@ -91,9 +91,17 @@ func (s *Server) WatchList(req *pbresource.WatchListRequest, stream pbresource.R } } -func (s *Server) ensureWatchListRequestValid(req *pbresource.WatchListRequest) (*resource.Registration, error) { - if req.Type == nil { - return nil, status.Errorf(codes.InvalidArgument, "type is required") +func (s *Server) validateWatchListRequest(req *pbresource.WatchListRequest) (*resource.Registration, error) { + var field string + switch { + case req.Type == nil: + field = "type" + case req.Tenancy == nil: + field = "tenancy" + } + + if field != "" { + return nil, status.Errorf(codes.InvalidArgument, "%s is required", field) } // Check type exists. @@ -102,46 +110,18 @@ func (s *Server) ensureWatchListRequestValid(req *pbresource.WatchListRequest) ( return nil, err } - // if no tenancy is passed defaults to wildcard - if req.Tenancy == nil { - req.Tenancy = wildcardTenancyFor(reg.Scope) - } - - if err = checkV2Tenancy(s.UseV2Tenancy, req.Type); err != nil { - return nil, err - } - - if err := validateWildcardTenancy(req.Tenancy, req.NamePrefix); err != nil { - return nil, err - } - - // Check scope - if err = validateScopedTenancy(reg.Scope, req.Type, req.Tenancy); err != nil { - return nil, err + // Lowercase + resource.Normalize(req.Tenancy) + + // Error when partition scoped and namespace not empty. + if reg.Scope == resource.ScopePartition && req.Tenancy.Namespace != "" { + return nil, status.Errorf( + codes.InvalidArgument, + "partition scoped type %s cannot have a namespace. got: %s", + resource.ToGVK(req.Type), + req.Tenancy.Namespace, + ) } return reg, nil } - -func wildcardTenancyFor(scope resource.Scope) *pbresource.Tenancy { - var defaultTenancy *pbresource.Tenancy - - switch scope { - case resource.ScopeCluster: - defaultTenancy = &pbresource.Tenancy{ - PeerName: storage.Wildcard, - } - case resource.ScopePartition: - defaultTenancy = &pbresource.Tenancy{ - Partition: storage.Wildcard, - PeerName: storage.Wildcard, - } - default: - defaultTenancy = &pbresource.Tenancy{ - Partition: storage.Wildcard, - PeerName: storage.Wildcard, - Namespace: storage.Wildcard, - } - } - return defaultTenancy -} diff --git a/agent/grpc-external/services/resource/watch_test.go b/agent/grpc-external/services/resource/watch_test.go index 2c596e01b383d..051264441bbc8 100644 --- a/agent/grpc-external/services/resource/watch_test.go +++ b/agent/grpc-external/services/resource/watch_test.go @@ -1,102 +1,50 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: BUSL-1.1 -package resource_test +package resource import ( "context" "errors" "io" - "strings" "testing" "time" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - "google.golang.org/protobuf/proto" - "github.com/hashicorp/consul/acl" - svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" - svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" "github.com/hashicorp/consul/agent/grpc-external/testutils" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/proto/private/prototest" -) -// TODO: Update all tests to use true/false table test for v2tenancy + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" +) func TestWatchList_InputValidation(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) - type testCase struct { - modFn func(*pbresource.WatchListRequest) - errContains string - } + demo.RegisterTypes(server.Registry) - testCases := map[string]testCase{ - "no type": { - modFn: func(req *pbresource.WatchListRequest) { req.Type = nil }, - errContains: "type is required", - }, - "partition mixed case": { - modFn: func(req *pbresource.WatchListRequest) { req.Tenancy.Partition = "Default" }, - errContains: "tenancy.partition invalid", - }, - "partition too long": { - modFn: func(req *pbresource.WatchListRequest) { - req.Tenancy.Partition = strings.Repeat("p", resource.MaxNameLength+1) - }, - errContains: "tenancy.partition invalid", - }, - "namespace mixed case": { - modFn: func(req *pbresource.WatchListRequest) { req.Tenancy.Namespace = "Default" }, - errContains: "tenancy.namespace invalid", - }, - "namespace too long": { - modFn: func(req *pbresource.WatchListRequest) { - req.Tenancy.Namespace = strings.Repeat("n", resource.MaxNameLength+1) - }, - errContains: "tenancy.namespace invalid", - }, - "name_prefix mixed case": { - modFn: func(req *pbresource.WatchListRequest) { req.NamePrefix = "Smashing" }, - errContains: "name_prefix invalid", - }, - "partitioned type provides non-empty namespace": { - modFn: func(req *pbresource.WatchListRequest) { - req.Type = demo.TypeV1RecordLabel - req.Tenancy.Namespace = "bad" - }, - errContains: "cannot have a namespace", - }, - "cluster scope with non-empty partition": { - modFn: func(req *pbresource.WatchListRequest) { - req.Type = demo.TypeV1Executive - req.Tenancy = &pbresource.Tenancy{Partition: "bad"} - }, - errContains: "cannot have a partition", - }, - "cluster scope with non-empty namespace": { - modFn: func(req *pbresource.WatchListRequest) { - req.Type = demo.TypeV1Executive - req.Tenancy = &pbresource.Tenancy{Namespace: "bad"} - }, - errContains: "cannot have a namespace", + testCases := map[string]func(*pbresource.WatchListRequest){ + "no type": func(req *pbresource.WatchListRequest) { req.Type = nil }, + "no tenancy": func(req *pbresource.WatchListRequest) { req.Tenancy = nil }, + "partitioned type provides non-empty namespace": func(req *pbresource.WatchListRequest) { + req.Type = demo.TypeV1RecordLabel + req.Tenancy.Namespace = "bad" }, } - for desc, tc := range testCases { + for desc, modFn := range testCases { t.Run(desc, func(t *testing.T) { req := &pbresource.WatchListRequest{ Type: demo.TypeV2Album, Tenancy: resource.DefaultNamespacedTenancy(), } - tc.modFn(req) + modFn(req) stream, err := client.WatchList(testContext(t), req) require.NoError(t, err) @@ -104,7 +52,6 @@ func TestWatchList_InputValidation(t *testing.T) { _, err = stream.Recv() require.Error(t, err) require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, tc.errContains) }) } } @@ -112,7 +59,8 @@ func TestWatchList_InputValidation(t *testing.T) { func TestWatchList_TypeNotFound(t *testing.T) { t.Parallel() - client := svctest.NewResourceServiceBuilder().Run(t) + server := testServer(t) + client := testClient(t, server) stream, err := client.WatchList(context.Background(), &pbresource.WatchListRequest{ Type: demo.TypeV2Artist, @@ -174,9 +122,9 @@ func TestWatchList_Tenancy_Defaults_And_Normalization(t *testing.T) { for desc, tc := range wildcardTenancyCases() { t.Run(desc, func(t *testing.T) { ctx := context.Background() - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) // Create a watch. stream, err := client.WatchList(ctx, &pbresource.WatchListRequest{ @@ -188,23 +136,23 @@ func TestWatchList_Tenancy_Defaults_And_Normalization(t *testing.T) { rspCh := handleResourceStream(t, stream) // Testcase will pick one of recordLabel or artist based on scope of type. - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") + recordLabel, err := demo.GenerateV1RecordLabel("LooneyTunes") require.NoError(t, err) artist, err := demo.GenerateV2Artist() require.NoError(t, err) // Create and verify upsert event received. - rlRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: recordLabel}) + recordLabel, err = server.Backend.WriteCAS(ctx, recordLabel) require.NoError(t, err) - artistRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: artist}) + artist, err = server.Backend.WriteCAS(ctx, artist) require.NoError(t, err) var expected *pbresource.Resource switch { case proto.Equal(tc.typ, demo.TypeV1RecordLabel): - expected = rlRsp.Resource + expected = recordLabel case proto.Equal(tc.typ, demo.TypeV2Artist): - expected = artistRsp.Resource + expected = artist default: require.Fail(t, "unsupported type", tc.typ) } @@ -213,6 +161,7 @@ func TestWatchList_Tenancy_Defaults_And_Normalization(t *testing.T) { require.Equal(t, pbresource.WatchEvent_OPERATION_UPSERT, rsp.Operation) prototest.AssertDeepEqual(t, expected, rsp.Resource) }) + } } @@ -306,7 +255,7 @@ func roundTripACL(t *testing.T, authz acl.Authorizer) (<-chan resourceOrError, * server := testServer(t) client := testClient(t, server) - mockACLResolver := &svc.MockACLResolver{} + mockACLResolver := &MockACLResolver{} mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). Return(authz, nil) server.ACLResolver = mockACLResolver @@ -394,31 +343,3 @@ type resourceOrError struct { rsp *pbresource.WatchEvent err error } - -func TestWatchList_NoTenancy(t *testing.T) { - t.Parallel() - - ctx := context.Background() - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - // Create a watch. - stream, err := client.WatchList(ctx, &pbresource.WatchListRequest{ - Type: demo.TypeV1RecordLabel, - }) - require.NoError(t, err) - rspCh := handleResourceStream(t, stream) - - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") - require.NoError(t, err) - - // Create and verify upsert event received. - rsp1, err := client.Write(ctx, &pbresource.WriteRequest{Resource: recordLabel}) - require.NoError(t, err) - - rsp2 := mustGetResource(t, rspCh) - - require.Equal(t, pbresource.WatchEvent_OPERATION_UPSERT, rsp2.Operation) - prototest.AssertDeepEqual(t, rsp1.Resource, rsp2.Resource) -} diff --git a/agent/grpc-external/services/resource/write.go b/agent/grpc-external/services/resource/write.go index 87091ed920302..7110122313fa3 100644 --- a/agent/grpc-external/services/resource/write.go +++ b/agent/grpc-external/services/resource/write.go @@ -10,10 +10,8 @@ import ( "time" "github.com/oklog/ulid/v2" - "golang.org/x/exp/maps" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - "google.golang.org/protobuf/proto" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/resource" @@ -39,7 +37,7 @@ import ( var errUseWriteStatus = status.Error(codes.InvalidArgument, "resource.status can only be set using the WriteStatus endpoint") func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbresource.WriteResponse, error) { - reg, err := s.ensureWriteRequestValid(req) + reg, err := s.validateWriteRequest(req) if err != nil { return nil, err } @@ -80,16 +78,14 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre return nil, status.Errorf(codes.Internal, "failed write acl: %v", err) } - // Check tenancy exists for the V2 resource - if err = tenancyExists(reg, s.TenancyBridge, req.Resource.Id.Tenancy, codes.InvalidArgument); err != nil { + // Check V1 tenancy exists for the V2 resource + if err = v1TenancyExists(reg, s.TenancyBridge, req.Resource.Id.Tenancy, codes.InvalidArgument); err != nil { return nil, err } - // This is used later in the "create" and "update" paths to block non-delete related writes - // when a tenancy unit has been marked for deletion. - tenancyMarkedForDeletion, err := isTenancyMarkedForDeletion(reg, s.TenancyBridge, req.Resource.Id.Tenancy) - if err != nil { - return nil, status.Errorf(codes.Internal, "failed tenancy marked for deletion check: %v", err) + // Check V1 tenancy not marked for deletion. + if err = v1TenancyMarkedForDeletion(reg, s.TenancyBridge, req.Resource.Id.Tenancy); err != nil { + return nil, err } // At the storage backend layer, all writes are CAS operations. @@ -131,16 +127,6 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre return errUseWriteStatus } - // Reject creation in tenancy unit marked for deletion. - if tenancyMarkedForDeletion { - return status.Errorf(codes.InvalidArgument, "tenancy marked for deletion: %v", input.Id.Tenancy.String()) - } - - // Reject attempts to create a resource with a deletionTimestamp. - if resource.IsMarkedForDeletion(input) { - return status.Errorf(codes.InvalidArgument, "resource.metadata.%s can't be set on resource creation", resource.DeletionTimestampKey) - } - // Generally, we expect resources with owners to be created by controllers, // and they should provide the Uid. In cases where no Uid is given (e.g. the // owner is specified in the resource HCL) we'll look up whatever the current @@ -182,11 +168,9 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre // just want to update the current resource. input.Id = existing.Id - // User is doing a non-CAS write, use the current version and preserve - // deferred deletion metadata if not present. + // User is doing a non-CAS write, use the current version. if input.Version == "" { input.Version = existing.Version - preserveDeferredDeletionMetadata(input, existing) } // Check the stored version matches the user-given version. @@ -224,13 +208,6 @@ func (s *Server) Write(ctx context.Context, req *pbresource.WriteRequest) (*pbre return errUseWriteStatus } - // If the write is related to a deferred deletion (marking for deletion or removal - // of finalizers), make sure nothing else is changed. - if err := vetIfDeleteRelated(input, existing, tenancyMarkedForDeletion); err != nil { - return err - } - - // Otherwise, let the write continue default: return err } @@ -288,7 +265,7 @@ func (s *Server) retryCAS(ctx context.Context, vsn string, cas func() error) err return err } -func (s *Server) ensureWriteRequestValid(req *pbresource.WriteRequest) (*resource.Registration, error) { +func (s *Server) validateWriteRequest(req *pbresource.WriteRequest) (*resource.Registration, error) { var field string switch { case req.Resource == nil: @@ -317,10 +294,6 @@ func (s *Server) ensureWriteRequestValid(req *pbresource.WriteRequest) (*resourc return nil, err } - if err = checkV2Tenancy(s.UseV2Tenancy, req.Resource.Id.Type); err != nil { - return nil, err - } - // Check scope if reg.Scope == resource.ScopePartition && req.Resource.Id.Tenancy.Namespace != "" { return nil, status.Errorf( @@ -333,140 +306,3 @@ func (s *Server) ensureWriteRequestValid(req *pbresource.WriteRequest) (*resourc return reg, nil } - -func ensureMetadataSameExceptFor(input *pbresource.Resource, existing *pbresource.Resource, ignoreKey string) error { - // Work on copies since we're mutating them - inputCopy := maps.Clone(input.Metadata) - existingCopy := maps.Clone(existing.Metadata) - - delete(inputCopy, ignoreKey) - delete(existingCopy, ignoreKey) - - if !maps.Equal(inputCopy, existingCopy) { - return status.Error(codes.InvalidArgument, "cannot modify metadata") - } - - return nil -} - -func ensureDataUnchanged(input *pbresource.Resource, existing *pbresource.Resource) error { - // Check data last since this could potentially be the most expensive comparison. - if !proto.Equal(input.Data, existing.Data) { - return status.Error(codes.InvalidArgument, "cannot modify data") - } - return nil -} - -// EnsureFinalizerRemoved ensures at least one finalizer was removed. -// TODO: only public for test to access -func EnsureFinalizerRemoved(input *pbresource.Resource, existing *pbresource.Resource) error { - inputFinalizers := resource.GetFinalizers(input) - existingFinalizers := resource.GetFinalizers(existing) - if !inputFinalizers.IsProperSubset(existingFinalizers) { - return status.Error(codes.InvalidArgument, "expected at least one finalizer to be removed") - } - return nil -} - -func vetIfDeleteRelated(input, existing *pbresource.Resource, tenancyMarkedForDeletion bool) error { - // Keep track of whether this write is a normal write or a write that is related - // to deferred resource deletion involving setting the deletionTimestamp or the - // removal of finalizers. - deleteRelated := false - - existingMarked := resource.IsMarkedForDeletion(existing) - inputMarked := resource.IsMarkedForDeletion(input) - - // Block removal of deletion timestamp - if !inputMarked && existingMarked { - return status.Errorf(codes.InvalidArgument, "cannot remove %s", resource.DeletionTimestampKey) - } - - // Block modification of existing deletion timestamp - if existing.Metadata[resource.DeletionTimestampKey] != "" && (existing.Metadata[resource.DeletionTimestampKey] != input.Metadata[resource.DeletionTimestampKey]) { - return status.Errorf(codes.InvalidArgument, "cannot modify %s", resource.DeletionTimestampKey) - } - - // Block writes that do more than just adding a deletion timestamp - if inputMarked && !existingMarked { - deleteRelated = deleteRelated || true - // Verify rest of resource is unchanged - if err := ensureMetadataSameExceptFor(input, existing, resource.DeletionTimestampKey); err != nil { - return err - } - if err := ensureDataUnchanged(input, existing); err != nil { - return err - } - } - - // Block no-op writes writes to resource that already has a deletion timestamp. The - // only valid writes should be removal of finalizers. - if inputMarked && existingMarked { - deleteRelated = deleteRelated || true - // Check if a no-op - errMetadataSame := ensureMetadataSameExceptFor(input, existing, resource.DeletionTimestampKey) - errDataUnchanged := ensureDataUnchanged(input, existing) - if errMetadataSame == nil && errDataUnchanged == nil { - return status.Error(codes.InvalidArgument, "cannot no-op write resource marked for deletion") - } - } - - // Block writes that do more than removing finalizers if previously marked for deletion. - if inputMarked && existingMarked && resource.HasFinalizers(existing) { - deleteRelated = deleteRelated || true - if err := ensureMetadataSameExceptFor(input, existing, resource.FinalizerKey); err != nil { - return err - } - if err := ensureDataUnchanged(input, existing); err != nil { - return err - } - if err := EnsureFinalizerRemoved(input, existing); err != nil { - return err - } - } - - // Classify writes that just remove finalizer as deleteRelated regardless of deletion state. - if err := EnsureFinalizerRemoved(input, existing); err == nil { - if err := ensureDataUnchanged(input, existing); err == nil { - deleteRelated = deleteRelated || true - } - } - - // Lastly, block writes when the resource's tenancy unit has been marked for deletion and - // the write is not related a valid delete scenario. - if tenancyMarkedForDeletion && !deleteRelated { - return status.Errorf(codes.InvalidArgument, "cannot write resource when tenancy marked for deletion: %s", existing.Id.Tenancy) - } - - return nil -} - -// preserveDeferredDeletionMetadata only applies to user writes (Version == "") which is a precondition. -func preserveDeferredDeletionMetadata(input, existing *pbresource.Resource) { - // preserve existing deletionTimestamp if not provided in input - if !resource.IsMarkedForDeletion(input) && resource.IsMarkedForDeletion(existing) { - if input.Metadata == nil { - input.Metadata = make(map[string]string) - } - input.Metadata[resource.DeletionTimestampKey] = existing.Metadata[resource.DeletionTimestampKey] - } - - // Only preserve finalizers if the is key absent from input and present in existing. - // If the key is present in input, the user clearly wants to remove finalizers! - inputHasKey := false - if input.Metadata != nil { - _, inputHasKey = input.Metadata[resource.FinalizerKey] - } - - existingHasKey := false - if existing.Metadata != nil { - _, existingHasKey = existing.Metadata[resource.FinalizerKey] - } - - if !inputHasKey && existingHasKey { - if input.Metadata == nil { - input.Metadata = make(map[string]string) - } - input.Metadata[resource.FinalizerKey] = existing.Metadata[resource.FinalizerKey] - } -} diff --git a/agent/grpc-external/services/resource/write_status.go b/agent/grpc-external/services/resource/write_status.go index 7009a7fd72bb2..0d3b68bb08766 100644 --- a/agent/grpc-external/services/resource/write_status.go +++ b/agent/grpc-external/services/resource/write_status.go @@ -34,9 +34,9 @@ func (s *Server) WriteStatus(ctx context.Context, req *pbresource.WriteStatusReq // Apply defaults when tenancy units empty. v1EntMetaToV2Tenancy(reg, entMeta, req.Id.Tenancy) - // Check tenancy exists for the V2 resource. Ignore "marked for deletion" since status updates + // Check V1 tenancy exists for the V2 resource. Ignore "marked for deletion" since status updates // should still work regardless. - if err = tenancyExists(reg, s.TenancyBridge, req.Id.Tenancy, codes.InvalidArgument); err != nil { + if err = v1TenancyExists(reg, s.TenancyBridge, req.Id.Tenancy, codes.InvalidArgument); err != nil { return nil, err } @@ -178,17 +178,8 @@ func (s *Server) validateWriteStatusRequest(req *pbresource.WriteStatusRequest) } } - if err := validateId(req.Id, "id"); err != nil { - return nil, err - } - - for i, condition := range req.Status.Conditions { - if condition.Resource != nil { - if err := validateRef(condition.Resource, fmt.Sprintf("status.conditions[%d].resource", i)); err != nil { - return nil, err - } - } - } + // Lowercase + resource.Normalize(req.Id.Tenancy) // Check type exists. reg, err := s.resolveType(req.Id.Type) diff --git a/agent/grpc-external/services/resource/write_status_test.go b/agent/grpc-external/services/resource/write_status_test.go index e84266673b645..5b71983475d94 100644 --- a/agent/grpc-external/services/resource/write_status_test.go +++ b/agent/grpc-external/services/resource/write_status_test.go @@ -1,7 +1,7 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: BUSL-1.1 -package resource_test +package resource import ( "fmt" @@ -16,15 +16,11 @@ import ( "google.golang.org/protobuf/types/known/timestamppb" "github.com/hashicorp/consul/acl/resolver" - svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" - svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" "github.com/hashicorp/consul/proto-public/pbresource" ) -// TODO: Update all tests to use true/false table test for v2tenancy - func TestWriteStatus_ACL(t *testing.T) { type testCase struct { authz resolver.Result @@ -48,8 +44,9 @@ func TestWriteStatus_ACL(t *testing.T) { for desc, tc := range testcases { t.Run(desc, func(t *testing.T) { - builder := svctest.NewResourceServiceBuilder().WithRegisterFns(demo.RegisterTypes) - client := builder.Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) artist, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -59,10 +56,10 @@ func TestWriteStatus_ACL(t *testing.T) { artist = rsp.Resource // Defer mocking out authz since above write is necessary to set up the test resource. - mockACLResolver := &svc.MockACLResolver{} + mockACLResolver := &MockACLResolver{} mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). Return(tc.authz, nil) - builder.ServiceImpl().Config.ACLResolver = mockACLResolver + server.ACLResolver = mockACLResolver // exercise ACL _, err = client.WriteStatus(testContext(t), validWriteStatusRequest(t, artist)) @@ -72,160 +69,69 @@ func TestWriteStatus_ACL(t *testing.T) { } func TestWriteStatus_InputValidation(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) testCases := map[string]struct { - typ *pbresource.Type - modFn func(req *pbresource.WriteStatusRequest) - errContains string + typ *pbresource.Type + modFn func(req *pbresource.WriteStatusRequest) }{ "no id": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Id = nil }, - errContains: "id is required", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Id = nil }, }, "no type": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Type = nil }, - errContains: "id.type is required", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Type = nil }, }, "no name": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Name = "" }, - errContains: "id.name is required", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Name = "" }, }, "no uid": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Uid = "" }, - errContains: "id.uid is required", - }, - "name mixed case": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Name = "U2" }, - errContains: "id.name invalid", - }, - "name too long": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { - req.Id.Name = strings.Repeat("a", resource.MaxNameLength+1) - }, - errContains: "id.name invalid", - }, - "partition mixed case": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "Default" }, - errContains: "id.tenancy.partition invalid", - }, - "partition too long": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { - req.Id.Tenancy.Partition = strings.Repeat("p", resource.MaxNameLength+1) - }, - errContains: "id.tenancy.partition invalid", - }, - "namespace mixed case": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Namespace = "Default" }, - errContains: "id.tenancy.namespace invalid", - }, - "namespace too long": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { - req.Id.Tenancy.Namespace = strings.Repeat("n", resource.MaxNameLength+1) - }, - errContains: "id.tenancy.namespace invalid", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Uid = "" }, }, "no key": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Key = "" }, - errContains: "key is required", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Key = "" }, }, "no status": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Status = nil }, - errContains: "status is required", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Status = nil }, }, "no observed generation": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "" }, - errContains: "status.observed_generation is required", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "" }, }, "bad observed generation": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "bogus" }, - errContains: "status.observed_generation is not valid", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Status.ObservedGeneration = "bogus" }, }, "no condition type": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Type = "" }, - errContains: "status.conditions[0].type is required", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Type = "" }, }, "no reference type": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Type = nil }, - errContains: "status.conditions[0].resource.type is required", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Type = nil }, }, "no reference tenancy": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Tenancy = nil }, - errContains: "status.conditions[0].resource.tenancy is required", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Tenancy = nil }, }, "no reference name": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Name = "" }, - errContains: "status.conditions[0].resource.name is required", - }, - "reference name mixed case": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Name = "U2" }, - errContains: "status.conditions[0].resource.name invalid", - }, - "reference name too long": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { - req.Status.Conditions[0].Resource.Name = strings.Repeat("r", resource.MaxNameLength+1) - }, - errContains: "status.conditions[0].resource.name invalid", - }, - "reference partition mixed case": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { - req.Status.Conditions[0].Resource.Tenancy.Partition = "Default" - }, - errContains: "status.conditions[0].resource.tenancy.partition invalid", - }, - "reference partition too long": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { - req.Status.Conditions[0].Resource.Tenancy.Partition = strings.Repeat("p", resource.MaxNameLength+1) - }, - errContains: "status.conditions[0].resource.tenancy.partition invalid", - }, - "reference namespace mixed case": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { - req.Status.Conditions[0].Resource.Tenancy.Namespace = "Default" - }, - errContains: "status.conditions[0].resource.tenancy.namespace invalid", - }, - "reference namespace too long": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { - req.Status.Conditions[0].Resource.Tenancy.Namespace = strings.Repeat("n", resource.MaxNameLength+1) - }, - errContains: "status.conditions[0].resource.tenancy.namespace invalid", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Status.Conditions[0].Resource.Name = "" }, }, "updated at provided": { - typ: demo.TypeV2Artist, - modFn: func(req *pbresource.WriteStatusRequest) { req.Status.UpdatedAt = timestamppb.Now() }, - errContains: "status.updated_at is automatically set and cannot be provided", + typ: demo.TypeV2Artist, + modFn: func(req *pbresource.WriteStatusRequest) { req.Status.UpdatedAt = timestamppb.Now() }, }, "partition scoped type provides namespace in tenancy": { - typ: demo.TypeV1RecordLabel, - modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Namespace = "bad" }, - errContains: "cannot have a namespace", + typ: demo.TypeV1RecordLabel, + modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Namespace = "bad" }, }, } for desc, tc := range testCases { @@ -236,7 +142,7 @@ func TestWriteStatus_InputValidation(t *testing.T) { case resource.EqualType(demo.TypeV2Artist, tc.typ): res, err = demo.GenerateV2Artist() case resource.EqualType(demo.TypeV1RecordLabel, tc.typ): - res, err = demo.GenerateV1RecordLabel("looney-tunes") + res, err = demo.GenerateV1RecordLabel("Looney Tunes") default: t.Fatal("unsupported type", tc.typ) } @@ -251,7 +157,6 @@ func TestWriteStatus_InputValidation(t *testing.T) { _, err = client.WriteStatus(testContext(t), req) require.Error(t, err) require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, tc.errContains) }) } } @@ -262,9 +167,9 @@ func TestWriteStatus_Success(t *testing.T) { "Non CAS": func(req *pbresource.WriteStatusRequest) { req.Version = "" }, } { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -305,6 +210,13 @@ func TestWriteStatus_Tenancy_Defaults(t *testing.T) { scope: resource.ScopeNamespace, modFn: func(req *pbresource.WriteStatusRequest) {}, }, + "namespaced resource provides uppercase partition and namespace": { + scope: resource.ScopeNamespace, + modFn: func(req *pbresource.WriteStatusRequest) { + req.Id.Tenancy.Partition = strings.ToUpper(req.Id.Tenancy.Partition) + req.Id.Tenancy.Namespace = strings.ToUpper(req.Id.Tenancy.Namespace) + }, + }, "namespaced resource inherits tokens partition when empty": { scope: resource.ScopeNamespace, modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "" }, @@ -328,15 +240,21 @@ func TestWriteStatus_Tenancy_Defaults(t *testing.T) { scope: resource.ScopePartition, modFn: func(req *pbresource.WriteStatusRequest) {}, }, + "partitioned resource provides uppercase partition": { + scope: resource.ScopePartition, + modFn: func(req *pbresource.WriteStatusRequest) { + req.Id.Tenancy.Partition = strings.ToUpper(req.Id.Tenancy.Partition) + }, + }, "partitioned resource inherits tokens partition when empty": { scope: resource.ScopePartition, modFn: func(req *pbresource.WriteStatusRequest) { req.Id.Tenancy.Partition = "" }, }, } { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) // Pick resource based on scope of type in testcase. var res *pbresource.Resource @@ -345,7 +263,7 @@ func TestWriteStatus_Tenancy_Defaults(t *testing.T) { case resource.ScopeNamespace: res, err = demo.GenerateV2Artist() case resource.ScopePartition: - res, err = demo.GenerateV1RecordLabel("looney-tunes") + res, err = demo.GenerateV1RecordLabel("Looney Tunes") } require.NoError(t, err) @@ -362,7 +280,7 @@ func TestWriteStatus_Tenancy_Defaults(t *testing.T) { require.NoError(t, err) res = rsp.Resource - // Re-read resource and verify status successfully written (not nil) + // Re-read resoruce and verify status successfully written (not nil) _, err = client.Read(testContext(t), &pbresource.ReadRequest{Id: res.Id}) require.NoError(t, err) res = rsp.Resource @@ -398,10 +316,9 @@ func TestWriteStatus_Tenancy_NotFound(t *testing.T) { }, } { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(true). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) // Pick resource based on scope of type in testcase. var res *pbresource.Resource @@ -410,7 +327,7 @@ func TestWriteStatus_Tenancy_NotFound(t *testing.T) { case resource.ScopeNamespace: res, err = demo.GenerateV2Artist() case resource.ScopePartition: - res, err = demo.GenerateV1RecordLabel("looney-tunes") + res, err = demo.GenerateV1RecordLabel("Looney Tunes") } require.NoError(t, err) @@ -432,9 +349,10 @@ func TestWriteStatus_Tenancy_NotFound(t *testing.T) { } func TestWriteStatus_CASFailure(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -452,7 +370,8 @@ func TestWriteStatus_CASFailure(t *testing.T) { } func TestWriteStatus_TypeNotFound(t *testing.T) { - client := svctest.NewResourceServiceBuilder().Run(t) + server := testServer(t) + client := testClient(t, server) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -466,9 +385,9 @@ func TestWriteStatus_TypeNotFound(t *testing.T) { } func TestWriteStatus_ResourceNotFound(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -481,9 +400,9 @@ func TestWriteStatus_ResourceNotFound(t *testing.T) { } func TestWriteStatus_WrongUid(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) diff --git a/agent/grpc-external/services/resource/write_test.go b/agent/grpc-external/services/resource/write_test.go index 5c6c7732106a8..3828ff9753f2d 100644 --- a/agent/grpc-external/services/resource/write_test.go +++ b/agent/grpc-external/services/resource/write_test.go @@ -1,14 +1,13 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: BUSL-1.1 -package resource_test +package resource import ( "context" "strings" "sync/atomic" "testing" - "time" "github.com/oklog/ulid/v2" "github.com/stretchr/testify/mock" @@ -18,149 +17,75 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/acl/resolver" - svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" - svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" - rtest "github.com/hashicorp/consul/internal/resource/resourcetest" "github.com/hashicorp/consul/internal/storage" "github.com/hashicorp/consul/proto-public/pbresource" - pbdemo "github.com/hashicorp/consul/proto/private/pbdemo/v1" pbdemov1 "github.com/hashicorp/consul/proto/private/pbdemo/v1" pbdemov2 "github.com/hashicorp/consul/proto/private/pbdemo/v2" "github.com/hashicorp/consul/proto/private/prototest" ) -// TODO: Update all tests to use true/false table test for v2tenancy - func TestWrite_InputValidation(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) - type testCase struct { - modFn func(artist, recordLabel *pbresource.Resource) *pbresource.Resource - errContains string - } + demo.RegisterTypes(server.Registry) - testCases := map[string]testCase{ - "no resource": { - modFn: func(_, _ *pbresource.Resource) *pbresource.Resource { - return nil - }, - errContains: "resource is required", - }, - "no id": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - artist.Id = nil - return artist - }, - errContains: "resource.id is required", - }, - "no type": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - artist.Id.Type = nil - return artist - }, - errContains: "resource.id.type is required", - }, - "no name": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - artist.Id.Name = "" - return artist - }, - errContains: "resource.id.name invalid", + testCases := map[string]func(artist, recordLabel *pbresource.Resource) *pbresource.Resource{ + "no resource": func(artist, recordLabel *pbresource.Resource) *pbresource.Resource { return nil }, + "no id": func(artist, _ *pbresource.Resource) *pbresource.Resource { + artist.Id = nil + return artist }, - "name is mixed case": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - artist.Id.Name = "MixedCaseNotAllowed" - return artist - }, - errContains: "resource.id.name invalid", + "no type": func(artist, _ *pbresource.Resource) *pbresource.Resource { + artist.Id.Type = nil + return artist }, - "name too long": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - artist.Id.Name = strings.Repeat("a", resource.MaxNameLength+1) - return artist - }, - errContains: "resource.id.name invalid", + "no name": func(artist, _ *pbresource.Resource) *pbresource.Resource { + artist.Id.Name = "" + return artist }, - "wrong data type": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - var err error - artist.Data, err = anypb.New(&pbdemov2.Album{}) - require.NoError(t, err) - return artist - }, - errContains: "resource.data is of wrong type", - }, - "partition is mixed case": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - artist.Id.Tenancy.Partition = "Default" - return artist - }, - errContains: "resource.id.tenancy.partition invalid", - }, - "partition too long": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - artist.Id.Tenancy.Partition = strings.Repeat("p", resource.MaxNameLength+1) - return artist - }, - errContains: "resource.id.tenancy.partition invalid", - }, - "namespace is mixed case": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - artist.Id.Tenancy.Namespace = "Default" - return artist - }, - errContains: "resource.id.tenancy.namespace invalid", - }, - "namespace too long": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - artist.Id.Tenancy.Namespace = strings.Repeat("n", resource.MaxNameLength+1) - return artist - }, - errContains: "resource.id.tenancy.namespace invalid", + "wrong data type": func(artist, _ *pbresource.Resource) *pbresource.Resource { + var err error + artist.Data, err = anypb.New(&pbdemov2.Album{}) + require.NoError(t, err) + return artist }, - "fail validation hook": { - modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { - buffer := &pbdemov2.Artist{} - require.NoError(t, artist.Data.UnmarshalTo(buffer)) - buffer.Name = "" // name cannot be empty - require.NoError(t, artist.Data.MarshalFrom(buffer)) - return artist - }, - errContains: "artist.name required", + "fail validation hook": func(artist, _ *pbresource.Resource) *pbresource.Resource { + buffer := &pbdemov2.Artist{} + require.NoError(t, artist.Data.UnmarshalTo(buffer)) + buffer.Name = "" // name cannot be empty + require.NoError(t, artist.Data.MarshalFrom(buffer)) + return artist }, - "partition scope with non-empty namespace": { - modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource { - recordLabel.Id.Tenancy.Namespace = "bogus" - return recordLabel - }, - errContains: "cannot have a namespace", + "partition scope with non-empty namespace": func(_, recordLabel *pbresource.Resource) *pbresource.Resource { + recordLabel.Id.Tenancy.Namespace = "bogus" + return recordLabel }, + // TODO(spatel): add cluster scope tests when we have an actual cluster scoped resource (e.g. partition) } - for desc, tc := range testCases { + for desc, modFn := range testCases { t.Run(desc, func(t *testing.T) { artist, err := demo.GenerateV2Artist() require.NoError(t, err) - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") require.NoError(t, err) - req := &pbresource.WriteRequest{Resource: tc.modFn(artist, recordLabel)} + req := &pbresource.WriteRequest{Resource: modFn(artist, recordLabel)} _, err = client.Write(testContext(t), req) require.Error(t, err) require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, tc.errContains) }) } } func TestWrite_OwnerValidation(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) type testCase struct { modReqFn func(req *pbresource.WriteRequest) @@ -169,49 +94,15 @@ func TestWrite_OwnerValidation(t *testing.T) { testCases := map[string]testCase{ "no owner type": { modReqFn: func(req *pbresource.WriteRequest) { req.Resource.Owner.Type = nil }, - errorContains: "resource.owner.type is required", + errorContains: "resource.owner.type", }, "no owner tenancy": { modReqFn: func(req *pbresource.WriteRequest) { req.Resource.Owner.Tenancy = nil }, - errorContains: "resource.owner does not exist", + errorContains: "resource.owner", }, "no owner name": { modReqFn: func(req *pbresource.WriteRequest) { req.Resource.Owner.Name = "" }, - errorContains: "resource.owner.name invalid", - }, - "mixed case owner name": { - modReqFn: func(req *pbresource.WriteRequest) { req.Resource.Owner.Name = strings.ToUpper(req.Resource.Owner.Name) }, - errorContains: "resource.owner.name invalid", - }, - "owner name too long": { - modReqFn: func(req *pbresource.WriteRequest) { - req.Resource.Owner.Name = strings.Repeat("a", resource.MaxNameLength+1) - }, - errorContains: "resource.owner.name invalid", - }, - "owner partition is mixed case": { - modReqFn: func(req *pbresource.WriteRequest) { - req.Resource.Owner.Tenancy.Partition = "Default" - }, - errorContains: "resource.owner.tenancy.partition invalid", - }, - "owner partition too long": { - modReqFn: func(req *pbresource.WriteRequest) { - req.Resource.Owner.Tenancy.Partition = strings.Repeat("p", resource.MaxNameLength+1) - }, - errorContains: "resource.owner.tenancy.partition invalid", - }, - "owner namespace is mixed case": { - modReqFn: func(req *pbresource.WriteRequest) { - req.Resource.Owner.Tenancy.Namespace = "Default" - }, - errorContains: "resource.owner.tenancy.namespace invalid", - }, - "owner namespace too long": { - modReqFn: func(req *pbresource.WriteRequest) { - req.Resource.Owner.Tenancy.Namespace = strings.Repeat("n", resource.MaxNameLength+1) - }, - errorContains: "resource.owner.tenancy.namespace invalid", + errorContains: "resource.owner.name", }, } for desc, tc := range testCases { @@ -234,7 +125,8 @@ func TestWrite_OwnerValidation(t *testing.T) { } func TestWrite_TypeNotFound(t *testing.T) { - client := svctest.NewResourceServiceBuilder().Run(t) + server := testServer(t) + client := testClient(t, server) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -268,14 +160,14 @@ func TestWrite_ACLs(t *testing.T) { for desc, tc := range testcases { t.Run(desc, func(t *testing.T) { - mockACLResolver := &svc.MockACLResolver{} + server := testServer(t) + client := testClient(t, server) + + mockACLResolver := &MockACLResolver{} mockACLResolver.On("ResolveTokenAndDefaultMeta", mock.Anything, mock.Anything, mock.Anything). Return(tc.authz, nil) - - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - WithACLResolver(mockACLResolver). - Run(t) + server.ACLResolver = mockACLResolver + demo.RegisterTypes(server.Registry) artist, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -288,9 +180,9 @@ func TestWrite_ACLs(t *testing.T) { } func TestWrite_Mutate(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) artist, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -323,6 +215,14 @@ func TestWrite_Create_Success(t *testing.T) { }, expectedTenancy: resource.DefaultNamespacedTenancy(), }, + "namespaced resource provides uppercase partition and namespace": { + modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { + artist.Id.Tenancy.Partition = strings.ToUpper(artist.Id.Tenancy.Partition) + artist.Id.Tenancy.Namespace = strings.ToUpper(artist.Id.Tenancy.Namespace) + return artist + }, + expectedTenancy: resource.DefaultNamespacedTenancy(), + }, "namespaced resource inherits tokens partition when empty": { modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { artist.Id.Tenancy.Partition = "" @@ -366,6 +266,13 @@ func TestWrite_Create_Success(t *testing.T) { }, expectedTenancy: resource.DefaultPartitionedTenancy(), }, + "partitioned resource provides uppercase partition": { + modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource { + recordLabel.Id.Tenancy.Partition = strings.ToUpper(recordLabel.Id.Tenancy.Partition) + return recordLabel + }, + expectedTenancy: resource.DefaultPartitionedTenancy(), + }, "partitioned resource inherits tokens partition when empty": { modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource { recordLabel.Id.Tenancy.Partition = "" @@ -392,11 +299,11 @@ func TestWrite_Create_Success(t *testing.T) { } for desc, tc := range testCases { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") require.NoError(t, err) artist, err := demo.GenerateV2Artist() @@ -424,7 +331,7 @@ func TestWrite_Create_Tenancy_NotFound(t *testing.T) { return artist }, errCode: codes.InvalidArgument, - errContains: "partition not found", + errContains: "partition", }, "namespaced resource provides nonexistant namespace": { modFn: func(artist, _ *pbresource.Resource) *pbresource.Resource { @@ -432,7 +339,7 @@ func TestWrite_Create_Tenancy_NotFound(t *testing.T) { return artist }, errCode: codes.InvalidArgument, - errContains: "namespace not found", + errContains: "namespace", }, "partitioned resource provides nonexistant partition": { modFn: func(_, recordLabel *pbresource.Resource) *pbresource.Resource { @@ -440,17 +347,16 @@ func TestWrite_Create_Tenancy_NotFound(t *testing.T) { return recordLabel }, errCode: codes.InvalidArgument, - errContains: "partition not found", + errContains: "partition", }, } for desc, tc := range testCases { t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(true). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + demo.RegisterTypes(server.Registry) - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") require.NoError(t, err) artist, err := demo.GenerateV2Artist() @@ -464,51 +370,33 @@ func TestWrite_Create_Tenancy_NotFound(t *testing.T) { } } -func TestWrite_Create_With_DeletionTimestamp_Fails(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(true). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - res := rtest.Resource(demo.TypeV1Artist, "blur"). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, &pbdemov1.Artist{Name: "Blur"}). - WithMeta(resource.DeletionTimestampKey, time.Now().Format(time.RFC3339)). - Build() - - _, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: res}) - require.Error(t, err) - require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.Contains(t, err.Error(), resource.DeletionTimestampKey) -} - -func TestWrite_Create_With_TenancyMarkedForDeletion_Fails(t *testing.T) { +func TestWrite_Tenancy_MarkedForDeletion(t *testing.T) { // Verify resource write fails when its partition or namespace is marked for deletion. testCases := map[string]struct { - modFn func(artist, recordLabel *pbresource.Resource, mockTenancyBridge *svc.MockTenancyBridge) *pbresource.Resource + modFn func(artist, recordLabel *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource errContains string }{ "namespaced resources partition marked for deletion": { - modFn: func(artist, _ *pbresource.Resource, mockTenancyBridge *svc.MockTenancyBridge) *pbresource.Resource { - mockTenancyBridge.On("IsPartitionMarkedForDeletion", "ap1").Return(true, nil) + modFn: func(artist, _ *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource { + mockTenancyBridge.On("IsPartitionMarkedForDeletion", "part1").Return(true, nil) return artist }, - errContains: "tenancy marked for deletion", + errContains: "partition marked for deletion", }, "namespaced resources namespace marked for deletion": { - modFn: func(artist, _ *pbresource.Resource, mockTenancyBridge *svc.MockTenancyBridge) *pbresource.Resource { - mockTenancyBridge.On("IsPartitionMarkedForDeletion", "ap1").Return(false, nil) - mockTenancyBridge.On("IsNamespaceMarkedForDeletion", "ap1", "ns1").Return(true, nil) + modFn: func(artist, _ *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource { + mockTenancyBridge.On("IsPartitionMarkedForDeletion", "part1").Return(false, nil) + mockTenancyBridge.On("IsNamespaceMarkedForDeletion", "part1", "ns1").Return(true, nil) return artist }, - errContains: "tenancy marked for deletion", + errContains: "namespace marked for deletion", }, "partitioned resources partition marked for deletion": { - modFn: func(_, recordLabel *pbresource.Resource, mockTenancyBridge *svc.MockTenancyBridge) *pbresource.Resource { - mockTenancyBridge.On("IsPartitionMarkedForDeletion", "ap1").Return(true, nil) + modFn: func(_, recordLabel *pbresource.Resource, mockTenancyBridge *MockTenancyBridge) *pbresource.Resource { + mockTenancyBridge.On("IsPartitionMarkedForDeletion", "part1").Return(true, nil) return recordLabel }, - errContains: "tenancy marked for deletion", + errContains: "partition marked for deletion", }, } for desc, tc := range testCases { @@ -516,19 +404,18 @@ func TestWrite_Create_With_TenancyMarkedForDeletion_Fails(t *testing.T) { server := testServer(t) client := testClient(t, server) demo.RegisterTypes(server.Registry) - - recordLabel, err := demo.GenerateV1RecordLabel("looney-tunes") + recordLabel, err := demo.GenerateV1RecordLabel("LoonyTunes") require.NoError(t, err) - recordLabel.Id.Tenancy.Partition = "ap1" + recordLabel.Id.Tenancy.Partition = "part1" artist, err := demo.GenerateV2Artist() require.NoError(t, err) - artist.Id.Tenancy.Partition = "ap1" + artist.Id.Tenancy.Partition = "part1" artist.Id.Tenancy.Namespace = "ns1" - mockTenancyBridge := &svc.MockTenancyBridge{} - mockTenancyBridge.On("PartitionExists", "ap1").Return(true, nil) - mockTenancyBridge.On("NamespaceExists", "ap1", "ns1").Return(true, nil) + mockTenancyBridge := &MockTenancyBridge{} + mockTenancyBridge.On("PartitionExists", "part1").Return(true, nil) + mockTenancyBridge.On("NamespaceExists", "part1", "ns1").Return(true, nil) server.TenancyBridge = mockTenancyBridge _, err = client.Write(testContext(t), &pbresource.WriteRequest{Resource: tc.modFn(artist, recordLabel, mockTenancyBridge)}) @@ -540,9 +427,10 @@ func TestWrite_Create_With_TenancyMarkedForDeletion_Fails(t *testing.T) { } func TestWrite_CASUpdate_Success(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -561,9 +449,10 @@ func TestWrite_CASUpdate_Success(t *testing.T) { } func TestWrite_ResourceCreation_StatusProvided(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -579,9 +468,10 @@ func TestWrite_ResourceCreation_StatusProvided(t *testing.T) { } func TestWrite_CASUpdate_Failure(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -599,9 +489,10 @@ func TestWrite_CASUpdate_Failure(t *testing.T) { } func TestWrite_Update_WrongUid(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -619,9 +510,10 @@ func TestWrite_Update_WrongUid(t *testing.T) { } func TestWrite_Update_StatusModified(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -648,9 +540,10 @@ func TestWrite_Update_StatusModified(t *testing.T) { } func TestWrite_Update_NilStatus(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -671,9 +564,10 @@ func TestWrite_Update_NilStatus(t *testing.T) { } func TestWrite_Update_NoUid(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -689,9 +583,10 @@ func TestWrite_Update_NoUid(t *testing.T) { } func TestWrite_Update_GroupVersion(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -718,9 +613,10 @@ func TestWrite_Update_GroupVersion(t *testing.T) { } func TestWrite_NonCASUpdate_Success(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -740,6 +636,7 @@ func TestWrite_NonCASUpdate_Success(t *testing.T) { func TestWrite_NonCASUpdate_Retry(t *testing.T) { server := testServer(t) client := testClient(t, server) + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV2Artist() @@ -784,9 +681,10 @@ func TestWrite_NonCASUpdate_Retry(t *testing.T) { } func TestWrite_NoData(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) res, err := demo.GenerateV1Concept("jazz") require.NoError(t, err) @@ -801,9 +699,10 @@ func TestWrite_Owner_Immutable(t *testing.T) { // Use of proto.Equal(..) in implementation covers all permutations // (nil -> non-nil, non-nil -> nil, owner1 -> owner2) so only the first one // is tested. - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) artist, err := demo.GenerateV2Artist() require.NoError(t, err) @@ -828,9 +727,10 @@ func TestWrite_Owner_Immutable(t *testing.T) { } func TestWrite_Owner_Uid(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + server := testServer(t) + client := testClient(t, server) + + demo.RegisterTypes(server.Registry) t.Run("uid given", func(t *testing.T) { artist, err := demo.GenerateV2Artist() @@ -916,318 +816,3 @@ func (b *blockOnceBackend) Read(ctx context.Context, consistency storage.ReadCon return res, err } - -func TestEnsureFinalizerRemoved(t *testing.T) { - type testCase struct { - mod func(input, existing *pbresource.Resource) - errContains string - } - - testCases := map[string]testCase{ - "one finalizer removed from input": { - mod: func(input, existing *pbresource.Resource) { - resource.AddFinalizer(existing, "f1") - resource.AddFinalizer(existing, "f2") - resource.AddFinalizer(input, "f1") - }, - }, - "all finalizers removed from input": { - mod: func(input, existing *pbresource.Resource) { - resource.AddFinalizer(existing, "f1") - resource.AddFinalizer(existing, "f2") - resource.AddFinalizer(input, "f1") - resource.RemoveFinalizer(input, "f1") - }, - }, - "all finalizers removed from input and no finalizer key": { - mod: func(input, existing *pbresource.Resource) { - resource.AddFinalizer(existing, "f1") - resource.AddFinalizer(existing, "f2") - }, - }, - "no finalizers removed from input": { - mod: func(input, existing *pbresource.Resource) { - resource.AddFinalizer(existing, "f1") - resource.AddFinalizer(input, "f1") - }, - errContains: "expected at least one finalizer to be removed", - }, - "input finalizers not proper subset of existing": { - mod: func(input, existing *pbresource.Resource) { - resource.AddFinalizer(existing, "f1") - resource.AddFinalizer(existing, "f2") - resource.AddFinalizer(input, "f3") - }, - errContains: "expected at least one finalizer to be removed", - }, - "existing has no finalizers for input to remove": { - mod: func(input, existing *pbresource.Resource) { - resource.AddFinalizer(input, "f3") - }, - errContains: "expected at least one finalizer to be removed", - }, - } - - for desc, tc := range testCases { - t.Run(desc, func(t *testing.T) { - input := rtest.Resource(demo.TypeV1Artist, "artist1"). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, &pbdemov1.Artist{Name: "artist1"}). - WithMeta(resource.DeletionTimestampKey, "someTimestamp"). - Build() - - existing := rtest.Resource(demo.TypeV1Artist, "artist1"). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, &pbdemov1.Artist{Name: "artist1"}). - WithMeta(resource.DeletionTimestampKey, "someTimestamp"). - Build() - - tc.mod(input, existing) - - err := svc.EnsureFinalizerRemoved(input, existing) - if tc.errContains != "" { - require.Error(t, err) - require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, tc.errContains) - } else { - require.NoError(t, err) - } - }) - } -} - -func TestWrite_ResourceFrozenAfterMarkedForDeletion(t *testing.T) { - type testCase struct { - modFn func(res *pbresource.Resource) - errContains string - } - testCases := map[string]testCase{ - "no-op write rejected": { - modFn: func(res *pbresource.Resource) {}, - errContains: "cannot no-op write resource marked for deletion", - }, - "remove one finalizer": { - modFn: func(res *pbresource.Resource) { - resource.RemoveFinalizer(res, "finalizer1") - }, - }, - "remove all finalizers": { - modFn: func(res *pbresource.Resource) { - resource.RemoveFinalizer(res, "finalizer1") - resource.RemoveFinalizer(res, "finalizer2") - }, - }, - "adding finalizer fails": { - modFn: func(res *pbresource.Resource) { - resource.AddFinalizer(res, "finalizer3") - }, - errContains: "expected at least one finalizer to be removed", - }, - "remove deletionTimestamp fails": { - modFn: func(res *pbresource.Resource) { - delete(res.Metadata, resource.DeletionTimestampKey) - }, - errContains: "cannot remove deletionTimestamp", - }, - "modify deletionTimestamp fails": { - modFn: func(res *pbresource.Resource) { - res.Metadata[resource.DeletionTimestampKey] = "bad" - }, - errContains: "cannot modify deletionTimestamp", - }, - "modify data fails": { - modFn: func(res *pbresource.Resource) { - var err error - res.Data, err = anypb.New(&pbdemo.Artist{Name: "New Order"}) - require.NoError(t, err) - }, - errContains: "cannot modify data", - }, - } - - for desc, tc := range testCases { - t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(true). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - // Create a resource with finalizers - res := rtest.Resource(demo.TypeV1Artist, "joydivision"). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, &pbdemo.Artist{Name: "Joy Division"}). - WithMeta(resource.FinalizerKey, "finalizer1 finalizer2"). - Write(t, client) - - // Mark for deletion - resource should now be frozen - _, err := client.Delete(context.Background(), &pbresource.DeleteRequest{Id: res.Id}) - require.NoError(t, err) - - // Verify marked for deletion - rsp, err := client.Read(context.Background(), &pbresource.ReadRequest{Id: res.Id}) - require.NoError(t, err) - require.True(t, resource.IsMarkedForDeletion(rsp.Resource)) - - // Apply test case mods - tc.modFn(rsp.Resource) - - // Verify write results - _, err = client.Write(context.Background(), &pbresource.WriteRequest{Resource: rsp.Resource}) - if tc.errContains == "" { - require.NoError(t, err) - } else { - require.Error(t, err) - require.Equal(t, codes.InvalidArgument.String(), status.Code(err).String()) - require.ErrorContains(t, err, tc.errContains) - } - }) - } -} - -func TestWrite_NonCASWritePreservesFinalizers(t *testing.T) { - type testCase struct { - existingMeta map[string]string - inputMeta map[string]string - expectedMeta map[string]string - } - testCases := map[string]testCase{ - "input nil metadata preserves existing finalizers": { - inputMeta: nil, - existingMeta: map[string]string{resource.FinalizerKey: "finalizer1 finalizer2"}, - expectedMeta: map[string]string{resource.FinalizerKey: "finalizer1 finalizer2"}, - }, - "input metadata and no finalizer key preserves existing finalizers": { - inputMeta: map[string]string{}, - existingMeta: map[string]string{resource.FinalizerKey: "finalizer1 finalizer2"}, - expectedMeta: map[string]string{resource.FinalizerKey: "finalizer1 finalizer2"}, - }, - "input metadata and with empty finalizer key overwrites existing finalizers": { - inputMeta: map[string]string{resource.FinalizerKey: ""}, - existingMeta: map[string]string{resource.FinalizerKey: "finalizer1 finalizer2"}, - expectedMeta: map[string]string{resource.FinalizerKey: ""}, - }, - "input metadata with one finalizer key overwrites multiple existing finalizers": { - inputMeta: map[string]string{resource.FinalizerKey: "finalizer2"}, - existingMeta: map[string]string{resource.FinalizerKey: "finalizer1 finalizer2"}, - expectedMeta: map[string]string{resource.FinalizerKey: "finalizer2"}, - }, - } - - for desc, tc := range testCases { - t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(true). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - // Create the resource based on tc.existingMetadata - builder := rtest.Resource(demo.TypeV1Artist, "joydivision"). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, &pbdemo.Artist{Name: "Joy"}) - - if tc.existingMeta != nil { - for k, v := range tc.existingMeta { - builder.WithMeta(k, v) - } - } - res := builder.Write(t, client) - - // Build resource for user write based on tc.inputMetadata - builder = rtest.Resource(demo.TypeV1Artist, res.Id.Name). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, &pbdemo.Artist{Name: "Joy Division"}) - - if tc.inputMeta != nil { - for k, v := range tc.inputMeta { - builder.WithMeta(k, v) - } - } - userRes := builder.Build() - - // Perform the user write - rsp, err := client.Write(context.Background(), &pbresource.WriteRequest{Resource: userRes}) - require.NoError(t, err) - - // Verify write result preserved metadata based on testcase.expecteMetadata - for k := range tc.expectedMeta { - require.Equal(t, tc.expectedMeta[k], rsp.Resource.Metadata[k]) - } - require.Equal(t, len(tc.expectedMeta), len(rsp.Resource.Metadata)) - }) - } -} - -func TestWrite_NonCASWritePreservesDeletionTimestamp(t *testing.T) { - type testCase struct { - existingMeta map[string]string - inputMeta map[string]string - expectedMeta map[string]string - } - - // deletionTimestamp has to be generated via Delete() call and can't be embedded in testdata - // even though testcase desc refers to it. - testCases := map[string]testCase{ - "input metadata no deletion timestamp preserves existing deletion timestamp and removes single finalizer": { - inputMeta: map[string]string{resource.FinalizerKey: "finalizer1"}, - existingMeta: map[string]string{resource.FinalizerKey: "finalizer1 finalizer2"}, - expectedMeta: map[string]string{resource.FinalizerKey: "finalizer1"}, - }, - "input metadata no deletion timestamp preserves existing deletion timestamp and removes all finalizers": { - inputMeta: map[string]string{resource.FinalizerKey: ""}, - existingMeta: map[string]string{resource.FinalizerKey: "finalizer1 finalizer2"}, - expectedMeta: map[string]string{resource.FinalizerKey: ""}, - }, - } - - for desc, tc := range testCases { - t.Run(desc, func(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(true). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - // Create the resource based on tc.existingMetadata - builder := rtest.Resource(demo.TypeV1Artist, "joydivision"). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, &pbdemo.Artist{Name: "Joy Division"}) - - if tc.existingMeta != nil { - for k, v := range tc.existingMeta { - builder.WithMeta(k, v) - } - } - res := builder.Write(t, client) - - // Mark for deletion - _, err := client.Delete(context.Background(), &pbresource.DeleteRequest{Id: res.Id}) - require.NoError(t, err) - - // Re-read the deleted res for future comparison of deletionTimestamp - delRsp, err := client.Read(context.Background(), &pbresource.ReadRequest{Id: res.Id}) - require.NoError(t, err) - - // Build resource for user write based on tc.inputMetadata - builder = rtest.Resource(demo.TypeV1Artist, res.Id.Name). - WithTenancy(resource.DefaultNamespacedTenancy()). - WithData(t, &pbdemo.Artist{Name: "Joy Division"}) - - if tc.inputMeta != nil { - for k, v := range tc.inputMeta { - builder.WithMeta(k, v) - } - } - userRes := builder.Build() - - // Perform the non-CAS user write - rsp, err := client.Write(context.Background(), &pbresource.WriteRequest{Resource: userRes}) - require.NoError(t, err) - - // Verify write result preserved metadata based on testcase.expecteMetadata - for k := range tc.expectedMeta { - require.Equal(t, tc.expectedMeta[k], rsp.Resource.Metadata[k]) - } - // Verify deletion timestamp preserved even though it wasn't passed in to the write - require.Equal(t, delRsp.Resource.Metadata[resource.DeletionTimestampKey], rsp.Resource.Metadata[resource.DeletionTimestampKey]) - }) - } -} diff --git a/agent/health_endpoint_test.go b/agent/health_endpoint_test.go index 86dd7be70f78f..4c491e9cb2761 100644 --- a/agent/health_endpoint_test.go +++ b/agent/health_endpoint_test.go @@ -258,7 +258,7 @@ func TestHealthChecksInState_DistanceSort(t *testing.T) { if err != nil { r.Fatalf("err: %v", err) } - assertIndex(r, resp) + assertIndex(t, resp) nodes = obj.(structs.HealthChecks) if len(nodes) != 2 { r.Fatalf("bad: %v", nodes) @@ -613,7 +613,7 @@ func TestHealthServiceChecks_DistanceSort(t *testing.T) { if err != nil { r.Fatalf("err: %v", err) } - assertIndex(r, resp) + assertIndex(t, resp) nodes = obj.(structs.HealthChecks) if len(nodes) != 2 { r.Fatalf("bad: %v", obj) @@ -1371,7 +1371,7 @@ func TestHealthServiceNodes_DistanceSort(t *testing.T) { if err != nil { r.Fatalf("err: %v", err) } - assertIndex(r, resp) + assertIndex(t, resp) nodes = obj.(structs.CheckServiceNodes) if len(nodes) != 2 { r.Fatalf("bad: %v", obj) diff --git a/agent/http_test.go b/agent/http_test.go index 607061d8681f7..f2469acc83526 100644 --- a/agent/http_test.go +++ b/agent/http_test.go @@ -1628,8 +1628,10 @@ func TestAllowedNets(t *testing.T) { } // assertIndex tests that X-Consul-Index is set and non-zero -func assertIndex(t testutil.TestingTB, resp *httptest.ResponseRecorder) { - t.Helper() +func assertIndex(t require.TestingT, resp *httptest.ResponseRecorder) { + if tt, ok := t.(*testing.T); ok { + tt.Helper() + } require.NoError(t, checkIndex(resp)) } diff --git a/agent/proxycfg/manager.go b/agent/proxycfg/manager.go index b01787f2c1d12..71b6270fefc41 100644 --- a/agent/proxycfg/manager.go +++ b/agent/proxycfg/manager.go @@ -5,7 +5,6 @@ package proxycfg import ( "errors" - "github.com/hashicorp/consul/lib/channels" "runtime/debug" "sync" @@ -260,15 +259,37 @@ func (m *Manager) notify(snap *ConfigSnapshot) { // it will drain the chan and then re-attempt delivery so that a slow consumer // gets the latest config earlier. This MUST be called from a method where m.mu // is held to be safe since it assumes we are the only goroutine sending on ch. -func (m *Manager) deliverLatest(snap proxysnapshot.ProxySnapshot, ch chan proxysnapshot.ProxySnapshot) { - m.Logger.Trace("delivering latest proxy snapshot to proxy", "proxyID", snap.(*ConfigSnapshot).ProxyID) - err := channels.DeliverLatest(snap, ch) - if err != nil { - m.Logger.Error("failed to deliver proxyState to proxy", - "proxy", snap.(*ConfigSnapshot).ProxyID, - ) +func (m *Manager) deliverLatest(snap *ConfigSnapshot, ch chan proxysnapshot.ProxySnapshot) { + // Send if chan is empty + select { + case ch <- snap: + return + default: + } + + // Not empty, drain the chan of older snapshots and redeliver. For now we only + // use 1-buffered chans but this will still work if we change that later. +OUTER: + for { + select { + case <-ch: + continue + default: + break OUTER + } } + // Now send again + select { + case ch <- snap: + return + default: + // This should not be possible since we should be the only sender, enforced + // by m.mu but error and drop the update rather than panic. + m.Logger.Error("failed to deliver ConfigSnapshot to proxy", + "proxy", snap.ProxyID.String(), + ) + } } // Watch registers a watch on a proxy. It might not exist yet in which case this diff --git a/agent/proxycfg/testing_ingress_gateway.go b/agent/proxycfg/testing_ingress_gateway.go index f178955c18ab4..96918a261bd05 100644 --- a/agent/proxycfg/testing_ingress_gateway.go +++ b/agent/proxycfg/testing_ingress_gateway.go @@ -1364,7 +1364,7 @@ func TestConfigSnapshotIngressGateway_TLSMinVersionListenersGatewayDefaults(t te Port: 8083, Protocol: "http", Services: []structs.IngressService{ - {Name: "s4"}, + {Name: "s3"}, }, TLS: &structs.GatewayTLSConfig{ Enabled: true, diff --git a/agent/remote_exec_test.go b/agent/remote_exec_test.go index 2488f6b4f2e07..f077de895a396 100644 --- a/agent/remote_exec_test.go +++ b/agent/remote_exec_test.go @@ -15,7 +15,6 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/go-uuid" @@ -359,9 +358,9 @@ func testHandleRemoteExec(t *testing.T, command string, expectedSubstring string retry.Run(t, func(r *retry.R) { event := &remoteExecEvent{ Prefix: "_rexec", - Session: makeRexecSession(r, a.Agent, ""), + Session: makeRexecSession(t, a.Agent, ""), } - defer destroySession(r, a.Agent, event.Session, "") + defer destroySession(t, a.Agent, event.Session, "") spec := &remoteExecSpec{ Command: command, @@ -430,7 +429,7 @@ func TestHandleRemoteExecFailed(t *testing.T) { testHandleRemoteExec(t, "echo failing;exit 2", "failing", "2") } -func makeRexecSession(t testutil.TestingTB, a *Agent, token string) string { +func makeRexecSession(t *testing.T, a *Agent, token string) string { args := structs.SessionRequest{ Datacenter: a.config.Datacenter, Op: structs.SessionCreate, @@ -449,7 +448,7 @@ func makeRexecSession(t testutil.TestingTB, a *Agent, token string) string { return out } -func destroySession(t testutil.TestingTB, a *Agent, session string, token string) { +func destroySession(t *testing.T, a *Agent, session string, token string) { args := structs.SessionRequest{ Datacenter: a.config.Datacenter, Op: structs.SessionDestroy, diff --git a/agent/session_endpoint_test.go b/agent/session_endpoint_test.go index d44285f29bb78..ae5a492808d7c 100644 --- a/agent/session_endpoint_test.go +++ b/agent/session_endpoint_test.go @@ -15,14 +15,13 @@ import ( "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" "github.com/hashicorp/consul/types" "github.com/stretchr/testify/require" ) -func verifySession(t testutil.TestingTB, a *TestAgent, want structs.Session) { +func verifySession(t *testing.T, r *retry.R, a *TestAgent, want structs.Session) { t.Helper() args := &structs.SessionSpecificRequest{ @@ -31,10 +30,10 @@ func verifySession(t testutil.TestingTB, a *TestAgent, want structs.Session) { } var out structs.IndexedSessions if err := a.RPC(context.Background(), "Session.Get", args, &out); err != nil { - t.Fatalf("err: %v", err) + r.Fatalf("err: %v", err) } if len(out.Sessions) != 1 { - t.Fatalf("bad: %#v", out.Sessions) + r.Fatalf("bad: %#v", out.Sessions) } // Make a copy so we don't modify the state store copy for an in-mem @@ -124,7 +123,7 @@ func TestSessionCreate(t *testing.T) { LockDelay: 20 * time.Second, Behavior: structs.SessionKeysRelease, } - verifySession(r, a, want) + verifySession(t, r, a, want) }) } @@ -189,7 +188,7 @@ func TestSessionCreate_NodeChecks(t *testing.T) { LockDelay: 20 * time.Second, Behavior: structs.SessionKeysRelease, } - verifySession(r, a, want) + verifySession(t, r, a, want) }) } @@ -251,7 +250,7 @@ func TestSessionCreate_Delete(t *testing.T) { LockDelay: 20 * time.Second, Behavior: structs.SessionKeysDelete, } - verifySession(r, a, want) + verifySession(t, r, a, want) }) } @@ -289,7 +288,7 @@ func TestSessionCreate_DefaultCheck(t *testing.T) { LockDelay: 20 * time.Second, Behavior: structs.SessionKeysRelease, } - verifySession(r, a, want) + verifySession(t, r, a, want) }) } @@ -330,7 +329,7 @@ func TestSessionCreate_NoCheck(t *testing.T) { LockDelay: 20 * time.Second, Behavior: structs.SessionKeysRelease, } - verifySession(r, a, want) + verifySession(t, r, a, want) }) }) @@ -360,7 +359,7 @@ func TestSessionCreate_NoCheck(t *testing.T) { LockDelay: 20 * time.Second, Behavior: structs.SessionKeysRelease, } - verifySession(r, a, want) + verifySession(t, r, a, want) }) }) @@ -392,7 +391,7 @@ func TestSessionCreate_NoCheck(t *testing.T) { LockDelay: 20 * time.Second, Behavior: structs.SessionKeysRelease, } - verifySession(r, a, want) + verifySession(t, r, a, want) }) }) } @@ -431,7 +430,7 @@ func makeTestSessionDelete(t *testing.T, srv *HTTPHandlers) string { return sessResp.ID } -func makeTestSessionTTL(t testutil.TestingTB, srv *HTTPHandlers, ttl string) string { +func makeTestSessionTTL(t *testing.T, srv *HTTPHandlers, ttl string) string { t.Helper() // Create Session with TTL body := bytes.NewBuffer(nil) @@ -489,7 +488,7 @@ func TestSessionCustomTTL(t *testing.T) { testrpc.WaitForTestAgent(t, a.RPC, "dc1") retry.Run(t, func(r *retry.R) { - id := makeTestSessionTTL(r, a.srv, ttl.String()) + id := makeTestSessionTTL(t, a.srv, ttl.String()) req, _ := http.NewRequest("GET", "/v1/session/info/"+id, nil) resp := httptest.NewRecorder() diff --git a/agent/structs/acl.go b/agent/structs/acl.go index d856ce0af2eaf..4d76dffa4e8e0 100644 --- a/agent/structs/acl.go +++ b/agent/structs/acl.go @@ -1084,21 +1084,6 @@ const ( // }, // } BindingRuleBindTypeTemplatedPolicy = "templated-policy" - - // BindingRuleBindTypePolicy is the binding rule bind type that only allows - // the binding rule to function if a policy with the given name (BindName) - // exists at login-time. If it does the token that is created is directly - // linked to that policy like: - // - // &ACLToken{ - // ...other fields... - // Policies: *ACLTokenPolicyLink{ - // { Name: "" }, - // } - // } - // - // If it does not exist at login-time the rule is ignored. - BindingRuleBindTypePolicy = "policy" ) type ACLBindingRule struct { @@ -1121,7 +1106,6 @@ type ACLBindingRule struct { // - BindingRuleBindTypeService = "service" // - BindingRuleBindTypeNode = "node" // - BindingRuleBindTypeRole = "role" - // - BindingRuleBindTypePolicy = "policy" // - BindingRuleBindTypeTemplatedPolicy = "templated-policy" BindType string diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 9b2685946cbeb..5a6fd95118920 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -10,7 +10,6 @@ import ( "encoding/json" "fmt" "math/rand" - "os" "reflect" "regexp" "sort" @@ -228,9 +227,6 @@ const ( var allowedConsulMetaKeysForMeshGateway = map[string]struct{}{MetaWANFederationKey: {}} -// CEDowngrade indicates if we are in downgrading from ent to ce -var CEDowngrade = os.Getenv("CONSUL_ENTERPRISE_DOWNGRADE_TO_CE") == "true" - var ( NodeMaintCheckID = NewCheckID(NodeMaint, nil) ) diff --git a/agent/testagent.go b/agent/testagent.go index 110c2f1804352..037bdc76da688 100644 --- a/agent/testagent.go +++ b/agent/testagent.go @@ -117,8 +117,8 @@ func NewTestAgentWithConfigFile(t *testing.T, hcl string, configFiles []string) func StartTestAgent(t *testing.T, a TestAgent) *TestAgent { t.Helper() retry.RunWith(retry.ThreeTimes(), t, func(r *retry.R) { - r.Helper() - if err := a.Start(r); err != nil { + t.Helper() + if err := a.Start(t); err != nil { r.Fatal(err) } }) @@ -152,7 +152,7 @@ func TestConfigHCL(nodeID string) string { // Start starts a test agent. It returns an error if the agent could not be started. // If no error is returned, the caller must call Shutdown() when finished. -func (a *TestAgent) Start(t testutil.TestingTB) error { +func (a *TestAgent) Start(t *testing.T) error { t.Helper() if a.Agent != nil { return fmt.Errorf("TestAgent already started") @@ -442,10 +442,10 @@ func (r *retryShim) Name() string { // chance of port conflicts for concurrently executed test binaries. // Instead of relying on one set of ports to be sufficient we retry // starting the agent with different ports on port conflict. -func randomPortsSource(t testutil.TestingTB, useHTTPS bool) string { +func randomPortsSource(t *testing.T, useHTTPS bool) string { var ports []int retry.RunWith(retry.TwoSeconds(), t, func(r *retry.R) { - ports = freeport.GetN(r, 7) + ports = freeport.GetN(&retryShim{r, t.Name()}, 7) }) var http, https int diff --git a/agent/uiserver/dist/assets/chunk.143.db9b393ab5086aec385b.css b/agent/uiserver/dist/assets/chunk.143.30749b40e28f0c692295.css similarity index 90% rename from agent/uiserver/dist/assets/chunk.143.db9b393ab5086aec385b.css rename to agent/uiserver/dist/assets/chunk.143.30749b40e28f0c692295.css index 0f89c12af7f79..f066b66e7f30d 100644 --- a/agent/uiserver/dist/assets/chunk.143.db9b393ab5086aec385b.css +++ b/agent/uiserver/dist/assets/chunk.143.30749b40e28f0c692295.css @@ -1,3 +1,3 @@ .tippy-box[data-placement^=top]>.tippy-svg-arrow{bottom:0}.tippy-box[data-placement^=top]>.tippy-svg-arrow:after,.tippy-box[data-placement^=top]>.tippy-svg-arrow>svg{top:16px;transform:rotate(180deg)}.tippy-box[data-placement^=bottom]>.tippy-svg-arrow{top:0}.tippy-box[data-placement^=bottom]>.tippy-svg-arrow>svg{bottom:16px}.tippy-box[data-placement^=left]>.tippy-svg-arrow{right:0}.tippy-box[data-placement^=left]>.tippy-svg-arrow:after,.tippy-box[data-placement^=left]>.tippy-svg-arrow>svg{transform:rotate(90deg);top:calc(50% - 3px);left:11px}.tippy-box[data-placement^=right]>.tippy-svg-arrow{left:0}.tippy-box[data-placement^=right]>.tippy-svg-arrow:after,.tippy-box[data-placement^=right]>.tippy-svg-arrow>svg{transform:rotate(-90deg);top:calc(50% - 3px);right:11px}.tippy-svg-arrow{width:16px;height:16px;fill:#333;text-align:initial}.tippy-svg-arrow,.tippy-svg-arrow>svg{position:absolute} -/*# sourceMappingURL=chunk.143.db9b393ab5086aec385b.css-481e257b97fcf81c5a59ed89bec95f69.map*/ \ No newline at end of file +/*# sourceMappingURL=chunk.143.30749b40e28f0c692295.css-68f4950fab34e7ff0e45d48a25a6e5f7.map*/ \ No newline at end of file diff --git a/agent/uiserver/dist/assets/chunk.143.db9b393ab5086aec385b.js b/agent/uiserver/dist/assets/chunk.143.30749b40e28f0c692295.js similarity index 97% rename from agent/uiserver/dist/assets/chunk.143.db9b393ab5086aec385b.js rename to agent/uiserver/dist/assets/chunk.143.30749b40e28f0c692295.js index 9e26ff5adc0d2..991d9d511e66c 100644 --- a/agent/uiserver/dist/assets/chunk.143.db9b393ab5086aec385b.js +++ b/agent/uiserver/dist/assets/chunk.143.30749b40e28f0c692295.js @@ -7,8 +7,8 @@ e.exports=require("@ember/modifier")},7219:e=>{"use strict" e.exports=require("@ember/object")},8773:e=>{"use strict" e.exports=require("@ember/runloop")},8574:e=>{"use strict" e.exports=require("@ember/service")},1866:e=>{"use strict" -e.exports=require("@ember/utils")},657:(e,r,t)=>{var n,o -e.exports=(n=_eai_d,o=_eai_r,window.emberAutoImportDynamic=function(e){return 1===arguments.length?o("_eai_dyn_"+e):o("_eai_dynt_"+e)(Array.prototype.slice.call(arguments,1))},window.emberAutoImportSync=function(e){return o("_eai_sync_"+e)(Array.prototype.slice.call(arguments,1))},n("@hashicorp/flight-icons/svg",[],(function(){return t(6604)})),n("@hashicorp/flight-icons/svg-sprite/svg-sprite-module",[],(function(){return t(2654)})),n("@lit/reactive-element",[],(function(){return t(8531)})),n("@xstate/fsm",[],(function(){return t(7440)})),n("a11y-dialog",[],(function(){return t(1413)})),n("base64-js",[],(function(){return t(8294)})),n("clipboard",[],(function(){return t(9079)})),n("d3-array",[],(function(){return t(5447)})),n("d3-scale",[],(function(){return t(5134)})),n("d3-scale-chromatic",[],(function(){return t(2331)})),n("d3-selection",[],(function(){return t(8740)})),n("d3-shape",[],(function(){return t(5043)})),n("dayjs",[],(function(){return t(2350)})),n("dayjs/plugin/calendar",[],(function(){return t(8888)})),n("dayjs/plugin/relativeTime",[],(function(){return t(2543)})),n("deepmerge",[],(function(){return t(3924)})),n("ember-focus-trap/modifiers/focus-trap.js",["@ember/modifier"],(function(){return t(3109)})),n("ember-keyboard/helpers/if-key.js",["@ember/component/helper","@ember/debug","@ember/utils"],(function(){return t(3481)})),n("ember-keyboard/helpers/on-key.js",["@ember/component/helper","@ember/debug","@ember/service"],(function(){return t(6415)})),n("ember-keyboard/modifiers/on-key.js",["@ember/application","@ember/modifier","@ember/destroyable","@ember/service","@ember/object","@ember/debug","@ember/utils"],(function(){return t(4146)})),n("ember-keyboard/services/keyboard.js",["@ember/service","@ember/application","@ember/object","@ember/runloop","@ember/debug","@ember/utils"],(function(){return t(9690)})),n("ember-modifier",["@ember/application","@ember/modifier","@ember/destroyable"],(function(){return t(2509)})),n("fast-memoize",[],(function(){return t(3276)})),n("flat",[],(function(){return t(2349)})),n("intl-messageformat",[],(function(){return t(5861)})),n("intl-messageformat-parser",[],(function(){return t(5011)})),n("mnemonist/multi-map",[],(function(){return t(5709)})),n("mnemonist/set",[],(function(){return t(2519)})),n("ngraph.graph",[],(function(){return t(6001)})),n("parse-duration",[],(function(){return t(89)})),n("pretty-ms",[],(function(){return t(9837)})),n("tippy.js",[],(function(){return t(9640)})),n("tippy.js/dist/svg-arrow.css",[],(function(){return t(2959)})),n("validated-changeset",[],(function(){return t(6885)})),n("wayfarer",[],(function(){return t(7116)})),n("_eai_dyn_dialog-polyfill",[],(function(){return t.e(121).then(t.bind(t,4121))})),void n("_eai_dyn_dialog-polyfill-css",[],(function(){return t.e(744).then(t.bind(t,7744))})))},1760:function(e,r){window._eai_r=require,window._eai_d=define}},o={} +e.exports=require("@ember/utils")},3638:(e,r,t)=>{var n,o +e.exports=(n=_eai_d,o=_eai_r,window.emberAutoImportDynamic=function(e){return 1===arguments.length?o("_eai_dyn_"+e):o("_eai_dynt_"+e)(Array.prototype.slice.call(arguments,1))},window.emberAutoImportSync=function(e){return o("_eai_sync_"+e)(Array.prototype.slice.call(arguments,1))},n("@hashicorp/flight-icons/svg",[],(function(){return t(6604)})),n("@hashicorp/flight-icons/svg-sprite/svg-sprite-module",[],(function(){return t(2654)})),n("@lit/reactive-element",[],(function(){return t(8531)})),n("@xstate/fsm",[],(function(){return t(7440)})),n("a11y-dialog",[],(function(){return t(1413)})),n("base64-js",[],(function(){return t(8294)})),n("clipboard",[],(function(){return t(9079)})),n("d3-array",[],(function(){return t(5447)})),n("d3-scale",[],(function(){return t(5134)})),n("d3-scale-chromatic",[],(function(){return t(2331)})),n("d3-selection",[],(function(){return t(8740)})),n("d3-shape",[],(function(){return t(5043)})),n("dayjs",[],(function(){return t(2350)})),n("dayjs/plugin/calendar",[],(function(){return t(8888)})),n("dayjs/plugin/relativeTime",[],(function(){return t(2543)})),n("deepmerge",[],(function(){return t(3924)})),n("ember-focus-trap/modifiers/focus-trap.js",["@ember/modifier"],(function(){return t(3109)})),n("ember-keyboard/helpers/if-key.js",["@ember/component/helper","@ember/debug","@ember/utils"],(function(){return t(3481)})),n("ember-keyboard/helpers/on-key.js",["@ember/component/helper","@ember/debug","@ember/service"],(function(){return t(6415)})),n("ember-keyboard/modifiers/on-key.js",["@ember/application","@ember/modifier","@ember/destroyable","@ember/service","@ember/object","@ember/debug","@ember/utils"],(function(){return t(4146)})),n("ember-keyboard/services/keyboard.js",["@ember/service","@ember/application","@ember/object","@ember/runloop","@ember/debug","@ember/utils"],(function(){return t(9690)})),n("ember-modifier",["@ember/application","@ember/modifier","@ember/destroyable"],(function(){return t(2509)})),n("fast-memoize",[],(function(){return t(3276)})),n("flat",[],(function(){return t(2349)})),n("intl-messageformat",[],(function(){return t(5861)})),n("intl-messageformat-parser",[],(function(){return t(5011)})),n("mnemonist/multi-map",[],(function(){return t(5709)})),n("mnemonist/set",[],(function(){return t(2519)})),n("ngraph.graph",[],(function(){return t(6001)})),n("parse-duration",[],(function(){return t(89)})),n("pretty-ms",[],(function(){return t(9837)})),n("tippy.js",[],(function(){return t(9640)})),n("tippy.js/dist/svg-arrow.css",[],(function(){return t(2959)})),n("validated-changeset",[],(function(){return t(6885)})),n("wayfarer",[],(function(){return t(7116)})),n("_eai_dyn_dialog-polyfill",[],(function(){return t.e(121).then(t.bind(t,4121))})),void n("_eai_dyn_dialog-polyfill-css",[],(function(){return t.e(744).then(t.bind(t,7744))})))},5428:function(e,r){window._eai_r=require,window._eai_d=define}},o={} function i(e){var r=o[e] if(void 0!==r)return r.exports var t=o[e]={exports:{}} @@ -47,6 +47,6 @@ var r=(r,t)=>{var n,o,[u,a,s]=t,c=0 if(u.some((r=>0!==e[r]))){for(n in a)i.o(a,n)&&(i.m[n]=a[n]) if(s)var l=s(i)}for(r&&r(t);ci(1760))) -var u=i.O(void 0,[924],(()=>i(657))) +t.forEach(r.bind(null,0)),t.push=r.bind(null,t.push.bind(t))})(),i.O(void 0,[924],(()=>i(5428))) +var u=i.O(void 0,[924],(()=>i(3638))) u=i.O(u),__ember_auto_import__=u})() diff --git a/agent/uiserver/dist/assets/chunk.178.ee7822d83932910fd2ef.js b/agent/uiserver/dist/assets/chunk.178.8bf5466faa2ca779a58d.js similarity index 91% rename from agent/uiserver/dist/assets/chunk.178.ee7822d83932910fd2ef.js rename to agent/uiserver/dist/assets/chunk.178.8bf5466faa2ca779a58d.js index 2c477d5653f71..448c2c55bbd5a 100644 --- a/agent/uiserver/dist/assets/chunk.178.ee7822d83932910fd2ef.js +++ b/agent/uiserver/dist/assets/chunk.178.8bf5466faa2ca779a58d.js @@ -1,4 +1,4 @@ -var __ember_auto_import__;(()=>{var r,e={9265:()=>{},3642:()=>{},1760:function(r,e){window._eai_r=require,window._eai_d=define},1471:(r,e,t)=>{var o,n +var __ember_auto_import__;(()=>{var r,e={9265:()=>{},3642:()=>{},5428:function(r,e){window._eai_r=require,window._eai_d=define},8783:(r,e,t)=>{var o,n r.exports=(o=_eai_d,n=_eai_r,window.emberAutoImportDynamic=function(r){return 1===arguments.length?n("_eai_dyn_"+r):n("_eai_dynt_"+r)(Array.prototype.slice.call(arguments,1))},window.emberAutoImportSync=function(r){return n("_eai_sync_"+r)(Array.prototype.slice.call(arguments,1))},o("lodash.castarray",[],(function(){return t(9542)})),o("lodash.last",[],(function(){return t(9644)})),o("lodash.omit",[],(function(){return t(1609)})),o("qunit",[],(function(){return t(2053)})),void o("yadda",[],(function(){return t(2216)})))}},t={} function o(r){var n=t[r] if(void 0!==n)return n.exports @@ -16,6 +16,6 @@ var e=(e,t)=>{var n,i,[a,u,l]=t,_=0 if(a.some((e=>0!==r[e]))){for(n in u)o.o(u,n)&&(o.m[n]=u[n]) if(l)var c=l(o)}for(e&&e(t);_o(1760))) -var n=o.O(void 0,[778],(()=>o(1471))) +t.forEach(e.bind(null,0)),t.push=e.bind(null,t.push.bind(t))})(),o.O(void 0,[778],(()=>o(5428))) +var n=o.O(void 0,[778],(()=>o(8783))) n=o.O(n),__ember_auto_import__=n})() diff --git a/agent/uiserver/dist/assets/consul-ui-88f8ddeb1f6a751c68c9f1de8978befa.js b/agent/uiserver/dist/assets/consul-ui-698b9ad7e3ebf8146d4d081130554ca9.js similarity index 95% rename from agent/uiserver/dist/assets/consul-ui-88f8ddeb1f6a751c68c9f1de8978befa.js rename to agent/uiserver/dist/assets/consul-ui-698b9ad7e3ebf8146d4d081130554ca9.js index 15e96ebf2e3a1..b0b71600a993f 100644 --- a/agent/uiserver/dist/assets/consul-ui-88f8ddeb1f6a751c68c9f1de8978befa.js +++ b/agent/uiserver/dist/assets/consul-ui-698b9ad7e3ebf8146d4d081130554ca9.js @@ -771,7 +771,7 @@ var s,c,d,p,f,m e.default=u,(0,t.setComponentTemplate)(a,u)})),define("consul-ui/components/consul/datacenter/selector/index",["exports","@ember/component","@ember/template-factory","@glimmer/component","@ember/object","@glimmer/tracking"],(function(e,t,n,l,r,i){var o,a function u(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -const s=(0,n.createTemplateFactory)({id:"5vaQzlVR",block:'[[[1,"\\n"],[44,[[30,1]],[[[41,[28,[37,2],[[30,3,["length"]],1],null],[[[1," "],[8,[30,2,["Title"]],[[24,0,"consul-side-nav__selector-title"]],null,[["default"],[[[[1,[28,[35,3],["components.hashicorp-consul.side-nav.datacenters.title"],null]]],[]]]]],[1,"\\n "],[8,[39,4],[[24,0,"consul-datacenter-selector"]],[["@list","@items","@item","@key","@icon","@placeholder","@description"],[[30,2],[28,[37,5],["Primary:desc","Local:desc","Name:asc",[30,3]],null],[30,4],"Name","server-cluster",[28,[37,3],["components.hashicorp-consul.side-nav.datacenters.placeholder"],null],[28,[37,3],["components.hashicorp-consul.side-nav.datacenters.description"],null]]],[["default"],[[[[1,"\\n "],[8,[30,5,["Checkmark"]],[[24,0,"consul-datacenter-selector__item"]],[["@selected","@href","@isHrefExternal"],[[28,[37,6],[[30,4,["Name"]],[30,6,["Name"]]],null],[28,[37,7],["."],[["params"],[[28,[37,8],null,[["dc","partition","nspace"],[[30,6,["Name"]],[27],[52,[28,[37,2],[[30,7,["length"]],0],null],[30,7],[27]]]]]]]],false]],[["default"],[[[[1,"\\n "],[10,1],[14,0,"consul-datacenter-selector__dc-name"],[12],[1,"\\n "],[1,[30,6,["Name"]]],[1,"\\n\\n"],[41,[28,[37,9],[[30,6,["Local"]],[30,6,["Primary"]]],null],[[[1," "],[10,1],[14,0,"consul-datacenter-selector__badges"],[12],[1,"\\n"],[41,[30,6,["Primary"]],[[[1," "],[8,[39,10],null,[["@text"],["Primary"]],null],[1,"\\n"]],[]],null],[41,[30,6,["Local"]],[[[1," "],[8,[39,10],null,[["@text"],["Local"]],null],[1,"\\n"]],[]],null],[1," "],[13],[1,"\\n"]],[]],null],[1," "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[5,6]]]]],[1,"\\n"]],[]],[[[1," "],[8,[30,2,["Item"]],[[24,0,"consul-side-nav__datacenter"]],null,[["default"],[[[[1,"\\n "],[8,[39,11],null,[["@name","@color"],["server-cluster","var(--token-form-control-disabled-foreground-color)"]],null],[1,"\\n "],[8,[39,12],null,[["@size","@color"],["200","disabled"]],[["default"],[[[[1,[30,4,["Name"]]]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]]]],[2]]]],["@list","SNL","@dcs","@dc","Dropdown","item","@nspace"],false,["let","if","gt","t","nav-selector","sort-by","eq","href-to","hash","or","hds/badge","flight-icon","hds/text/display"]]',moduleName:"consul-ui/components/consul/datacenter/selector/index.hbs",isStrictMode:!1}) +const s=(0,n.createTemplateFactory)({id:"xS/PrPr6",block:'[[[1,"\\n"],[44,[[30,1]],[[[41,[28,[37,2],[[30,3,["length"]],1],null],[[[1," "],[8,[30,2,["Title"]],[[24,0,"consul-side-nav__selector-title"]],null,[["default"],[[[[1,[28,[35,3],["components.hashicorp-consul.side-nav.datacenters.title"],null]]],[]]]]],[1,"\\n "],[8,[39,4],[[24,0,"consul-datacenter-selector"]],[["@list","@items","@item","@key","@icon","@placeholder","@description"],[[30,2],[28,[37,5],["Primary:desc","Local:desc","Name:asc",[30,3]],null],[30,4],"Name","server-cluster",[28,[37,3],["components.hashicorp-consul.side-nav.datacenters.placeholder"],null],[28,[37,3],["components.hashicorp-consul.side-nav.datacenters.description"],null]]],[["default"],[[[[1,"\\n "],[8,[30,5,["Dropdown","Checkmark"]],[[24,0,"consul-datacenter-selector__item"]],[["@selected","@href","@isHrefExternal"],[[28,[37,6],[[30,4,["Name"]],[30,5,["item","Name"]]],null],[28,[37,7],["."],[["params"],[[28,[37,8],null,[["dc","partition","nspace"],[[30,5,["item","Name"]],[27],[52,[28,[37,2],[[30,6,["length"]],0],null],[30,6],[27]]]]]]]],false]],[["default"],[[[[1,"\\n "],[10,1],[14,0,"consul-datacenter-selector__dc-name"],[12],[1,"\\n "],[1,[30,5,["item","Name"]]],[1,"\\n\\n"],[41,[28,[37,9],[[30,5,["item","Local"]],[30,5,["item","Primary"]]],null],[[[1," "],[10,1],[14,0,"consul-datacenter-selector__badges"],[12],[1,"\\n"],[41,[30,5,["item","Primary"]],[[[1," "],[8,[39,10],null,[["@text"],["Primary"]],null],[1,"\\n"]],[]],null],[41,[30,5,["item","Local"]],[[[1," "],[8,[39,10],null,[["@text"],["Local"]],null],[1,"\\n"]],[]],null],[1," "],[13],[1,"\\n"]],[]],null],[1," "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[5]]]]],[1,"\\n"]],[]],[[[1," "],[8,[30,2,["Item"]],[[24,0,"consul-side-nav__datacenter"]],null,[["default"],[[[[1,"\\n "],[8,[39,11],null,[["@name","@color"],["server-cluster","var(--token-form-control-disabled-foreground-color)"]],null],[1,"\\n "],[8,[39,12],null,[["@size","@color"],["200","disabled"]],[["default"],[[[[1,[30,4,["Name"]]]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]]]],[2]]]],["@list","SNL","@dcs","@dc","Selector","@nspace"],false,["let","if","gt","t","nav-selector","sort-by","eq","href-to","hash","or","hds/badge","flight-icon","hds/text/display"]]',moduleName:"consul-ui/components/consul/datacenter/selector/index.hbs",isStrictMode:!1}) let c=(o=class extends l.default{constructor(){var e,t,n,l super(...arguments),e=this,t="search",l=this,(n=a)&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}get filteredItems(){const e=this.search.toLowerCase() return this.args.dcs.filter((t=>t.Name.toLowerCase().includes(e)))}onSearchInput(e){this.search=e.target.value}},a=u(o.prototype,"search",[i.tracked],{configurable:!0,enumerable:!0,writable:!0,initializer:function(){return""}}),u(o.prototype,"onSearchInput",[r.action],Object.getOwnPropertyDescriptor(o.prototype,"onSearchInput"),o.prototype),o) @@ -837,7 +837,7 @@ e.default=i})),define("consul-ui/components/consul/external-source/index",["expo const r=(0,n.createTemplateFactory)({id:"uG5lBIhe",block:'[[[1,"\\n"],[41,[30,1],[[[44,[[28,[37,2],[[30,1]],null]],[[[41,[28,[37,3],[[30,3],[28,[37,4],[[30,2],"consul-api-gateway"],null]],null],[[[1," "],[10,"dl"],[14,0,"tooltip-panel"],[12],[1,"\\n "],[10,"dt"],[12],[1,"\\n "],[11,1],[24,0,"consul-external-source"],[17,4],[12],[1,"\\n "],[8,[39,5],[[24,0,"mr-1.5 w-4 h-4"]],[["@name"],[[28,[37,6],[[30,2]],null]]],null],[1,"\\n Registered via "],[1,[28,[35,7],[[28,[37,8],["common.brand.",[30,2]],null]],null]],[1,"\\n "],[13],[1,"\\n "],[13],[1,"\\n "],[10,"dd"],[12],[1,"\\n "],[8,[39,9],null,[["@position","@menu"],["left",false]],[["default"],[[[[1,"\\n "],[8,[39,10],null,[["@name"],["header"]],[["default"],[[[[1,"\\n API Gateways manage north-south traffic from external services to services in the Datacenter. For more information, read our documentation.\\n "]],[]]]]],[1,"\\n "],[8,[39,10],null,[["@name"],["menu"]],[["default"],[[[[1,"\\n "],[10,"li"],[14,"role","separator"],[12],[1,"\\n About "],[1,[28,[35,7],[[28,[37,8],["common.brand.",[30,2]],null]],null]],[1,"\\n "],[13],[1,"\\n "],[10,"li"],[14,"role","none"],[14,0,"learn-link"],[12],[1,"\\n "],[10,3],[14,"tabindex","-1"],[14,"role","menuitem"],[15,6,[28,[37,8],[[28,[37,11],["CONSUL_DOCS_LEARN_URL"],null]],null]],[14,"rel","noopener noreferrer"],[14,"target","_blank"],[12],[1,"\\n Learn guides\\n "],[13],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[13],[1,"\\n "],[13],[1,"\\n"]],[]],[[[41,[30,2],[[[1," "],[11,1],[24,0,"consul-external-source"],[17,4],[12],[1,"\\n "],[8,[39,5],[[24,0,"mr-1.5 h-4 w-4"]],[["@name","@color"],[[28,[37,6],[[30,2]],null],"var(--token-color-hashicorp-brand)"]],null],[1,"\\n"],[41,[30,5],[[[1," "],[1,[30,5]],[1,"\\n"]],[]],[[[1," Registered via "],[1,[28,[35,7],[[28,[37,8],["common.brand.",[30,2]],null]],null]],[1,"\\n"]],[]]],[1," "],[13],[1,"\\n "]],[]],null]],[]]]],[2]]]],[]],null]],["@item","externalSource","@withInfo","&attrs","@label"],false,["if","let","service/external-source","and","eq","flight-icon","icon-mapping","t","concat","menu-panel","block-slot","env"]]',moduleName:"consul-ui/components/consul/external-source/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})),define("consul-ui/components/consul/hcp/home/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -const r=(0,n.createTemplateFactory)({id:"HbjP3hiy",block:'[[[1,"\\n"],[44,[[30,1],[28,[37,1],["CONSUL_HCP_URL"],null]],[[[1," "],[1,[54,[[30,3]]]],[1,"\\n"],[41,[28,[37,4],[[30,2],[30,3]],null],[[[1," "],[8,[30,2,["BackLink"]],null,[["@text","@href","@isHrefExternal"],[[28,[37,5],["components.hashicorp-consul.side-nav.hcp"],null],[30,3],true]],null],[1,"\\n"]],[]],null]],[2,3]]]],["@list","SNL","hcpUrl"],false,["let","env","log","if","and","t"]]',moduleName:"consul-ui/components/consul/hcp/home/index.hbs",isStrictMode:!1}) +const r=(0,n.createTemplateFactory)({id:"72uvEJHV",block:'[[[1,"\\n"],[44,[[30,1],[28,[37,1],["CONSUL_HCP_URL"],null]],[[[41,[28,[37,3],[[30,2],[30,3]],null],[[[1," "],[8,[30,2,["BackLink"]],null,[["@text","@href","@isHrefExternal"],[[28,[37,4],["components.hashicorp-consul.side-nav.hcp"],null],[30,3],true]],null],[1,"\\n"]],[]],null]],[2,3]]]],["@list","SNL","hcpUrl"],false,["let","env","if","and","t"]]',moduleName:"consul-ui/components/consul/hcp/home/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})) define("consul-ui/components/consul/health-check/list/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 @@ -1010,7 +1010,7 @@ e.default=i})),define("consul-ui/components/consul/nspace/search-bar/index",["ex const r=(0,n.createTemplateFactory)({id:"DelkwCZ4",block:'[[[1,"\\n"],[8,[39,0],[[24,0,"consul-nspace-search-bar"],[17,1]],[["@filter"],[[30,2]]],[["status","search","sort"],[[[[1,"\\n\\n"],[44,[[28,[37,2],[[28,[37,3],["components.consul.nspace.search-bar.",[30,3,["status","key"]]],null]],[["default"],[[28,[37,4],[[28,[37,3],["common.search.",[30,3,["status","key"]]],null],[28,[37,3],["common.consul.",[30,3,["status","key"]]],null]],null]]]],[28,[37,2],[[28,[37,3],["components.consul.nspace.search-bar.",[30,3,["status","value"]]],null]],[["default"],[[28,[37,4],[[28,[37,3],["common.search.",[30,3,["status","value"]]],null],[28,[37,3],["common.consul.",[30,3,["status","value"]]],null],[28,[37,3],["common.brand.",[30,3,["status","value"]]],null]],null]]]]],[[[1," "],[8,[30,3,["RemoveFilter"]],[[16,"aria-label",[28,[37,2],["common.ui.remove"],[["item"],[[28,[37,3],[[30,4]," ",[30,5]],null]]]]]],null,[["default"],[[[[1,"\\n "],[10,"dl"],[12],[1,"\\n "],[10,"dt"],[12],[1,[30,4]],[13],[1,"\\n "],[10,"dd"],[12],[1,[30,5]],[13],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n"]],[4,5]]],[1,"\\n "]],[3]],[[[1,"\\n "],[8,[30,6,["Search"]],null,[["@onsearch","@value","@placeholder"],[[28,[37,5],[[30,0],[30,7]],null],[30,8],[28,[37,2],["common.search.search"],null]]],[["default"],[[[[1,"\\n "],[8,[30,6,["Select"]],[[24,0,"type-search-properties"]],[["@position","@onchange","@multiple","@required"],["right",[28,[37,5],[[30,0],[30,2,["searchproperty","change"]]],null],true,true]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n "],[1,[28,[35,2],["common.search.searchproperty"],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,9,["Optgroup"]],[30,9,["Option"]]],[[[42,[28,[37,8],[[28,[37,8],[[30,2,["searchproperty","default"]]],null]],null],null,[[[1," "],[8,[30,11],null,[["@value","@selected"],[[30,12],[28,[37,9],[[30,12],[30,2,["searchproperty","value"]]],null]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],[[28,[37,3],["common.consul.",[28,[37,10],[[30,12]],null]],null]],null]],[1,"\\n "]],[]]]]],[1,"\\n"]],[12]],null]],[10,11]]],[1," "]],[]]]]],[1,"\\n "]],[9]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[6]],[[[1,"\\n "],[8,[30,13,["Select"]],[[24,0,"type-sort"]],[["@position","@onchange","@multiple","@required"],["right",[28,[37,5],[[30,0],[30,14,["change"]]],null],false,true]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n"],[44,[[28,[37,11],[[28,[37,4],[[28,[37,4],["Name:asc",[28,[37,2],["common.sort.alpha.asc"],null]],null],[28,[37,4],["Name:desc",[28,[37,2],["common.sort.alpha.desc"],null]],null]],null]],null]],[[[1," "],[1,[28,[35,12],[[30,16],[30,14,["value"]]],null]],[1,"\\n"]],[16]]],[1," "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,15,["Optgroup"]],[30,15,["Option"]]],[[[1," "],[8,[30,17],null,[["@label"],[[28,[37,2],["common.consul.name"],null]]],[["default"],[[[[1,"\\n "],[8,[30,18],null,[["@value","@selected"],["Name:asc",[28,[37,13],["Name:asc",[30,14,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.alpha.asc"],null]]],[]]]]],[1,"\\n "],[8,[30,18],null,[["@value","@selected"],["Name:desc",[28,[37,13],["Name:desc",[30,14,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.alpha.desc"],null]]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[17,18]]],[1," "]],[]]]]],[1,"\\n "]],[15]]]]],[1,"\\n "]],[13]]]]]],["&attrs","@filter","search","key","value","search","@onsearch","@search","components","Optgroup","Option","prop","search","@sort","components","selectable","Optgroup","Option"],false,["search-bar","let","t","concat","array","action","block-slot","each","-track-array","includes","lowercase","from-entries","get","eq"]]',moduleName:"consul-ui/components/consul/nspace/search-bar/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})),define("consul-ui/components/consul/nspace/selector/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -const r=(0,n.createTemplateFactory)({id:"5UTTzYK/",block:'[[[1,"\\n"],[41,[28,[37,1],[[28,[37,2],["use nspaces"],null],[28,[37,2],["choose nspaces"],null]],null],[[[1," "],[8,[39,3],null,[["@src","@onchange"],[[28,[37,4],["/${partition}/*/${dc}/namespaces",[28,[37,5],null,[["partition","dc"],[[30,1],[30,2,["Name"]]]]]],null],[28,[37,6],[[28,[37,7],[[30,3]],null]],null]]],null],[1,"\\n"],[44,[[30,4],[52,[30,5],[28,[37,5],null,[["Name"],[[30,5]]]],[28,[37,5],null,[["Name"],["default"]]]],[28,[37,9],["dc.nspaces",[30,2,["Name"]]],null]],[[[1," "],[8,[30,6,["Title"]],[[24,0,"consul-side-nav__selector-title"]],null,[["default"],[[[[1,[28,[35,10],["components.hashicorp-consul.side-nav.nspaces.title"],null]]],[]]]]],[1,"\\n "],[8,[39,11],null,[["@list","@items","@item","@key","@icon","@placeholder","@footerLink","@footerLinkText"],[[30,4],[28,[37,12],["Name:asc",[28,[37,13],["DeletedAt",[30,9]],null]],null],[30,7],"Name","folder",[28,[37,10],["components.hashicorp-consul.side-nav.nspaces.placeholder"],null],[28,[37,14],["dc.nspaces",[30,2,["Name"]]],null],[28,[37,10],["components.hashicorp-consul.side-nav.nspaces.footer"],null]]],[["default"],[[[[1,"\\n "],[8,[30,10,["Checkmark"]],null,[["@selected","@href","@isHrefExternal"],[[28,[37,15],[[30,7,["Name"]],[30,11,["Name"]]],null],[52,[30,8],[28,[37,14],["dc.services.index"],[["params"],[[28,[37,5],null,[["partition","nspace","dc"],[[52,[28,[37,16],[[30,1,["length"]],0],null],[30,1],[27]],[30,11,["Name"]],[30,2,["Name"]]]]]]]],[28,[37,14],["."],[["params"],[[28,[37,5],null,[["partition","nspace"],[[52,[28,[37,16],[[30,1,["length"]],0],null],[30,1],[27]],[30,11,["Name"]]]]]]]]],false]],[["default"],[[[[1,"\\n "],[1,[30,11,["Name"]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[10,11]]]]],[1,"\\n"]],[6,7,8]]]],[]],null]],["@partition","@dc","@onchange","@list","@nspace","SNL","nspace","isManaging","@nspaces","Dropdown","item"],false,["if","and","can","data-source","uri","hash","fn","optional","let","is-href","t","nav-selector","sort-by","reject-by","href-to","eq","gt"]]',moduleName:"consul-ui/components/consul/nspace/selector/index.hbs",isStrictMode:!1}) +const r=(0,n.createTemplateFactory)({id:"ZHMEj55d",block:'[[[1,"\\n"],[41,[28,[37,1],[[28,[37,2],["use nspaces"],null],[28,[37,2],["choose nspaces"],null]],null],[[[44,[[30,1],[52,[30,2],[28,[37,4],null,[["Name"],[[30,2]]]],[28,[37,4],null,[["Name"],["default"]]]],[28,[37,5],["dc.nspaces",[30,3,["Name"]]],null]],[[[1," "],[8,[30,4,["Title"]],[[24,0,"consul-side-nav__selector-title"]],null,[["default"],[[[[1,[28,[35,6],["components.hashicorp-consul.side-nav.nspaces.title"],null]]],[]]]]],[1,"\\n "],[8,[39,7],null,[["@list","@items","@item","@key","@icon","@placeholder","@footerLink","@footerLinkText"],[[30,1],[28,[37,8],["Name:asc",[28,[37,9],["DeletedAt",[30,7]],null]],null],[30,5],"Name","folder",[28,[37,6],["components.hashicorp-consul.side-nav.nspaces.placeholder"],null],[28,[37,10],["dc.nspaces",[30,3,["Name"]]],null],[28,[37,6],["components.hashicorp-consul.side-nav.nspaces.footer"],null]]],[["default"],[[[[1,"\\n "],[8,[30,8,["Data"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,11],null,[["@src","@loading","@onchange"],[[28,[37,12],["/${partition}/*/${dc}/namespaces",[28,[37,4],null,[["partition","dc"],[[30,9],[30,3,["Name"]]]]]],null],"lazy",[28,[37,13],[[28,[37,14],[[30,10]],null]],null]]],null],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[30,8,["Dropdown","Checkmark"]],null,[["@selected","@href","@isHrefExternal"],[[28,[37,15],[[30,5,["Name"]],[30,8,["item","Name"]]],null],[28,[37,10],["dc.services.index"],[["params"],[[28,[37,4],null,[["partition","nspace","peer","dc"],[[52,[28,[37,16],[[30,9,["length"]],0],null],[30,9],[27]],[30,8,["item","Name"]],[27],[30,3,["Name"]]]]]]]],false]],[["default"],[[[[1,"\\n "],[1,[30,8,["item","Name"]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[8]]]]],[1,"\\n"]],[4,5,6]]]],[]],null]],["@list","@nspace","@dc","SNL","nspace","isManaging","@nspaces","Selector","@partition","@onchange"],false,["if","and","can","let","hash","is-href","t","nav-selector","sort-by","reject-by","href-to","data-source","uri","fn","optional","eq","gt"]]',moduleName:"consul-ui/components/consul/nspace/selector/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})),define("consul-ui/components/consul/partition/form/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const r=(0,n.createTemplateFactory)({id:"IFfwt6JG",block:'[[[1,"\\n"],[11,0],[24,0,"consul-partition-form"],[17,1],[12],[1,"\\n "],[8,[39,0],null,[["@sink","@type","@label","@ondelete","@onchange"],[[28,[37,1],["/${partition}/${nspace}/${dc}/partition",[28,[37,2],null,[["partition","nspace","dc"],["","",[30,2,["Datacenter"]]]]]],null],"partition","Partition",[28,[37,3],[[52,[30,3],[30,3],[30,4]],[30,2]],null],[28,[37,3],[[28,[37,5],[[30,4]],null],[30,2]],null]]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["removed"]],[["default"],[[[[1,"\\n "],[8,[39,7],[[4,[38,8],null,[["after"],[[28,[37,9],[[30,0],[30,6]],null]]]]],[["@type"],["remove"]],null],[1,"\\n "]],[6]]]]],[1,"\\n\\n "],[8,[39,6],null,[["@name"],["content"]],[["default"],[[[[1,"\\n\\n"],[44,[[28,[37,11],[[28,[37,12],["write partition"],null]],null],[30,2],[28,[37,2],null,[["help","Name"],["Must be a valid DNS hostname. Must contain 1-64 characters (numbers, letters, and hyphens), and must begin with a letter. Once created, this cannot be changed.",[28,[37,13],[[28,[37,2],null,[["test","error"],["^[a-zA-Z0-9]([a-zA-Z0-9-]{0,62}[a-zA-Z0-9])?$","Name must be a valid DNS hostname."]]]],null]]]],[28,[37,2],null,[["Description"],[[28,[37,13],null,null]]]]],[[[11,"form"],[4,[38,14],["submit",[28,[37,3],[[30,5,["persist"]],[30,8]],null]],null],[4,[38,15],[[30,7]],null],[12],[1,"\\n\\n"],[8,[39,16],null,[["@src"],[[28,[37,16],["validate"],null]]],[["default"],[[[[1,"\\n\\n "],[10,"fieldset"],[12],[1,"\\n"],[41,[28,[37,17],["new partition"],[["item"],[[30,8]]]],[[[1," "],[8,[39,18],null,[["@name","@placeholder","@item","@validations","@chart"],["Name","Name",[30,8],[30,9],[28,[37,2],null,[["state","dispatch"],[[30,15],[30,14]]]]]],null],[1,"\\n"]],[]],null],[1," "],[8,[39,18],null,[["@expanded","@name","@label","@item","@validations","@chart"],[true,"Description","Description (Optional)",[30,8],[30,10],[28,[37,2],null,[["state","dispatch"],[[30,15],[30,14]]]]]],null],[1,"\\n "],[13],[1,"\\n\\n "],[10,0],[12],[1,"\\n "],[8,[39,19],null,null,[["default"],[[[[1,"\\n\\n\\n"],[41,[28,[37,20],[[28,[37,17],["new partition"],[["item"],[[30,8]]]],[28,[37,12],["create partitions"],null]],null],[[[1," "],[8,[39,21],[[16,"disabled",[28,[37,22],[[28,[37,17],["pristine partition"],[["item"],[[30,8]]]],[28,[37,23],[[30,15],"error"],null]],null]],[24,4,"submit"]],[["@text"],["Save"]],null],[1,"\\n"]],[]],[[[41,[28,[37,11],[[30,7]],null],[[[1," "],[8,[39,21],[[24,4,"submit"]],[["@text"],["Save"]],null],[1,"\\n"]],[]],null]],[]]],[1," "],[8,[39,21],[[24,4,"reset"],[4,[38,14],["click",[52,[30,16],[28,[37,3],[[28,[37,5],[[30,16],[30,8]],null]],null],[28,[37,3],[[28,[37,5],[[30,4],[30,8]],null]],null]]],null]],[["@text","@color"],["Cancel","secondary"]],null],[1,"\\n\\n"],[41,[28,[37,20],[[28,[37,11],[[28,[37,17],["new partition"],[["item"],[[30,8]]]]],null],[28,[37,12],["delete partition"],[["item"],[[30,8]]]]],null],[[[1," "],[8,[39,24],null,[["@message"],["Are you sure you want to delete this Partition?"]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["action"]],[["default"],[[[[1,"\\n "],[8,[39,21],[[4,[38,14],["click",[28,[37,3],[[30,17],[28,[37,3],[[30,5,["delete"]],[30,8]],null]],null]],null]],[["@text","@color"],["Delete","critical"]],null],[1,"\\n "]],[17]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["dialog"]],[["default"],[[[[1,"\\n "],[8,[39,25],null,[["@message","@execute","@cancel"],[[30,20],[30,18],[30,19]]],null],[1,"\\n "]],[18,19,20]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]],null],[1," "]],[]]]]],[1,"\\n "],[13],[1,"\\n\\n"]],[11,12,13,14,15]]]]],[1,"\\n"],[13],[1,"\\n\\n"]],[7,8,9,10]]],[1," "]],[]]]]],[1,"\\n"]],[5]]]]],[1,"\\n"],[13],[1,"\\n"]],["&attrs","@item","@ondelete","@onsubmit","writer","after","readOnly","item","Name","Description","State","Guard","ChartAction","dispatch","state","@oncancel","confirm","execute","cancel","message"],false,["data-writer","uri","hash","fn","if","optional","block-slot","consul/partition/notifications","notification","action","let","not","can","array","on","disabled","state-chart","is","text-input","hds/button-set","and","hds/button","or","state-matches","confirmation-dialog","delete-confirmation"]]',moduleName:"consul-ui/components/consul/partition/form/index.hbs",isStrictMode:!1}) @@ -1025,7 +1025,7 @@ e.default=i})),define("consul-ui/components/consul/partition/search-bar/index",[ const r=(0,n.createTemplateFactory)({id:"IuHkFeus",block:'[[[1,"\\n"],[8,[39,0],[[24,0,"consul-partition-search-bar"],[17,1]],[["@filter"],[[30,2]]],[["status","search","sort"],[[[[1,"\\n\\n"],[44,[[28,[37,2],[[28,[37,3],["components.consul.nspace.search-bar.",[30,3,["status","key"]]],null]],[["default"],[[28,[37,4],[[28,[37,3],["common.search.",[30,3,["status","key"]]],null],[28,[37,3],["common.consul.",[30,3,["status","key"]]],null]],null]]]],[28,[37,2],[[28,[37,3],["components.consul.nspace.search-bar.",[30,3,["status","value"]]],null]],[["default"],[[28,[37,4],[[28,[37,3],["common.search.",[30,3,["status","value"]]],null],[28,[37,3],["common.consul.",[30,3,["status","value"]]],null],[28,[37,3],["common.brand.",[30,3,["status","value"]]],null]],null]]]]],[[[1," "],[8,[30,3,["RemoveFilter"]],[[16,"aria-label",[28,[37,2],["common.ui.remove"],[["item"],[[28,[37,3],[[30,4]," ",[30,5]],null]]]]]],null,[["default"],[[[[1,"\\n "],[10,"dl"],[12],[1,"\\n "],[10,"dt"],[12],[1,[30,4]],[13],[1,"\\n "],[10,"dd"],[12],[1,[30,5]],[13],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n"]],[4,5]]],[1,"\\n "]],[3]],[[[1,"\\n "],[8,[30,6,["Search"]],null,[["@onsearch","@value","@placeholder"],[[28,[37,5],[[30,0],[30,7]],null],[30,8],[28,[37,2],["common.search.search"],null]]],[["default"],[[[[1,"\\n "],[8,[30,6,["Select"]],[[24,0,"type-search-properties"]],[["@position","@onchange","@multiple","@required"],["right",[28,[37,5],[[30,0],[30,2,["searchproperty","change"]]],null],true,true]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n "],[1,[28,[35,2],["common.search.searchproperty"],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,9,["Optgroup"]],[30,9,["Option"]]],[[[42,[28,[37,8],[[28,[37,8],[[30,2,["searchproperty","default"]]],null]],null],null,[[[1," "],[8,[30,11],null,[["@value","@selected"],[[30,12],[28,[37,9],[[30,12],[30,2,["searchproperty","value"]]],null]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],[[28,[37,3],["common.consul.",[28,[37,10],[[30,12]],null]],null]],null]],[1,"\\n "]],[]]]]],[1,"\\n"]],[12]],null]],[10,11]]],[1," "]],[]]]]],[1,"\\n "]],[9]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[6]],[[[1,"\\n "],[8,[30,13,["Select"]],[[24,0,"type-sort"]],[["@position","@onchange","@multiple","@required"],["right",[28,[37,5],[[30,0],[30,14,["change"]]],null],false,true]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n"],[44,[[28,[37,11],[[28,[37,4],[[28,[37,4],["Name:asc",[28,[37,2],["common.sort.alpha.asc"],null]],null],[28,[37,4],["Name:desc",[28,[37,2],["common.sort.alpha.desc"],null]],null]],null]],null]],[[[1," "],[1,[28,[35,12],[[30,16],[30,14,["value"]]],null]],[1,"\\n"]],[16]]],[1," "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,15,["Optgroup"]],[30,15,["Option"]]],[[[1," "],[8,[30,17],null,[["@label"],[[28,[37,2],["common.consul.name"],null]]],[["default"],[[[[1,"\\n "],[8,[30,18],null,[["@value","@selected"],["Name:asc",[28,[37,13],["Name:asc",[30,14,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.alpha.asc"],null]]],[]]]]],[1,"\\n "],[8,[30,18],null,[["@value","@selected"],["Name:desc",[28,[37,13],["Name:desc",[30,14,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.alpha.desc"],null]]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[17,18]]],[1," "]],[]]]]],[1,"\\n "]],[15]]]]],[1,"\\n "]],[13]]]]]],["&attrs","@filter","search","key","value","search","@onsearch","@search","components","Optgroup","Option","prop","search","@sort","components","selectable","Optgroup","Option"],false,["search-bar","let","t","concat","array","action","block-slot","each","-track-array","includes","lowercase","from-entries","get","eq"]]',moduleName:"consul-ui/components/consul/partition/search-bar/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})),define("consul-ui/components/consul/partition/selector/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -const r=(0,n.createTemplateFactory)({id:"2skwmygl",block:'[[[1,"\\n"],[44,[[30,1],[52,[30,2],[28,[37,2],null,[["Name"],[[30,2]]]],[28,[37,2],null,[["Name"],["default"]]]],[28,[37,3],["dc.partitions",[30,3,["Name"]]],null],[28,[37,4],["choose partitions"],[["dc"],[[30,3]]]]],[[[1," "],[8,[39,5],null,[["@src","@onchange"],[[28,[37,6],["/*/*/${dc}/partitions",[28,[37,2],null,[["dc"],[[30,3,["Name"]]]]]],null],[28,[37,7],[[28,[37,8],[[30,8]],null]],null]]],null],[1,"\\n "],[8,[30,4,["Title"]],[[24,0,"consul-side-nav__selector-title"]],null,[["default"],[[[[1,[28,[35,9],["components.hashicorp-consul.side-nav.partitions.title"],null]]],[]]]]],[1,"\\n "],[8,[39,10],null,[["@list","@items","@item","@key","@icon","@placeholder","@footerLink","@footerLinkText","@disabled"],[[30,1],[28,[37,11],["Name:asc",[28,[37,12],["DeletedAt",[30,9]],null]],null],[30,5],"Name","users",[28,[37,9],["components.hashicorp-consul.side-nav.partitions.placeholder"],null],[28,[37,13],["dc.partitions",[30,3,["Name"]]],null],[28,[37,9],["components.hashicorp-consul.side-nav.partitions.footer"],null],[28,[37,14],[[30,7]],null]]],[["default"],[[[[1,"\\n"],[41,[30,7],[[[1," "],[8,[30,10,["Checkmark"]],null,[["@selected","@href","@isHrefExternal"],[[28,[37,15],[[30,5,["Name"]],[30,11,["Name"]]],null],[52,[30,11,["href"]],[30,11,["href"]],[52,[30,6],[28,[37,13],["dc.services.index"],[["params"],[[28,[37,2],null,[["partition","nspace","dc"],[[30,11,["Name"]],[27],[30,3,["Name"]]]]]]]],[28,[37,13],["."],[["params"],[[28,[37,2],null,[["partition","nspace"],[[30,11,["Name"]],[27]]]]]]]]],false]],[["default"],[[[[1,"\\n "],[1,[30,11,["Name"]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]],null],[1," "]],[10,11]]]]],[1,"\\n"]],[4,5,6,7]]]],["@list","@partition","@dc","SNL","partition","isManaging","canChoose","@onchange","@partitions","Dropdown","item"],false,["let","if","hash","is-href","can","data-source","uri","fn","optional","t","nav-selector","sort-by","reject-by","href-to","not","eq"]]',moduleName:"consul-ui/components/consul/partition/selector/index.hbs",isStrictMode:!1}) +const r=(0,n.createTemplateFactory)({id:"kdZOlgGd",block:'[[[1,"\\n"],[44,[[30,1],[52,[30,2],[28,[37,2],null,[["Name"],[[30,2]]]],[28,[37,2],null,[["Name"],["default"]]]],[28,[37,3],["dc.partitions",[30,3,["Name"]]],null],[28,[37,4],["choose partitions"],[["dc"],[[30,3]]]]],[[[1," "],[8,[30,4,["Title"]],[[24,0,"consul-side-nav__selector-title"]],null,[["default"],[[[[1,[28,[35,5],["components.hashicorp-consul.side-nav.partitions.title"],null]]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@list","@items","@item","@key","@icon","@placeholder","@footerLink","@footerLinkText","@disabled"],[[30,1],[28,[37,7],["Name:asc",[28,[37,8],["DeletedAt",[30,8]],null]],null],[30,5],"Name","users",[28,[37,5],["components.hashicorp-consul.side-nav.partitions.placeholder"],null],[28,[37,9],["dc.partitions",[30,3,["Name"]]],null],[28,[37,5],["components.hashicorp-consul.side-nav.partitions.footer"],null],[28,[37,10],[[30,7]],null]]],[["default"],[[[[1,"\\n "],[8,[30,9,["Data"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,11],null,[["@src","@loading","@onchange"],[[28,[37,12],["/*/*/${dc}/partitions",[28,[37,2],null,[["dc"],[[30,3,["Name"]]]]]],null],"lazy",[28,[37,13],[[28,[37,14],[[30,10]],null]],null]]],null],[1,"\\n "]],[]]]]],[1,"\\n"],[41,[30,7],[[[1," "],[8,[30,9,["Dropdown","Checkmark"]],null,[["@selected","@href","@isHrefExternal"],[[28,[37,15],[[30,5,["Name"]],[30,9,["item","Name"]]],null],[52,[30,9,["item","href"]],[30,9,["item","href"]],[28,[37,9],["dc.services.index"],[["params"],[[28,[37,2],null,[["partition","nspace","peer","dc"],[[30,9,["item","Name"]],[27],[27],[30,3,["Name"]]]]]]]]],false]],[["default"],[[[[1,"\\n "],[1,[30,9,["item","Name"]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]],null],[1," "]],[9]]]]],[1,"\\n"]],[4,5,6,7]]]],["@list","@partition","@dc","SNL","partition","isManaging","canChoose","@partitions","Selector","@onchange"],false,["let","if","hash","is-href","can","t","nav-selector","sort-by","reject-by","href-to","not","data-source","uri","fn","optional","eq"]]',moduleName:"consul-ui/components/consul/partition/selector/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})),define("consul-ui/components/consul/peer/address/list/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const r=(0,n.createTemplateFactory)({id:"TNoxeoLi",block:'[[[1,"\\n"],[8,[39,0],null,null,[["default"],[[[[1,"\\n"],[41,[30,1,["data","height"]],[[[1," "],[10,0],[15,5,[30,1,["data","fillRemainingHeightStyle"]]],[14,0,"overflow-y-scroll"],[12],[1,"\\n "],[8,[39,2],null,[["@tagName","@estimateHeight","@items"],["ul",[30,1,["data","height"]],[30,2]]],[["default"],[[[[1,"\\n "],[10,"li"],[14,0,"px-3 h-12 border-bottom-primary flex items-center justify-between group"],[12],[1,"\\n "],[10,0],[14,0,"hds-typography-display-300 text-hds-foreground-strong hds-font-weight-semibold"],[12],[1,[30,3]],[13],[1,"\\n "],[8,[39,3],[[24,0,"opacity-0 group-hover:opacity-100"]],[["@value","@name"],[[30,3],"Address"]],null],[1,"\\n "],[13],[1,"\\n "]],[3,4]]]]],[1,"\\n "],[13],[1,"\\n"]],[]],null]],[1]]]]]],["p","@items","address","index"],false,["providers/dimension","if","vertical-collection","consul-copy-button"]]',moduleName:"consul-ui/components/consul/peer/address/list/index.hbs",isStrictMode:!1}) @@ -1115,9 +1115,12 @@ return(null===(t=e.Service)||void 0===t||null===(n=t.Meta)||void 0===n?void 0:n[ const r=(0,n.createTemplateFactory)({id:"VjdzBiZi",block:'[[[1,"\\n"],[8,[39,0],[[24,0,"consul-service-instance-search-bar"],[17,1]],[["@filter"],[[30,2]]],[["status","search","filter","sort"],[[[[1,"\\n\\n"],[44,[[28,[37,2],[[28,[37,3],["components.consul.service-instance.search-bar.",[30,3,["status","key"]],".name"],null]],[["default"],[[28,[37,4],[[28,[37,3],["common.search.",[30,3,["status","key"]]],null],[28,[37,3],["common.consul.",[30,3,["status","key"]]],null]],null]]]],[28,[37,2],[[28,[37,3],["components.consul.service-instance.search-bar.",[30,3,["status","key"]],".options.",[30,3,["status","value"]]],null]],[["default"],[[28,[37,4],[[28,[37,3],["common.search.",[30,3,["status","value"]]],null],[28,[37,3],["common.consul.",[30,3,["status","value"]]],null],[28,[37,3],["common.brand.",[30,3,["status","value"]]],null]],null]]]]],[[[1," "],[8,[30,3,["RemoveFilter"]],[[16,"aria-label",[28,[37,2],["common.ui.remove"],[["item"],[[28,[37,3],[[30,4]," ",[30,5]],null]]]]]],null,[["default"],[[[[1,"\\n "],[10,"dl"],[12],[1,"\\n "],[10,"dt"],[12],[1,[30,4]],[13],[1,"\\n "],[10,"dd"],[12],[1,[30,5]],[13],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n"]],[4,5]]],[1,"\\n "]],[3]],[[[1,"\\n "],[8,[30,6,["Search"]],null,[["@onsearch","@value","@placeholder"],[[28,[37,5],[[30,0],[30,7]],null],[30,8],[28,[37,2],["common.search.search"],null]]],[["default"],[[[[1,"\\n"],[41,[30,2,["searchproperty"]],[[[1," "],[8,[30,6,["Select"]],[[24,0,"type-search-properties"]],[["@position","@onchange","@multiple","@required"],["right",[28,[37,5],[[30,0],[30,2,["searchproperty","change"]]],null],true,true]],[["default"],[[[[1,"\\n "],[8,[39,7],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n "],[1,[28,[35,2],["common.search.searchproperty"],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,7],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,9,["Option"]]],[[[42,[28,[37,9],[[28,[37,9],[[30,2,["searchproperty","default"]]],null]],null],null,[[[1," "],[8,[30,10],null,[["@value","@selected"],[[30,11],[28,[37,10],[[30,11],[30,2,["searchproperty","value"]]],null]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],[[28,[37,3],["common.consul.",[28,[37,11],[[30,11]],null]],null]],null]],[1,"\\n "]],[]]]]],[1,"\\n"]],[11]],null]],[10]]],[1," "]],[]]]]],[1,"\\n "]],[9]]]]],[1,"\\n"]],[]],null],[1," "]],[]]]]],[1,"\\n "]],[6]],[[[1,"\\n "],[8,[30,12,["Select"]],[[24,0,"type-status"]],[["@position","@onchange","@multiple"],["left",[28,[37,5],[[30,0],[30,2,["status","change"]]],null],true]],[["default"],[[[[1,"\\n "],[8,[39,7],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n "],[1,[28,[35,2],["common.consul.status"],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,7],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,13,["Optgroup"]],[30,13,["Option"]]],[[[42,[28,[37,9],[[28,[37,9],[[28,[37,4],["passing","warning","critical","empty"],null]],null]],null],null,[[[1," "],[8,[30,15],[[16,0,[29,["value-",[30,16]]]]],[["@value","@selected"],[[30,16],[28,[37,10],[[30,16],[30,2,["status","value"]]],null]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],[[28,[37,3],["common.consul.",[30,16]],null]],[["default"],[[28,[37,4],[[28,[37,3],["common.search.",[30,16]],null]],null]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[16]],null]],[14,15]]],[1," "]],[]]]]],[1,"\\n "]],[13]]]]],[1,"\\n"],[41,[28,[37,12],[[30,17,["length"]],0],null],[[[1," "],[8,[30,12,["Select"]],[[24,0,"type-source"]],[["@position","@onchange","@multiple"],["left",[28,[37,5],[[30,0],[30,2,["source","change"]]],null],true]],[["default"],[[[[1,"\\n "],[8,[39,13],null,[["@components","@filter","@sources"],[[30,18],[30,2],[30,17]]],null],[1,"\\n "]],[18]]]]],[1,"\\n"]],[]],null],[1," "]],[12]],[[[1,"\\n "],[8,[30,19,["Select"]],[[24,0,"type-sort"]],[["@position","@onchange","@multiple","@required"],["right",[28,[37,5],[[30,0],[30,20,["change"]]],null],false,true]],[["default"],[[[[1,"\\n "],[8,[39,7],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n"],[44,[[28,[37,14],[[28,[37,4],[[28,[37,4],["Name:asc",[28,[37,2],["common.sort.alpha.asc"],null]],null],[28,[37,4],["Name:desc",[28,[37,2],["common.sort.alpha.desc"],null]],null],[28,[37,4],["Status:asc",[28,[37,2],["common.sort.status.asc"],null]],null],[28,[37,4],["Status:desc",[28,[37,2],["common.sort.status.desc"],null]],null]],null]],null]],[[[1," "],[1,[28,[35,15],[[30,22],[30,20,["value"]]],null]],[1,"\\n"]],[22]]],[1," "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,7],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,21,["Optgroup"]],[30,21,["Option"]]],[[[1," "],[8,[30,23],null,[["@label"],[[28,[37,2],["common.consul.status"],null]]],[["default"],[[[[1,"\\n "],[8,[30,24],null,[["@value","@selected"],["Status:asc",[28,[37,16],["Status:asc",[30,20,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.status.asc"],null]]],[]]]]],[1,"\\n "],[8,[30,24],null,[["@value","@selected"],["Status:desc",[28,[37,16],["Status:desc",[30,20,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.status.desc"],null]]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[30,23],null,[["@label"],[[28,[37,2],["components.consul.service-instance.search-bar.sort.name.name"],null]]],[["default"],[[[[1,"\\n "],[8,[30,24],null,[["@value","@selected"],["Name:asc",[28,[37,16],["Name:asc",[30,20,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.alpha.asc"],null]]],[]]]]],[1,"\\n "],[8,[30,24],null,[["@value","@selected"],["Name:desc",[28,[37,16],["Name:desc",[30,20,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.alpha.desc"],null]]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[23,24]]],[1," "]],[]]]]],[1,"\\n "]],[21]]]]],[1,"\\n "]],[19]]]]],[1,"\\n"]],["&attrs","@filter","search","key","value","search","@onsearch","@search","components","Option","prop","search","components","Optgroup","Option","state","@sources","components","search","@sort","components","selectable","Optgroup","Option"],false,["search-bar","let","t","concat","array","action","if","block-slot","each","-track-array","includes","lowercase","gt","consul/sources-select","from-entries","get","eq"]]',moduleName:"consul-ui/components/consul/service-instance/search-bar/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})),define("consul-ui/components/consul/service/list/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -const r=(0,n.createTemplateFactory)({id:"DY2ljV0F",block:'[[[1,"\\n"],[8,[39,0],[[24,0,"consul-service-list"],[17,1]],[["@items","@linkable"],[[30,2],"linkable service"]],[["default"],[[[[1,"\\n "],[8,[39,1],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"dl"],[15,0,[30,3,["MeshStatus"]]],[12],[1,"\\n "],[10,"dt"],[12],[1,"\\n Health\\n "],[13],[1,"\\n "],[11,"dd"],[4,[38,2],[[30,3,["healthTooltipText"]]],null],[12],[13],[1,"\\n "],[13],[1,"\\n"],[41,[28,[37,4],[[30,3,["InstanceCount"]],0],null],[[[1," "],[10,3],[15,6,[28,[37,5],["dc.services.show.index",[30,3,["Name"]]],[["params"],[[52,[28,[37,6],[[30,3,["Partition"]],[30,5]],null],[28,[37,7],null,[["partition","nspace","peer"],[[30,3,["Partition"]],[30,3,["Namespace"]],[30,3,["PeerName"]]]]],[28,[37,7],null,[["peer"],[[30,3,["PeerName"]]]]]]]]]],[12],[1,"\\n "],[1,[30,3,["Name"]]],[1,"\\n "],[13],[1,"\\n"]],[]],[[[1," "],[10,2],[12],[1,"\\n "],[1,[30,3,["Name"]]],[1,"\\n "],[13],[1,"\\n"]],[]]],[1," "]],[]]]]],[1,"\\n "],[8,[39,1],null,[["@name"],["details"]],[["default"],[[[[1,"\\n "],[8,[39,8],null,[["@item"],[[30,3]]],null],[1,"\\n "],[8,[39,9],null,[["@item"],[[30,3]]],null],[1,"\\n"],[41,[28,[37,10],[[28,[37,6],[[30,3,["InstanceCount"]],0],null],[28,[37,10],[[28,[37,6],[[30,3,["Kind"]],"terminating-gateway"],null],[28,[37,6],[[30,3,["Kind"]],"ingress-gateway"],null]],null]],null],[[[1," "],[10,1],[12],[1,"\\n "],[1,[28,[35,11],[[30,3,["InstanceCount"]]],null]],[1,"\\n "],[1,[28,[35,12],[[30,3,["InstanceCount"]],"instance"],[["without-count"],[true]]]],[1,"\\n "],[13],[1,"\\n"]],[]],null],[41,[51,[30,6]],[[[1," "],[8,[39,14],null,[["@item","@nspace","@partition"],[[30,3],[30,7],[30,5]]],null],[1,"\\n"]],[]],null],[41,[28,[37,15],[[30,3,["Kind"]],"terminating-gateway"],null],[[[1," "],[10,1],[12],[1,"\\n "],[1,[28,[35,11],[[30,3,["GatewayConfig","AssociatedServiceCount"]]],null]],[1,"\\n "],[1,[28,[35,12],[[30,3,["GatewayConfig","AssociatedServiceCount"]],"linked service"],[["without-count"],[true]]]],[1,"\\n "],[13],[1,"\\n"]],[]],[[[41,[28,[37,15],[[30,3,["Kind"]],"ingress-gateway"],null],[[[1," "],[10,1],[12],[1,"\\n "],[1,[28,[35,11],[[30,3,["GatewayConfig","AssociatedServiceCount"]]],null]],[1,"\\n "],[1,[28,[35,12],[[30,3,["GatewayConfig","AssociatedServiceCount"]],"upstream"],[["without-count"],[true]]]],[1,"\\n "],[13],[1,"\\n "]],[]],null]],[]]],[41,[28,[37,16],[[30,3,["ConnectedWithGateway"]],[30,3,["ConnectedWithProxy"]]],null],[[[1," "],[10,"dl"],[14,0,"mesh"],[12],[1,"\\n "],[10,"dt"],[12],[1,"\\n "],[8,[39,2],null,null,[["default"],[[[[1,"\\n This service uses a proxy for the Consul service mesh\\n "]],[]]]]],[1,"\\n "],[13],[1,"\\n"],[41,[28,[37,10],[[30,3,["ConnectedWithGateway"]],[30,3,["ConnectedWithProxy"]]],null],[[[1," "],[10,"dd"],[12],[1,"\\n in service mesh with proxy and gateway\\n "],[13],[1,"\\n"]],[]],[[[41,[30,3,["ConnectedWithProxy"]],[[[1," "],[10,"dd"],[12],[1,"\\n in service mesh with proxy\\n "],[13],[1,"\\n"]],[]],[[[41,[30,3,["ConnectedWithGateway"]],[[[1," "],[10,"dd"],[12],[1,"\\n in service mesh with gateway\\n "],[13],[1,"\\n "]],[]],null]],[]]]],[]]],[1," "],[13],[1,"\\n"]],[]],null],[1," "],[8,[39,17],null,[["@item"],[[30,3]]],null],[1,"\\n "]],[]]]]],[1,"\\n"]],[3,4]]]]],[1,"\\n"]],["&attrs","@items","item","index","@partition","@isPeerDetail","@nspace"],false,["list-collection","block-slot","tooltip","if","gt","href-to","not-eq","hash","consul/kind","consul/external-source","and","format-number","pluralize","unless","consul/bucket/list","eq","or","tag-list"]]',moduleName:"consul-ui/components/consul/service/list/index.hbs",isStrictMode:!1}) +const r=(0,n.createTemplateFactory)({id:"xPCwneUJ",block:'[[[1,"\\n"],[8,[39,0],[[24,0,"consul-service-list"],[17,1]],[["@items","@linkable"],[[30,2],"linkable service"]],[["default"],[[[[1,"\\n "],[8,[39,1],null,[["@item","@partition","@nspace"],[[30,3],[30,5],[30,6]]],null],[1,"\\n"]],[3,4]]]]],[1,"\\n"]],["&attrs","@items","item","index","@partition","@nspace"],false,["list-collection","consul/service/list/item"]]',moduleName:"consul-ui/components/consul/service/list/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) -e.default=i})),define("consul-ui/components/consul/service/search-bar/index",["exports","@ember/component","@ember/template-factory","@glimmer/component"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=i})),define("consul-ui/components/consul/service/list/item/index",["exports","@ember/component","@ember/template-factory","@glimmer/component"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +const r=(0,n.createTemplateFactory)({id:"cAe7geUl",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"dl"],[15,0,[30,1,["MeshStatus"]]],[12],[1,"\\n "],[10,"dt"],[12],[1,"\\n Health\\n "],[13],[1,"\\n "],[11,"dd"],[4,[38,1],[[30,1,["healthTooltipText"]]],null],[12],[13],[1,"\\n "],[13],[1,"\\n"],[41,[28,[37,3],[[30,1,["InstanceCount"]],0],null],[[[1," "],[10,3],[15,6,[28,[37,4],["dc.services.show.index",[30,1,["Name"]]],[["params"],[[30,0,["linkParams"]]]]]],[12],[1,"\\n "],[1,[30,1,["Name"]]],[1,"\\n "],[13],[1,"\\n"]],[]],[[[1," "],[10,2],[12],[1,"\\n "],[1,[30,1,["Name"]]],[1,"\\n "],[13],[1,"\\n"]],[]]]],[]]]]],[1,"\\n"],[8,[39,0],null,[["@name"],["details"]],[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@item"],[[30,1]]],null],[1,"\\n "],[8,[39,6],null,[["@item"],[[30,1]]],null],[1,"\\n"],[41,[28,[37,7],[[28,[37,8],[[30,1,["InstanceCount"]],0],null],[28,[37,7],[[28,[37,8],[[30,1,["Kind"]],"terminating-gateway"],null],[28,[37,8],[[30,1,["Kind"]],"ingress-gateway"],null]],null]],null],[[[1," "],[10,1],[12],[1,"\\n "],[1,[28,[35,9],[[30,1,["InstanceCount"]]],null]],[1,"\\n "],[1,[28,[35,10],[[30,1,["InstanceCount"]],"instance"],[["without-count"],[true]]]],[1,"\\n "],[13],[1,"\\n"]],[]],null],[41,[51,[30,2]],[[[1," "],[8,[39,12],null,[["@item","@nspace","@partition"],[[30,1],[30,3],[30,4]]],null],[1,"\\n"]],[]],null],[41,[28,[37,13],[[30,1,["Kind"]],"terminating-gateway"],null],[[[1," "],[10,1],[12],[1,"\\n "],[1,[28,[35,9],[[30,1,["GatewayConfig","AssociatedServiceCount"]]],null]],[1,"\\n "],[1,[28,[35,10],[[30,1,["GatewayConfig","AssociatedServiceCount"]],"linked service"],[["without-count"],[true]]]],[1,"\\n "],[13],[1,"\\n"]],[]],[[[41,[28,[37,13],[[30,1,["Kind"]],"ingress-gateway"],null],[[[1," "],[10,1],[12],[1,"\\n "],[1,[28,[35,9],[[30,1,["GatewayConfig","AssociatedServiceCount"]]],null]],[1,"\\n "],[1,[28,[35,10],[[30,1,["GatewayConfig","AssociatedServiceCount"]],"upstream"],[["without-count"],[true]]]],[1,"\\n "],[13],[1,"\\n "]],[]],null]],[]]],[41,[28,[37,14],[[30,1,["ConnectedWithGateway"]],[30,1,["ConnectedWithProxy"]]],null],[[[1," "],[10,"dl"],[14,0,"mesh"],[12],[1,"\\n "],[10,"dt"],[12],[1,"\\n "],[8,[39,1],null,null,[["default"],[[[[1,"\\n This service uses a proxy for the Consul service mesh\\n "]],[]]]]],[1,"\\n "],[13],[1,"\\n"],[41,[28,[37,7],[[30,1,["ConnectedWithGateway"]],[30,1,["ConnectedWithProxy"]]],null],[[[1," "],[10,"dd"],[12],[1,"\\n in service mesh with proxy and gateway\\n "],[13],[1,"\\n"]],[]],[[[41,[30,1,["ConnectedWithProxy"]],[[[1," "],[10,"dd"],[12],[1,"\\n in service mesh with proxy\\n "],[13],[1,"\\n"]],[]],[[[41,[30,1,["ConnectedWithGateway"]],[[[1," "],[10,"dd"],[12],[1,"\\n in service mesh with gateway\\n "],[13],[1,"\\n "]],[]],null]],[]]]],[]]],[1," "],[13],[1,"\\n"]],[]],null],[1," "],[8,[39,15],null,[["@item"],[[30,1]]],null],[1,"\\n"]],[]]]]]],["@item","@isPeerDetail","@nspace","@partition"],false,["block-slot","tooltip","if","gt","href-to","consul/kind","consul/external-source","and","not-eq","format-number","pluralize","unless","consul/bucket/list","eq","or","tag-list"]]',moduleName:"consul-ui/components/consul/service/list/item/index.hbs",isStrictMode:!1}) +class i extends l.default{get linkParams(){const e={} +return this.args.item.Partition&&this.args.partition!==this.args.item.Partition?(e.partition=this.args.item.Partition,e.nspace=this.args.Namespace):this.args.item.Namespace&&this.args.nspace!==this.args.item.Namespace&&(e.nspace=this.args.item.Namespace),this.args.item.PeerName&&(e.peer=this.args.item.PeerName),e}}e.default=i,(0,t.setComponentTemplate)(r,i)})),define("consul-ui/components/consul/service/search-bar/index",["exports","@ember/component","@ember/template-factory","@glimmer/component"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const r=(0,n.createTemplateFactory)({id:"4sJ6oMs1",block:'[[[1,"\\n"],[8,[39,0],[[24,0,"consul-service-search-bar"],[17,1]],[["@filter"],[[30,2]]],[["status","search","filter","sort"],[[[[1,"\\n\\n"],[44,[[28,[37,2],[[28,[37,3],["components.consul.service.search-bar.",[30,3,["status","key"]]],null]],[["default"],[[28,[37,4],[[28,[37,3],["common.search.",[30,3,["status","key"]]],null],[28,[37,3],["common.consul.",[30,3,["status","key"]]],null]],null]]]],[28,[37,2],[[28,[37,3],["components.consul.service.search-bar.",[30,3,["status","value"]]],null]],[["default"],[[28,[37,4],[[28,[37,3],["common.search.",[30,3,["status","value"]]],null],[28,[37,3],["common.consul.",[30,3,["status","value"]]],null],[28,[37,3],["common.brand.",[30,3,["status","value"]]],null]],null]]]]],[[[1," "],[8,[30,3,["RemoveFilter"]],[[16,"aria-label",[28,[37,2],["common.ui.remove"],[["item"],[[28,[37,3],[[30,4]," ",[30,5]],null]]]]]],null,[["default"],[[[[1,"\\n "],[10,"dl"],[12],[1,"\\n "],[10,"dt"],[12],[1,[30,4]],[13],[1,"\\n "],[10,"dd"],[12],[1,[30,5]],[13],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n"]],[4,5]]],[1,"\\n "]],[3]],[[[1,"\\n "],[8,[30,6,["Search"]],null,[["@onsearch","@value","@placeholder"],[[28,[37,5],[[30,0],[30,7]],null],[30,8],[28,[37,2],["common.search.search"],null]]],[["default"],[[[[1,"\\n "],[8,[30,6,["Select"]],[[24,0,"type-search-properties"]],[["@position","@onchange","@multiple","@required"],["right",[28,[37,5],[[30,0],[30,2,["searchproperty","change"]]],null],true,true]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n "],[1,[28,[35,2],["common.search.searchproperty"],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,9,["Optgroup"]],[30,9,["Option"]]],[[[42,[28,[37,8],[[28,[37,8],[[30,2,["searchproperty","default"]]],null]],null],null,[[[1," "],[8,[30,11],null,[["@value","@selected"],[[30,12],[28,[37,9],[[30,12],[30,2,["searchproperty","value"]]],null]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],[[28,[37,3],["common.consul.",[28,[37,10],[[30,12]],null]],null]],null]],[1,"\\n "]],[]]]]],[1,"\\n"]],[12]],null]],[10,11]]],[1," "]],[]]]]],[1,"\\n "]],[9]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[6]],[[[1,"\\n "],[8,[30,13,["Select"]],[[24,0,"type-status"]],[["@position","@onchange","@multiple"],["left",[28,[37,5],[[30,0],[30,2,["status","change"]]],null],true]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n "],[1,[28,[35,2],["common.consul.status"],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,14,["Optgroup"]],[30,14,["Option"]]],[[[42,[28,[37,8],[[28,[37,8],[[30,0,["healthStates"]]],null]],null],null,[[[1," "],[8,[30,16],[[16,0,[29,["value-",[30,17]]]]],[["@value","@selected"],[[30,17],[28,[37,9],[[30,17],[30,2,["status","value"]]],null]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],[[28,[37,3],["common.consul.",[30,17]],null]],[["default"],[[28,[37,4],[[28,[37,3],["common.search.",[30,17]],null]],null]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[17]],null]],[15,16]]],[1," "]],[]]]]],[1,"\\n "]],[14]]]]],[1,"\\n "],[8,[30,13,["Select"]],null,[["@position","@onchange","@multiple"],["left",[28,[37,5],[[30,0],[30,2,["kind","change"]]],null],true]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n "],[1,[28,[35,2],["components.consul.service.search-bar.kind"],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,18,["Optgroup"]],[30,18,["Option"]]],[[[1," "],[8,[30,20],null,[["@value","@selected"],["service",[28,[37,9],["service",[30,2,["kind","value"]]],null]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],["common.consul.service"],null]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[30,19],null,[["@label"],[[28,[37,2],["common.consul.gateway"],null]]],[["default"],[[[[1,"\\n"],[42,[28,[37,8],[[28,[37,8],[[28,[37,4],["api-gateway","ingress-gateway","terminating-gateway","mesh-gateway"],null]],null]],null],null,[[[1," "],[8,[30,20],null,[["@value","@selected"],[[30,21],[28,[37,9],[[30,21],[30,2,["kind","value"]]],null]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],[[28,[37,3],["common.consul.",[30,21]],null]],null]],[1,"\\n "]],[]]]]],[1,"\\n"]],[21]],null],[1," "]],[]]]]],[1,"\\n "],[8,[30,19],null,[["@label"],[[28,[37,2],["common.consul.mesh"],null]]],[["default"],[[[[1,"\\n"],[42,[28,[37,8],[[28,[37,8],[[28,[37,4],["in-mesh","not-in-mesh"],null]],null]],null],null,[[[1," "],[8,[30,20],null,[["@value","@selected"],[[30,22],[28,[37,9],[[30,22],[30,2,["kind","value"]]],null]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],[[28,[37,3],["common.search.",[30,22]],null]],null]],[1,"\\n "]],[]]]]],[1,"\\n"]],[22]],null],[1," "]],[]]]]],[1,"\\n"]],[19,20]]],[1," "]],[]]]]],[1,"\\n "]],[18]]]]],[1,"\\n"],[41,[28,[37,12],[[30,23,["length"]],0],null],[[[1," "],[8,[30,13,["Select"]],[[24,0,"type-source"]],[["@position","@onchange","@multiple"],["left",[28,[37,5],[[30,0],[30,2,["source","change"]]],null],true]],[["default"],[[[[1,"\\n "],[8,[39,13],null,[["@components","@filter","@sources"],[[30,24],[30,2],[30,0,["sortedSources"]]]],null],[1,"\\n "]],[24]]]]],[1,"\\n"]],[]],null],[1," "]],[13]],[[[1,"\\n "],[8,[30,25,["Select"]],[[24,0,"type-sort"]],[["@position","@onchange","@multiple","@required"],["right",[28,[37,5],[[30,0],[30,26,["change"]]],null],false,true]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["selected"]],[["default"],[[[[1,"\\n "],[10,1],[12],[1,"\\n"],[44,[[28,[37,14],[[28,[37,4],[[28,[37,4],["Name:asc",[28,[37,2],["common.sort.alpha.asc"],null]],null],[28,[37,4],["Name:desc",[28,[37,2],["common.sort.alpha.desc"],null]],null],[28,[37,4],["Status:asc",[28,[37,2],["common.sort.status.asc"],null]],null],[28,[37,4],["Status:desc",[28,[37,2],["common.sort.status.desc"],null]],null]],null]],null]],[[[1," "],[1,[28,[35,15],[[30,28],[30,26,["value"]]],null]],[1,"\\n"]],[28]]],[1," "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["options"]],[["default"],[[[[1,"\\n"],[44,[[30,27,["Optgroup"]],[30,27,["Option"]]],[[[1," "],[8,[30,29],null,[["@label"],[[28,[37,2],["common.consul.status"],null]]],[["default"],[[[[1,"\\n "],[8,[30,30],null,[["@value","@selected"],["Status:asc",[28,[37,16],["Status:asc",[30,26,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.status.asc"],null]]],[]]]]],[1,"\\n "],[8,[30,30],null,[["@value","@selected"],["Status:desc",[28,[37,16],["Status:desc",[30,26,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.status.desc"],null]]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[30,29],null,[["@label"],[[28,[37,2],["common.consul.service-name"],null]]],[["default"],[[[[1,"\\n "],[8,[30,30],null,[["@value","@selected"],["Name:asc",[28,[37,16],["Name:asc",[30,26,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.alpha.asc"],null]]],[]]]]],[1,"\\n "],[8,[30,30],null,[["@value","@selected"],["Name:desc",[28,[37,16],["Name:desc",[30,26,["value"]]],null]]],[["default"],[[[[1,[28,[35,2],["common.sort.alpha.desc"],null]]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[29,30]]],[1," "]],[]]]]],[1,"\\n "]],[27]]]]],[1,"\\n "]],[25]]]]],[1,"\\n"]],["&attrs","@filter","search","key","value","search","@onsearch","@search","components","Optgroup","Option","prop","search","components","Optgroup","Option","state","components","Optgroup","Option","kind","state","@sources","components","search","@sort","components","selectable","Optgroup","Option"],false,["search-bar","let","t","concat","array","action","block-slot","each","-track-array","includes","lowercase","if","gt","consul/sources-select","from-entries","get","eq"]]',moduleName:"consul-ui/components/consul/service/search-bar/index.hbs",isStrictMode:!1}) class i extends l.default{get healthStates(){return this.args.peer?["passing","warning","critical","unknown","empty"]:["passing","warning","critical","empty"]}get sortedSources(){const e=this.args.sources||[] return e.unshift(["consul"]),e.includes("consul-api-gateway")?[...e.filter((e=>"consul-api-gateway"!==e)),"consul-api-gateway"]:e}}e.default=i,(0,t.setComponentTemplate)(r,i)})),define("consul-ui/components/consul/source/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 @@ -1198,11 +1201,11 @@ try{this.form=this.builder.form(this.type)}catch(e){}},willRender:function(){thi return(0,o.isChangeset)(e)||void 0===this.form||(t=this.form.setData(e).getData()),(0,r.get)(e,"isNew")&&((0,r.set)(this,"create",!0),t=Object.entries(this.autofill||{}).reduce((function(e,t){let[n,l]=t return(0,r.set)(e,n,l),e}),t)),(0,r.set)(this,"data",t),this.data},change:function(e,t,n){this.onchange(this.dom.normalizeEvent(e,t),this.form,this.form.getData())}}})) e.default=u})),define("consul-ui/components/data-loader/chart.xstate",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -e.default={id:"data-loader",initial:"load",on:{OPEN:{target:"load"},ERROR:{target:"disconnected"},LOAD:[{target:"idle",cond:"loaded"},{target:"loading"}]},states:{load:{},loading:{on:{SUCCESS:{target:"idle"},ERROR:{target:"error"}}},idle:{},error:{on:{RETRY:{target:"load"}}},disconnected:{on:{RETRY:{target:"load"}}}}}})),define("consul-ui/components/data-loader/index",["exports","@ember/component","@ember/template-factory","@ember/object","block-slots","consul-ui/components/data-loader/chart.xstate"],(function(e,t,n,l,r,i){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default={id:"data-loader",initial:"load",on:{OPEN:{target:"load"},ERROR:{target:"disconnected"},LOAD:[{target:"idle",cond:"loaded"},{target:"loading"}]},states:{load:{},loading:{on:{SUCCESS:{target:"idle"},ERROR:{target:"error"}}},idle:{},error:{on:{RETRY:{target:"load"}}},disconnected:{on:{RETRY:{target:"load"}}}}}})) +define("consul-ui/components/data-loader/index",["exports","@ember/component","@ember/template-factory","@ember/object","block-slots","consul-ui/components/data-loader/chart.xstate"],(function(e,t,n,l,r,i){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const o=(0,n.createTemplateFactory)({id:"FfdegZAa",block:'[[[1,"\\n"],[18,9,null],[1,"\\n"],[8,[39,1],null,[["@src"],[[99,2,["@src"]]]],[["default"],[[[[1,"\\n "],[8,[39,3],null,[["@target","@name","@value"],[[30,0],"dispatch",[30,4]]],null],[1,"\\n "],[8,[30,2],null,[["@name","@cond"],["loaded",[28,[37,4],[[30,0],"isLoaded"],null]]],null],[1,"\\n\\n\\n"],[44,[[28,[37,6],null,[["data","error","invalidate","dispatchError"],[[33,7],[33,8],[30,0,["invalidate"]],[28,[37,9],[[28,[37,4],[[30,0],[28,[37,10],[[33,8]],null]],[["value"],["error.errors.firstObject"]]],[28,[37,4],[[30,0],[30,4],"ERROR"],null]],null]]]]],[[[1,"\\n"],[6,[39,11],null,[["name"],["data"]],[["default","else"],[[[[1," "],[18,9,[[30,6]]],[1,"\\n"]],[]],[[[41,[28,[37,13],[[33,14]],null],[[[1," "],[8,[30,1],null,[["@notMatches"],[[28,[37,15],["error","disconnected"],null]]],[["default"],[[[[1,"\\n"],[41,[28,[37,16],[[33,17],[28,[37,18],[[28,[37,13],[[33,19]],null],[28,[37,20],[[30,5],"loading"],null]],null]],null],[[[1," "],[8,[39,21],null,[["@open","@src","@onchange","@onerror"],[[99,22,["@open"]],[99,17,["@src"]],[28,[37,9],[[28,[37,4],[[30,0],"change"],[["value"],["data"]]],[28,[37,4],[[30,0],[30,4],"SUCCESS"],null]],null],[30,6,["dispatchError"]]]],[["default"],[[[[1,"\\n "],[1,[28,[35,23],[[28,[37,24],[[30,0],"invalidate",[30,7,["invalidate"]]],null]],null]],[1,"\\n "]],[7]]]]],[1,"\\n"]],[]],null],[1," "]],[]]]]],[1,"\\n"]],[]],null]],[]]]]],[1,"\\n "],[8,[30,1],null,[["@matches"],["loading"]],[["default"],[[[[1,"\\n"],[6,[39,11],null,[["name"],["loading"]],[["default","else"],[[[[1," "],[18,9,[[30,6]]],[1,"\\n"]],[]],[[[1," "],[8,[39,25],null,null,null],[1,"\\n"]],[]]]]],[1," "]],[]]]]],[1,"\\n\\n "],[8,[30,1],null,[["@matches"],["error"]],[["default"],[[[[1,"\\n"],[6,[39,11],null,[["name"],["error"]],[["default","else"],[[[[1," "],[18,9,[[30,6]]],[1,"\\n"]],[]],[[[1," "],[8,[39,26],null,[["@error"],[[99,8,["@error"]]]],null],[1,"\\n"]],[]]]]],[1," "]],[]]]]],[1,"\\n\\n "],[8,[30,1],null,[["@matches"],[[28,[37,15],["idle","disconnected"],null]]],[["default"],[[[[1,"\\n\\n "],[8,[30,1],null,[["@matches"],["disconnected"]],[["default"],[[[[1,"\\n"],[41,[28,[37,13],[[28,[37,27],[[33,8,["status"]],"401"],null]],null],[[[6,[39,11],null,[["name","params"],["disconnected",[28,[37,28],[[28,[37,4],[[30,0],[30,4],"RESET"],null]],null]]],[["default","else"],[[[[1," "],[18,9,[[30,6]]],[1,"\\n"]],[]],[[[1," "],[8,[39,29],[[4,[38,30],null,[["sticky"],[true]]]],[["@color"],["warning"]],[["default"],[[[[1,"\\n "],[8,[30,8,["Title"]],null,null,[["default"],[[[[1,"Warning!"]],[]]]]],[1,"\\n "],[8,[30,8,["Description"]],null,null,[["default"],[[[[1,"An error was returned whilst loading this data, refresh to try again."]],[]]]]],[1,"\\n "]],[8]]]]],[1,"\\n"]],[]]]]]],[]],null],[1," "]],[]]]]],[1,"\\n"],[41,[28,[37,27],[[33,8,["status"]],"403"],null],[[[6,[39,11],null,[["name"],["error"]],[["default","else"],[[[[1," "],[18,9,[[30,6]]],[1,"\\n"]],[]],[[[1," "],[8,[39,26],null,[["@error"],[[99,8,["@error"]]]],null],[1,"\\n"]],[]]]]]],[]],[[[1," "],[8,[39,11],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n "],[18,9,[[30,6]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]]],[1,"\\n "]],[]]]]],[1,"\\n\\n"]],[6]]],[1," "],[1,[28,[35,31],[[28,[37,32],[[30,4],"LOAD"],null]],[["src"],[[33,17]]]]],[1,"\\n"]],[1,2,3,4,5]]]]]],["State","Guard","Action","dispatch","state","api","source","T","&default"],false,["yield","state-chart","chart","ref","action","let","hash","data","error","queue","mut","yield-slot","if","not","items","array","and","src","or","once","state-matches","data-source","open","did-insert","set","consul/loader","error-state","eq","block-params","hds/toast","notification","did-update","fn"]]',moduleName:"consul-ui/components/data-loader/index.hbs",isStrictMode:!1}) var a=(0,t.setComponentTemplate)(o,t.default.extend(r.default,{tagName:"",onchange:e=>e,init:function(){this._super(...arguments),this.chart=i.default},didReceiveAttrs:function(){this._super(...arguments),void 0!==this.items&&this.send("change",this.items)},didInsertElement:function(){this._super(...arguments),this.dispatch("LOAD")},actions:{isLoaded:function(){return void 0!==this.items||void 0===this.src},change:function(e){(0,l.set)(this,"data",this.onchange(e))}}})) -e.default=a})) -define("consul-ui/components/data-sink/index",["exports","@ember/component","@ember/template-factory","@ember/service","@ember/object","consul-ui/utils/dom/event-source"],(function(e,t,n,l,r,i){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=a})),define("consul-ui/components/data-sink/index",["exports","@ember/component","@ember/template-factory","@ember/service","@ember/object","consul-ui/utils/dom/event-source"],(function(e,t,n,l,r,i){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const o=(0,n.createTemplateFactory)({id:"hxJqQ0VJ",block:'[[[1,"\\n"],[18,1,[[28,[37,1],null,[["open","state"],[[28,[37,2],[[30,0],"open"],null],[33,3]]]]]],[1,"\\n"]],["&default"],false,["yield","hash","action","state"]]',moduleName:"consul-ui/components/data-sink/index.hbs",isStrictMode:!1}) var a=(0,t.setComponentTemplate)(o,t.default.extend({tagName:"",service:(0,l.inject)("data-sink/service"),dom:(0,l.inject)("dom"),logger:(0,l.inject)("logger"),onchange:function(e){},onerror:function(e){},state:(0,r.computed)("instance","instance.{dirtyType,isSaving}",(function(){let e const t=(0,r.get)(this,"instance.isSaving"),n=(0,r.get)(this,"instance.dirtyType") @@ -1311,18 +1314,18 @@ function o(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const a=(0,n.createTemplateFactory)({id:"QsBvWU14",block:'[[[1,"\\n"],[11,0],[24,0,"freetext-filter"],[17,1],[12],[1,"\\n "],[10,"label"],[14,0,"type-search"],[12],[1,"\\n "],[10,1],[14,0,"freetext-filter_label"],[12],[1,"Search"],[13],[1,"\\n "],[10,"input"],[14,0,"freetext-filter_input"],[15,"onsearch",[28,[37,0],[[30,0],[30,0,["change"]]],null]],[15,"oninput",[28,[37,0],[[30,0],[30,0,["change"]]],null]],[15,"onkeydown",[28,[37,0],[[30,0],[30,0,["keydown"]]],null]],[14,3,"s"],[15,2,[30,2]],[15,"placeholder",[30,0,["placeholder"]]],[14,"autofocus","autofocus"],[14,4,"search"],[12],[13],[1,"\\n "],[13],[1,"\\n "],[18,3,null],[1,"\\n"],[13]],["&attrs","@value","&default"],false,["action","yield"]]',moduleName:"consul-ui/components/freetext-filter/index.hbs",isStrictMode:!1}) let u=(o((i=class extends l.default{get placeholder(){return this.args.placeholder||"Search"}get onsearch(){return this.args.onsearch||(()=>{})}change(e){this.onsearch(e)}keydown(e){13===e.keyCode&&e.preventDefault()}}).prototype,"change",[r.action],Object.getOwnPropertyDescriptor(i.prototype,"change"),i.prototype),o(i.prototype,"keydown",[r.action],Object.getOwnPropertyDescriptor(i.prototype,"keydown"),i.prototype),i) -e.default=u,(0,t.setComponentTemplate)(a,u)})),define("consul-ui/components/hashicorp-consul/index",["exports","@ember/component","@ember/template-factory","@glimmer/component","@ember/service"],(function(e,t,n,l,r){var i,o,a -Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -const u=(0,n.createTemplateFactory)({id:"xnhilElo",block:'[[[1,"\\n"],[8,[39,0],[[24,0,"hashicorp-consul"],[17,1]],null,[["notifications","side-nav","main"],[[[[1,"\\n"],[42,[28,[37,2],[[28,[37,2],[[33,3,["queue"]]],null]],null],null,[[[1," "],[8,[30,2,["Notification"]],null,[["@delay","@sticky"],[[28,[37,4],[[30,3,["timeout"]],[30,3,["extendedTimeout"]]],null],[30,3,["sticky"]]]],[["default"],[[[[1,"\\n"],[41,[30,3,["dom"]],[[[1," "],[2,[30,3,["dom"]]],[1,"\\n"]],[]],[[[44,[[28,[37,7],[[30,3,["type"]]],null],[28,[37,7],[[30,3,["action"]]],null]],[[[1," "],[8,[39,8],[[24,"data-notification",""]],[["@color"],[[52,[28,[37,9],[[30,4],"error"],null],"critical",[30,4]]]],[["default"],[[[[1,"\\n "],[8,[30,6,["Title"]],null,null,[["default"],[[[[1,[28,[35,10],[[30,4]],null]],[1,"!"]],[]]]]],[1,"\\n "],[8,[30,6,["Description"]],null,null,[["default"],[[[[1,"\\n"],[41,[28,[37,9],[[30,5],"logout"],null],[[[41,[28,[37,9],[[30,4],"success"],null],[[[1," "],[1,[28,[35,11],["components.hashicorp-consul.notifications.logged-out"],null]],[1,"\\n"]],[]],[[[1," "],[1,[28,[35,11],["components.hashicorp-consul.notifications.logged-out-error"],null]],[1,"\\n"]],[]]]],[]],[[[41,[28,[37,9],[[30,5],"authorize"],null],[[[41,[28,[37,9],[[30,4],"success"],null],[[[1," "],[1,[28,[35,11],["components.hashicorp-consul.notifications.logged-in"],null]],[1,"\\n"]],[]],[[[1," "],[1,[28,[35,11],["components.hashicorp-consul.notifications.logged-in-error"],null]],[1,"\\n"]],[]]]],[]],[[[41,[28,[37,12],[[28,[37,9],[[30,5],"use"],null],[28,[37,9],[[30,3,["model"]],"token"],null]],null],[[[1," "],[8,[39,13],null,[["@type","@status","@item","@error"],[[30,5],[30,4],[30,3,["item"]],[30,3,["error"]]]],null],[1,"\\n"]],[]],[[[41,[28,[37,9],[[30,3,["model"]],"intention"],null],[[[1," "],[8,[39,14],null,[["@type","@status","@item","@error"],[[30,5],[30,4],[30,3,["item"]],[30,3,["error"]]]],null],[1,"\\n"]],[]],[[[41,[28,[37,9],[[30,3,["model"]],"role"],null],[[[1," "],[8,[39,15],null,[["@type","@status","@item","@error"],[[30,5],[30,4],[30,3,["item"]],[30,3,["error"]]]],null],[1,"\\n"]],[]],[[[41,[28,[37,9],[[30,3,["model"]],"policy"],null],[[[1," "],[8,[39,16],null,[["@type","@status","@item","@error"],[[30,5],[30,4],[30,3,["item"]],[30,3,["error"]]]],null],[1,"\\n "]],[]],null]],[]]]],[]]]],[]]],[1," "]],[]]]],[]]],[1," "]],[]]]]],[1,"\\n "]],[6]]]]],[1,"\\n\\n"]],[4,5]]]],[]]],[1," "]],[]]]]],[1,"\\n"]],[3]],null],[1,"\\n "]],[2]],[[[1,"\\n "],[8,[39,17],[[24,0,"consul-side-nav"]],[["@isResponsive"],[false]],[["header","body","footer"],[[[[1,"\\n "],[8,[39,18],null,null,[["logo","actions"],[[[[1,"\\n "],[8,[39,19],null,[["@icon","@ariaLabel","@href","@isHrefExternal"],["consul-color","Consul",[28,[37,20],["index"],[["params"],[[28,[37,21],null,[["peer"],[[27]]]]]]],false]],null],[1,"\\n "]],[]],[[[1,"\\n "],[8,[39,22],[[24,0,"hds-side-nav__dropdown"]],[["@listPosition"],["bottom-left"]],[["default"],[[[[1,"\\n "],[8,[30,7,["ToggleIcon"]],null,[["@icon","@text"],["help","Help & Support menu"]],null],[1,"\\n "],[8,[39,23],null,[["@dropdown"],[[30,7]]],null],[1,"\\n "],[8,[30,7,["Interactive"]],null,[["@href","@isHrefExternal","@text"],[[28,[37,24],["CONSUL_DOCS_URL"],null],true,[28,[37,11],["components.hashicorp-consul.side-nav.support-menu.docs"],null]]],null],[1,"\\n "],[8,[30,7,["Interactive"]],null,[["@href","@isHrefExternal","@text"],[[28,[37,25],[[28,[37,24],["CONSUL_DOCS_LEARN_URL"],null],"/consul"],null],true,[28,[37,11],["components.hashicorp-consul.side-nav.support-menu.tutorials"],null]]],null],[1,"\\n "],[8,[30,7,["Interactive"]],null,[["@href","@isHrefExternal","@text"],[[28,[37,24],["CONSUL_REPO_ISSUES_URL"],null],true,[28,[37,11],["components.hashicorp-consul.side-nav.support-menu.feedback"],null]]],null],[1,"\\n "]],[7]]]]],[1,"\\n\\n "],[8,[39,26],null,[["@dc","@partition","@nspace","@onchange"],[[30,8],[30,9],[30,10],[30,11]]],[["default"],[[[[1,"\\n "],[8,[39,27],null,[["@target","@name","@value"],[[30,0],"tokenSelector",[30,12]]],null],[1,"\\n "]],[12]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[]],[[[1,"\\n "],[8,[39,28],[[24,0,"hds-side-nav-hide-when-minimized consul-side-nav__selector-group"]],null,[["default"],[[[[1,"\\n "],[8,[39,29],null,[["@list"],[[30,13]]],null],[1,"\\n "],[8,[39,30],null,[["@list","@dc","@partition","@nspace","@dcs"],[[30,13],[30,8],[30,9],[30,10],[30,14]]],null],[1,"\\n\\n "],[8,[39,31],null,[["@dc","@partition","@nspace","@partitions","@list","@onchange"],[[30,8],[30,9],[30,10],[30,0,["partitions"]],[30,13],[28,[37,32],[[30,0],[28,[37,33],[[30,0,["partitions"]]],null]],[["value"],["data"]]]]],null],[1,"\\n "],[8,[39,34],null,[["@list","@dc","@partition","@nspace","@nspaces","@onchange"],[[30,13],[30,8],[30,9],[30,10],[30,0,["nspaces"]],[28,[37,32],[[30,0],[28,[37,33],[[30,0,["nspaces"]]],null]],[["value"],["data"]]]]],null],[1,"\\n "]],[13]]]]],[1,"\\n "],[8,[39,28],[[24,0,"hds-side-nav-hide-when-minimized"]],null,[["default"],[[[[1,"\\n"],[41,[28,[37,35],["access overview"],null],[[[1," "],[8,[30,15,["Link"]],null,[["@text","@route","@models","@query","@isActive"],[[28,[37,11],["components.hashicorp-consul.side-nav.overview"],null],"dc.show",[28,[37,36],[[30,8,["Name"]]],null],[28,[37,21],null,[["peer"],[[27]]]],[28,[37,37],["dc.show",[30,8,["Name"]]],null]]],null],[1,"\\n"]],[]],null],[41,[28,[37,35],["read services"],null],[[[1," "],[8,[30,15,["Link"]],null,[["@text","@href","@isHrefExternal","@isActive"],[[28,[37,11],["components.hashicorp-consul.side-nav.services"],null],[28,[37,20],["dc.services",[30,8,["Name"]]],[["params"],[[28,[37,21],null,[["peer"],[[27]]]]]]],false,[28,[37,37],["dc.services",[30,8,["Name"]]],null]]],null],[1,"\\n"]],[]],null],[41,[28,[37,35],["read nodes"],null],[[[1," "],[8,[30,15,["Link"]],null,[["@text","@href","@isHrefExternal","@isActive"],[[28,[37,11],["components.hashicorp-consul.side-nav.nodes"],null],[28,[37,20],["dc.nodes",[30,8,["Name"]]],[["params"],[[28,[37,21],null,[["peer"],[[27]]]]]]],false,[28,[37,37],["dc.nodes",[30,8,["Name"]]],null]]],null],[1,"\\n"]],[]],null],[41,[28,[37,35],["read kv"],null],[[[1," "],[8,[30,15,["Link"]],null,[["@text","@href","@isHrefExternal","@isActive"],[[28,[37,11],["components.hashicorp-consul.side-nav.kv"],null],[28,[37,20],["dc.kv",[30,8,["Name"]]],[["params"],[[28,[37,21],null,[["peer"],[[27]]]]]]],false,[28,[37,37],["dc.kv",[30,8,["Name"]]],null]]],null],[1,"\\n"]],[]],null],[41,[28,[37,35],["read intentions"],null],[[[1," "],[8,[30,15,["Link"]],null,[["@text","@href","@isHrefExternal","@isActive"],[[28,[37,11],["components.hashicorp-consul.side-nav.intentions"],null],[28,[37,20],["dc.intentions",[30,8,["Name"]]],[["params"],[[28,[37,21],null,[["peer"],[[27]]]]]]],false,[28,[37,37],["dc.intentions",[30,8,["Name"]]],null]]],null],[1,"\\n"]],[]],null],[1,"\\n "],[8,[39,38],null,[["@dc","@partition","@nspace","@list"],[[30,8],[30,9],[30,10],[30,15]]],null],[1,"\\n "],[8,[39,39],null,[["@dc","@partition","@nspace","@list"],[[30,8],[30,9],[30,10],[30,15]]],null],[1,"\\n "]],[15]]]]],[1,"\\n "]],[]],[[[1,"\\n "],[10,"footer"],[14,"role","contentinfo"],[12],[1,"\\n "],[8,[39,40],[[24,0,"hds-side-nav-hide-when-minimized"]],[["@size","@color"],["100","disabled"]],[["default"],[[[[1,"\\n "],[1,[28,[35,11],["components.hashicorp-consul.side-nav.footer"],[["version"],[[28,[37,24],["CONSUL_VERSION"],null]]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[2,[28,[37,25],["\x3c!-- ",[28,[37,24],["CONSUL_GIT_SHA"],null],"--\x3e"],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]],[[[1,"\\n "],[18,16,[[28,[37,21],null,[["login"],[[52,[30,0,["tokenSelector"]],[30,0,["tokenSelector"]],[28,[37,21],null,[["open","close"],[[27],[27]]]]]]]]]],[1,"\\n "]],[]]]]]],["&attrs","app","flash","status","type","T","dd","@dc","@partition","@nspace","@onchange","selector","SNL","@dcs","SNL","&default"],false,["app","each","-track-array","flashMessages","sub","if","let","lowercase","hds/toast","eq","capitalize","t","or","consul/token/notifications","consul/intention/notifications","consul/role/notifications","consul/policy/notifications","hds/side-nav","hds/side-nav/header","hds/side-nav/header/home-link","href-to","hash","hds/dropdown","debug/navigation","env","concat","consul/token/selector","ref","hds/side-nav/list","consul/hcp/home","consul/datacenter/selector","consul/partition/selector","action","mut","consul/nspace/selector","can","array","is-href","consul/acl/selector","consul/peer/selector","hds/text/display","yield"]]',moduleName:"consul-ui/components/hashicorp-consul/index.hbs",isStrictMode:!1}) -let s=(i=(0,r.inject)("flashMessages"),o=class extends l.default{constructor(){var e,t,n,l -super(...arguments),e=this,t="flashMessages",l=this,(n=a)&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}},c=o.prototype,d="flashMessages",p=[i],f={configurable:!0,enumerable:!0,writable:!0,initializer:null},h={},Object.keys(f).forEach((function(e){h[e]=f[e]})),h.enumerable=!!h.enumerable,h.configurable=!!h.configurable,("value"in h||h.initializer)&&(h.writable=!0),h=p.slice().reverse().reduce((function(e,t){return t(c,d,e)||e}),h),m&&void 0!==h.initializer&&(h.value=h.initializer?h.initializer.call(m):void 0,h.initializer=void 0),void 0===h.initializer&&(Object.defineProperty(c,d,h),h=null),a=h,o) -var c,d,p,f,m,h -e.default=s,(0,t.setComponentTemplate)(u,s)})) -define("consul-ui/components/hds/accordion/index",["exports","@hashicorp/design-system-components/components/hds/accordion/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/accordion/item/button",["exports","@hashicorp/design-system-components/components/hds/accordion/item/button"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/accordion/item/index",["exports","@hashicorp/design-system-components/components/hds/accordion/item/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/alert/description",["exports","@hashicorp/design-system-components/components/hds/alert/description"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/alert/index",["exports","@hashicorp/design-system-components/components/hds/alert/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/alert/title",["exports","@hashicorp/design-system-components/components/hds/alert/title"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/copyright",["exports","@hashicorp/design-system-components/components/hds/app-footer/copyright"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/index",["exports","@hashicorp/design-system-components/components/hds/app-footer/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/item",["exports","@hashicorp/design-system-components/components/hds/app-footer/item"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/legal-links",["exports","@hashicorp/design-system-components/components/hds/app-footer/legal-links"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/link",["exports","@hashicorp/design-system-components/components/hds/app-footer/link"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/status-link",["exports","@hashicorp/design-system-components/components/hds/app-footer/status-link"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/index",["exports","@hashicorp/design-system-components/components/hds/app-frame/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/parts/footer",["exports","@hashicorp/design-system-components/components/hds/app-frame/parts/footer"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/parts/header",["exports","@hashicorp/design-system-components/components/hds/app-frame/parts/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/parts/main",["exports","@hashicorp/design-system-components/components/hds/app-frame/parts/main"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/parts/modals",["exports","@hashicorp/design-system-components/components/hds/app-frame/parts/modals"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/parts/sidebar",["exports","@hashicorp/design-system-components/components/hds/app-frame/parts/sidebar"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/application-state/body",["exports","@hashicorp/design-system-components/components/hds/application-state/body"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/application-state/footer",["exports","@hashicorp/design-system-components/components/hds/application-state/footer"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/application-state/header",["exports","@hashicorp/design-system-components/components/hds/application-state/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/application-state/index",["exports","@hashicorp/design-system-components/components/hds/application-state/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/avatar/index",["exports","@hashicorp/design-system-components/components/hds/avatar/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/badge-count/index",["exports","@hashicorp/design-system-components/components/hds/badge-count/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/badge/index",["exports","@hashicorp/design-system-components/components/hds/badge/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/breadcrumb/index",["exports","@hashicorp/design-system-components/components/hds/breadcrumb/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/breadcrumb/item",["exports","@hashicorp/design-system-components/components/hds/breadcrumb/item"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/breadcrumb/truncation",["exports","@hashicorp/design-system-components/components/hds/breadcrumb/truncation"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/button-set/index",["exports","@hashicorp/design-system-components/components/hds/button-set/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/button/index",["exports","@hashicorp/design-system-components/components/hds/button/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) -define("consul-ui/components/hds/card/container",["exports","@hashicorp/design-system-components/components/hds/card/container"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/copy/button/index",["exports","@hashicorp/design-system-components/components/hds/copy/button/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/copy/snippet/index",["exports","@hashicorp/design-system-components/components/hds/copy/snippet/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/disclosure-primitive/index",["exports","@hashicorp/design-system-components/components/hds/disclosure-primitive/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dismiss-button/index",["exports","@hashicorp/design-system-components/components/hds/dismiss-button/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/footer",["exports","@hashicorp/design-system-components/components/hds/dropdown/footer"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/header",["exports","@hashicorp/design-system-components/components/hds/dropdown/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/index",["exports","@hashicorp/design-system-components/components/hds/dropdown/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/checkbox",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/checkbox"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/checkmark",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/checkmark"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/copy-item",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/copy-item"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/description",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/description"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/generic",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/generic"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/interactive",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/interactive"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/radio",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/radio"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/separator",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/separator"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/title",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/title"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/toggle/button",["exports","@hashicorp/design-system-components/components/hds/dropdown/toggle/button"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/toggle/chevron",["exports","@hashicorp/design-system-components/components/hds/dropdown/toggle/chevron"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/toggle/icon",["exports","@hashicorp/design-system-components/components/hds/dropdown/toggle/icon"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/flyout/body",["exports","@hashicorp/design-system-components/components/hds/flyout/body"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/flyout/description",["exports","@hashicorp/design-system-components/components/hds/flyout/description"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/flyout/footer",["exports","@hashicorp/design-system-components/components/hds/flyout/footer"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/flyout/header",["exports","@hashicorp/design-system-components/components/hds/flyout/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/flyout/index",["exports","@hashicorp/design-system-components/components/hds/flyout/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/checkbox/base",["exports","@hashicorp/design-system-components/components/hds/form/checkbox/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/checkbox/field",["exports","@hashicorp/design-system-components/components/hds/form/checkbox/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/checkbox/group",["exports","@hashicorp/design-system-components/components/hds/form/checkbox/group"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/error/index",["exports","@hashicorp/design-system-components/components/hds/form/error/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/error/message",["exports","@hashicorp/design-system-components/components/hds/form/error/message"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) -define("consul-ui/components/hds/form/field/index",["exports","@hashicorp/design-system-components/components/hds/form/field/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/fieldset/index",["exports","@hashicorp/design-system-components/components/hds/form/fieldset/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/file-input/base",["exports","@hashicorp/design-system-components/components/hds/form/file-input/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/file-input/field",["exports","@hashicorp/design-system-components/components/hds/form/file-input/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/helper-text/index",["exports","@hashicorp/design-system-components/components/hds/form/helper-text/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/indicator/index",["exports","@hashicorp/design-system-components/components/hds/form/indicator/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/label/index",["exports","@hashicorp/design-system-components/components/hds/form/label/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/legend/index",["exports","@hashicorp/design-system-components/components/hds/form/legend/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/masked-input/base",["exports","@hashicorp/design-system-components/components/hds/form/masked-input/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/masked-input/field",["exports","@hashicorp/design-system-components/components/hds/form/masked-input/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio-card/description",["exports","@hashicorp/design-system-components/components/hds/form/radio-card/description"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio-card/group",["exports","@hashicorp/design-system-components/components/hds/form/radio-card/group"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio-card/index",["exports","@hashicorp/design-system-components/components/hds/form/radio-card/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio-card/label",["exports","@hashicorp/design-system-components/components/hds/form/radio-card/label"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio/base",["exports","@hashicorp/design-system-components/components/hds/form/radio/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio/field",["exports","@hashicorp/design-system-components/components/hds/form/radio/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio/group",["exports","@hashicorp/design-system-components/components/hds/form/radio/group"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/select/base",["exports","@hashicorp/design-system-components/components/hds/form/select/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/select/field",["exports","@hashicorp/design-system-components/components/hds/form/select/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/text-input/base",["exports","@hashicorp/design-system-components/components/hds/form/text-input/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/text-input/field",["exports","@hashicorp/design-system-components/components/hds/form/text-input/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/textarea/base",["exports","@hashicorp/design-system-components/components/hds/form/textarea/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/textarea/field",["exports","@hashicorp/design-system-components/components/hds/form/textarea/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/toggle/base",["exports","@hashicorp/design-system-components/components/hds/form/toggle/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/toggle/field",["exports","@hashicorp/design-system-components/components/hds/form/toggle/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/toggle/group",["exports","@hashicorp/design-system-components/components/hds/form/toggle/group"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/visibility-toggle/index",["exports","@hashicorp/design-system-components/components/hds/form/visibility-toggle/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/icon-tile/index",["exports","@hashicorp/design-system-components/components/hds/icon-tile/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/interactive/index",["exports","@hashicorp/design-system-components/components/hds/interactive/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/link/inline",["exports","@hashicorp/design-system-components/components/hds/link/inline"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) -define("consul-ui/components/hds/link/standalone",["exports","@hashicorp/design-system-components/components/hds/link/standalone"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/menu-primitive/index",["exports","@hashicorp/design-system-components/components/hds/menu-primitive/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/modal/body",["exports","@hashicorp/design-system-components/components/hds/modal/body"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/modal/footer",["exports","@hashicorp/design-system-components/components/hds/modal/footer"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/modal/header",["exports","@hashicorp/design-system-components/components/hds/modal/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/modal/index",["exports","@hashicorp/design-system-components/components/hds/modal/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/actions",["exports","@hashicorp/design-system-components/components/hds/page-header/actions"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/badges",["exports","@hashicorp/design-system-components/components/hds/page-header/badges"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/description",["exports","@hashicorp/design-system-components/components/hds/page-header/description"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/index",["exports","@hashicorp/design-system-components/components/hds/page-header/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/subtitle",["exports","@hashicorp/design-system-components/components/hds/page-header/subtitle"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/title",["exports","@hashicorp/design-system-components/components/hds/page-header/title"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/compact/index",["exports","@hashicorp/design-system-components/components/hds/pagination/compact/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/info",["exports","@hashicorp/design-system-components/components/hds/pagination/info"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/nav/arrow",["exports","@hashicorp/design-system-components/components/hds/pagination/nav/arrow"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/nav/ellipsis",["exports","@hashicorp/design-system-components/components/hds/pagination/nav/ellipsis"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/nav/number",["exports","@hashicorp/design-system-components/components/hds/pagination/nav/number"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/numbered/index",["exports","@hashicorp/design-system-components/components/hds/pagination/numbered/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/size-selector",["exports","@hashicorp/design-system-components/components/hds/pagination/size-selector"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/reveal/index",["exports","@hashicorp/design-system-components/components/hds/reveal/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/reveal/toggle/button",["exports","@hashicorp/design-system-components/components/hds/reveal/toggle/button"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/segmented-group/index",["exports","@hashicorp/design-system-components/components/hds/segmented-group/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/separator/index",["exports","@hashicorp/design-system-components/components/hds/separator/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/base",["exports","@hashicorp/design-system-components/components/hds/side-nav/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/header/home-link",["exports","@hashicorp/design-system-components/components/hds/side-nav/header/home-link"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/header/icon-button",["exports","@hashicorp/design-system-components/components/hds/side-nav/header/icon-button"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/header/index",["exports","@hashicorp/design-system-components/components/hds/side-nav/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/index",["exports","@hashicorp/design-system-components/components/hds/side-nav/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/list/back-link",["exports","@hashicorp/design-system-components/components/hds/side-nav/list/back-link"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/list/index",["exports","@hashicorp/design-system-components/components/hds/side-nav/list/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) -define("consul-ui/components/hds/side-nav/list/item",["exports","@hashicorp/design-system-components/components/hds/side-nav/list/item"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/list/link",["exports","@hashicorp/design-system-components/components/hds/side-nav/list/link"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/list/title",["exports","@hashicorp/design-system-components/components/hds/side-nav/list/title"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/portal/index",["exports","@hashicorp/design-system-components/components/hds/side-nav/portal/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/portal/target",["exports","@hashicorp/design-system-components/components/hds/side-nav/portal/target"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/toggle-button",["exports","@hashicorp/design-system-components/components/hds/side-nav/toggle-button"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/stepper/step/indicator",["exports","@hashicorp/design-system-components/components/hds/stepper/step/indicator"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/stepper/task/indicator",["exports","@hashicorp/design-system-components/components/hds/stepper/task/indicator"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/table/index",["exports","@hashicorp/design-system-components/components/hds/table/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/table/td",["exports","@hashicorp/design-system-components/components/hds/table/td"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/table/th-sort",["exports","@hashicorp/design-system-components/components/hds/table/th-sort"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/table/th",["exports","@hashicorp/design-system-components/components/hds/table/th"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/table/tr",["exports","@hashicorp/design-system-components/components/hds/table/tr"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/tabs/index",["exports","@hashicorp/design-system-components/components/hds/tabs/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/tabs/panel",["exports","@hashicorp/design-system-components/components/hds/tabs/panel"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/tabs/tab",["exports","@hashicorp/design-system-components/components/hds/tabs/tab"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/tag/index",["exports","@hashicorp/design-system-components/components/hds/tag/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/text/body",["exports","@hashicorp/design-system-components/components/hds/text/body"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/text/code",["exports","@hashicorp/design-system-components/components/hds/text/code"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/text/display",["exports","@hashicorp/design-system-components/components/hds/text/display"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/text/index",["exports","@hashicorp/design-system-components/components/hds/text/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/toast/index",["exports","@hashicorp/design-system-components/components/hds/toast/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/tooltip-button/index",["exports","@hashicorp/design-system-components/components/hds/tooltip-button/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/yield/index",["exports","@hashicorp/design-system-components/components/hds/yield/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/informed-action/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=u,(0,t.setComponentTemplate)(a,u)})) +define("consul-ui/components/hashicorp-consul/index",["exports","@ember/component","@ember/template-factory","@glimmer/component","@ember/service"],(function(e,t,n,l,r){var i,o,a,u,s +function c(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function d(e,t,n,l,r){var i={} +return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +const p=(0,n.createTemplateFactory)({id:"aqN2qduu",block:'[[[1,"\\n"],[8,[39,0],[[24,0,"hashicorp-consul"],[17,1]],null,[["notifications","side-nav","main"],[[[[1,"\\n"],[42,[28,[37,2],[[28,[37,2],[[33,3,["queue"]]],null]],null],null,[[[1," "],[8,[30,2,["Notification"]],null,[["@delay","@sticky"],[[28,[37,4],[[30,3,["timeout"]],[30,3,["extendedTimeout"]]],null],[30,3,["sticky"]]]],[["default"],[[[[1,"\\n"],[41,[30,3,["dom"]],[[[1," "],[2,[30,3,["dom"]]],[1,"\\n"]],[]],[[[44,[[28,[37,7],[[30,3,["type"]]],null],[28,[37,7],[[30,3,["action"]]],null]],[[[1," "],[8,[39,8],[[24,"data-notification",""]],[["@color"],[[52,[28,[37,9],[[30,4],"error"],null],"critical",[30,4]]]],[["default"],[[[[1,"\\n "],[8,[30,6,["Title"]],null,null,[["default"],[[[[1,[28,[35,10],[[30,4]],null]],[1,"!"]],[]]]]],[1,"\\n "],[8,[30,6,["Description"]],null,null,[["default"],[[[[1,"\\n"],[41,[28,[37,9],[[30,5],"logout"],null],[[[41,[28,[37,9],[[30,4],"success"],null],[[[1," "],[1,[28,[35,11],["components.hashicorp-consul.notifications.logged-out"],null]],[1,"\\n"]],[]],[[[1," "],[1,[28,[35,11],["components.hashicorp-consul.notifications.logged-out-error"],null]],[1,"\\n"]],[]]]],[]],[[[41,[28,[37,9],[[30,5],"authorize"],null],[[[41,[28,[37,9],[[30,4],"success"],null],[[[1," "],[1,[28,[35,11],["components.hashicorp-consul.notifications.logged-in"],null]],[1,"\\n"]],[]],[[[1," "],[1,[28,[35,11],["components.hashicorp-consul.notifications.logged-in-error"],null]],[1,"\\n"]],[]]]],[]],[[[41,[28,[37,12],[[28,[37,9],[[30,5],"use"],null],[28,[37,9],[[30,3,["model"]],"token"],null]],null],[[[1," "],[8,[39,13],null,[["@type","@status","@item","@error"],[[30,5],[30,4],[30,3,["item"]],[30,3,["error"]]]],null],[1,"\\n"]],[]],[[[41,[28,[37,9],[[30,3,["model"]],"intention"],null],[[[1," "],[8,[39,14],null,[["@type","@status","@item","@error"],[[30,5],[30,4],[30,3,["item"]],[30,3,["error"]]]],null],[1,"\\n"]],[]],[[[41,[28,[37,9],[[30,3,["model"]],"role"],null],[[[1," "],[8,[39,15],null,[["@type","@status","@item","@error"],[[30,5],[30,4],[30,3,["item"]],[30,3,["error"]]]],null],[1,"\\n"]],[]],[[[41,[28,[37,9],[[30,3,["model"]],"policy"],null],[[[1," "],[8,[39,16],null,[["@type","@status","@item","@error"],[[30,5],[30,4],[30,3,["item"]],[30,3,["error"]]]],null],[1,"\\n "]],[]],null]],[]]]],[]]]],[]]],[1," "]],[]]]],[]]],[1," "]],[]]]]],[1,"\\n "]],[6]]]]],[1,"\\n\\n"]],[4,5]]]],[]]],[1," "]],[]]]]],[1,"\\n"]],[3]],null],[1,"\\n "]],[2]],[[[1,"\\n "],[8,[39,17],[[24,0,"consul-side-nav"]],[["@isResponsive"],[false]],[["header","body","footer"],[[[[1,"\\n "],[8,[39,18],null,null,[["logo","actions"],[[[[1,"\\n "],[8,[39,19],null,[["@icon","@ariaLabel","@href","@isHrefExternal"],["consul-color","Consul",[28,[37,20],["index"],[["params"],[[28,[37,21],null,[["peer"],[[27]]]]]]],false]],null],[1,"\\n "]],[]],[[[1,"\\n "],[8,[39,22],[[24,0,"hds-side-nav__dropdown"]],[["@listPosition"],["bottom-left"]],[["default"],[[[[1,"\\n "],[8,[30,7,["ToggleIcon"]],null,[["@icon","@text"],["help","Help & Support menu"]],null],[1,"\\n "],[8,[39,23],null,[["@dropdown"],[[30,7]]],null],[1,"\\n "],[8,[30,7,["Interactive"]],null,[["@href","@isHrefExternal","@text"],[[28,[37,24],["CONSUL_DOCS_URL"],null],true,[28,[37,11],["components.hashicorp-consul.side-nav.support-menu.docs"],null]]],null],[1,"\\n "],[8,[30,7,["Interactive"]],null,[["@href","@isHrefExternal","@text"],[[28,[37,25],[[28,[37,24],["CONSUL_DOCS_LEARN_URL"],null],"/consul"],null],true,[28,[37,11],["components.hashicorp-consul.side-nav.support-menu.tutorials"],null]]],null],[1,"\\n "],[8,[30,7,["Interactive"]],null,[["@href","@isHrefExternal","@text"],[[28,[37,24],["CONSUL_REPO_ISSUES_URL"],null],true,[28,[37,11],["components.hashicorp-consul.side-nav.support-menu.feedback"],null]]],null],[1,"\\n "]],[7]]]]],[1,"\\n\\n "],[8,[39,26],null,[["@dc","@partition","@nspace","@onchange"],[[30,8],[30,9],[30,10],[30,11]]],[["default"],[[[[1,"\\n "],[8,[39,27],null,[["@target","@name","@value"],[[30,0],"tokenSelector",[30,12]]],null],[1,"\\n "]],[12]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[]],[[[1,"\\n "],[8,[39,28],[[24,0,"hds-side-nav-hide-when-minimized consul-side-nav__selector-group"]],null,[["default"],[[[[1,"\\n "],[8,[39,29],null,[["@list"],[[30,13]]],null],[1,"\\n "],[8,[39,30],null,[["@list","@dc","@partition","@nspace","@dcs"],[[30,13],[30,8],[30,9],[30,10],[30,14]]],null],[1,"\\n\\n "],[8,[39,31],null,[["@dc","@partition","@nspace","@partitions","@list","@onchange"],[[30,8],[30,9],[30,10],[30,0,["partitions"]],[30,13],[28,[37,32],[[30,0],[28,[37,33],[[30,0,["partitions"]]],null]],[["value"],["data"]]]]],null],[1,"\\n "],[8,[39,34],null,[["@list","@dc","@partition","@nspace","@nspaces","@onchange"],[[30,13],[30,8],[30,9],[30,10],[30,0,["nspaces"]],[28,[37,32],[[30,0],[28,[37,33],[[30,0,["nspaces"]]],null]],[["value"],["data"]]]]],null],[1,"\\n "]],[13]]]]],[1,"\\n "],[8,[39,28],[[24,0,"hds-side-nav-hide-when-minimized"]],null,[["default"],[[[[1,"\\n"],[41,[28,[37,35],["access overview"],null],[[[1," "],[8,[30,15,["Link"]],null,[["@text","@route","@models","@query","@isActive"],[[28,[37,11],["components.hashicorp-consul.side-nav.overview"],null],"dc.show",[28,[37,36],[[30,8,["Name"]]],null],[28,[37,21],null,[["peer"],[[27]]]],[28,[37,37],["dc.show",[30,8,["Name"]]],null]]],null],[1,"\\n"]],[]],null],[41,[28,[37,35],["read services"],null],[[[1," "],[8,[30,15,["Link"]],null,[["@text","@href","@isHrefExternal","@isActive"],[[28,[37,11],["components.hashicorp-consul.side-nav.services"],null],[28,[37,20],["dc.services",[30,8,["Name"]]],[["params"],[[28,[37,21],null,[["peer"],[[27]]]]]]],false,[28,[37,37],["dc.services",[30,8,["Name"]]],null]]],null],[1,"\\n"]],[]],null],[41,[28,[37,35],["read nodes"],null],[[[1," "],[8,[30,15,["Link"]],null,[["@text","@href","@isHrefExternal","@isActive"],[[28,[37,11],["components.hashicorp-consul.side-nav.nodes"],null],[28,[37,20],["dc.nodes",[30,8,["Name"]]],[["params"],[[28,[37,21],null,[["peer"],[[27]]]]]]],false,[28,[37,37],["dc.nodes",[30,8,["Name"]]],null]]],null],[1,"\\n"]],[]],null],[41,[28,[37,35],["read kv"],null],[[[1," "],[8,[30,15,["Link"]],null,[["@text","@href","@isHrefExternal","@isActive"],[[28,[37,11],["components.hashicorp-consul.side-nav.kv"],null],[28,[37,20],["dc.kv",[30,8,["Name"]]],[["params"],[[28,[37,21],null,[["peer"],[[27]]]]]]],false,[28,[37,37],["dc.kv",[30,8,["Name"]]],null]]],null],[1,"\\n"]],[]],null],[41,[28,[37,35],["read intentions"],null],[[[1," "],[8,[30,15,["Link"]],null,[["@text","@href","@isHrefExternal","@isActive"],[[28,[37,11],["components.hashicorp-consul.side-nav.intentions"],null],[28,[37,20],["dc.intentions",[30,8,["Name"]]],[["params"],[[28,[37,21],null,[["peer"],[[27]]]]]]],false,[28,[37,37],["dc.intentions",[30,8,["Name"]]],null]]],null],[1,"\\n"]],[]],null],[1,"\\n "],[8,[39,38],null,[["@dc","@partition","@nspace","@list"],[[30,8],[30,9],[30,10],[30,15]]],null],[1,"\\n "],[8,[39,39],null,[["@dc","@partition","@nspace","@list"],[[30,8],[30,9],[30,10],[30,15]]],null],[1,"\\n "]],[15]]]]],[1,"\\n "]],[]],[[[1,"\\n "],[10,"footer"],[14,"role","contentinfo"],[12],[1,"\\n "],[8,[39,40],[[24,0,"hds-side-nav-hide-when-minimized"]],[["@size","@color"],["100","disabled"]],[["default"],[[[[1,"\\n "],[1,[28,[35,11],["components.hashicorp-consul.side-nav.footer"],[["version"],[[30,0,["consulVersion"]]]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[2,[28,[37,25],["\x3c!-- ",[28,[37,24],["CONSUL_GIT_SHA"],null],"--\x3e"],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]],[[[1,"\\n "],[18,16,[[28,[37,21],null,[["login"],[[52,[30,0,["tokenSelector"]],[30,0,["tokenSelector"]],[28,[37,21],null,[["open","close"],[[27],[27]]]]]]]]]],[1,"\\n "]],[]]]]]],["&attrs","app","flash","status","type","T","dd","@dc","@partition","@nspace","@onchange","selector","SNL","@dcs","SNL","&default"],false,["app","each","-track-array","flashMessages","sub","if","let","lowercase","hds/toast","eq","capitalize","t","or","consul/token/notifications","consul/intention/notifications","consul/role/notifications","consul/policy/notifications","hds/side-nav","hds/side-nav/header","hds/side-nav/header/home-link","href-to","hash","hds/dropdown","debug/navigation","env","concat","consul/token/selector","ref","hds/side-nav/list","consul/hcp/home","consul/datacenter/selector","consul/partition/selector","action","mut","consul/nspace/selector","can","array","is-href","consul/acl/selector","consul/peer/selector","hds/text/display","yield"]]',moduleName:"consul-ui/components/hashicorp-consul/index.hbs",isStrictMode:!1}) +let f=(i=(0,r.inject)("flashMessages"),o=(0,r.inject)("env"),a=class extends l.default{constructor(){super(...arguments),c(this,"flashMessages",u,this),c(this,"env",s,this)}get consulVersion(){const e=["","oss"].includes(this.env.var("CONSUL_BINARY_TYPE"))?"":"+ent" +return`${this.env.var("CONSUL_VERSION")}${e}`}},u=d(a.prototype,"flashMessages",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),s=d(a.prototype,"env",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),a) +e.default=f,(0,t.setComponentTemplate)(p,f)})),define("consul-ui/components/hds/accordion/index",["exports","@hashicorp/design-system-components/components/hds/accordion/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/accordion/item/button",["exports","@hashicorp/design-system-components/components/hds/accordion/item/button"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/accordion/item/index",["exports","@hashicorp/design-system-components/components/hds/accordion/item/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/alert/description",["exports","@hashicorp/design-system-components/components/hds/alert/description"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/alert/index",["exports","@hashicorp/design-system-components/components/hds/alert/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/alert/title",["exports","@hashicorp/design-system-components/components/hds/alert/title"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/copyright",["exports","@hashicorp/design-system-components/components/hds/app-footer/copyright"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/index",["exports","@hashicorp/design-system-components/components/hds/app-footer/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/item",["exports","@hashicorp/design-system-components/components/hds/app-footer/item"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/legal-links",["exports","@hashicorp/design-system-components/components/hds/app-footer/legal-links"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/link",["exports","@hashicorp/design-system-components/components/hds/app-footer/link"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-footer/status-link",["exports","@hashicorp/design-system-components/components/hds/app-footer/status-link"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/index",["exports","@hashicorp/design-system-components/components/hds/app-frame/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/parts/footer",["exports","@hashicorp/design-system-components/components/hds/app-frame/parts/footer"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/parts/header",["exports","@hashicorp/design-system-components/components/hds/app-frame/parts/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/parts/main",["exports","@hashicorp/design-system-components/components/hds/app-frame/parts/main"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/parts/modals",["exports","@hashicorp/design-system-components/components/hds/app-frame/parts/modals"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/app-frame/parts/sidebar",["exports","@hashicorp/design-system-components/components/hds/app-frame/parts/sidebar"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/application-state/body",["exports","@hashicorp/design-system-components/components/hds/application-state/body"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/application-state/footer",["exports","@hashicorp/design-system-components/components/hds/application-state/footer"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/application-state/header",["exports","@hashicorp/design-system-components/components/hds/application-state/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/application-state/index",["exports","@hashicorp/design-system-components/components/hds/application-state/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/avatar/index",["exports","@hashicorp/design-system-components/components/hds/avatar/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/badge-count/index",["exports","@hashicorp/design-system-components/components/hds/badge-count/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/badge/index",["exports","@hashicorp/design-system-components/components/hds/badge/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/breadcrumb/index",["exports","@hashicorp/design-system-components/components/hds/breadcrumb/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/breadcrumb/item",["exports","@hashicorp/design-system-components/components/hds/breadcrumb/item"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/breadcrumb/truncation",["exports","@hashicorp/design-system-components/components/hds/breadcrumb/truncation"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/button-set/index",["exports","@hashicorp/design-system-components/components/hds/button-set/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) +define("consul-ui/components/hds/button/index",["exports","@hashicorp/design-system-components/components/hds/button/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/card/container",["exports","@hashicorp/design-system-components/components/hds/card/container"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/copy/button/index",["exports","@hashicorp/design-system-components/components/hds/copy/button/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/copy/snippet/index",["exports","@hashicorp/design-system-components/components/hds/copy/snippet/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/disclosure-primitive/index",["exports","@hashicorp/design-system-components/components/hds/disclosure-primitive/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dismiss-button/index",["exports","@hashicorp/design-system-components/components/hds/dismiss-button/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/footer",["exports","@hashicorp/design-system-components/components/hds/dropdown/footer"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/header",["exports","@hashicorp/design-system-components/components/hds/dropdown/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/index",["exports","@hashicorp/design-system-components/components/hds/dropdown/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/checkbox",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/checkbox"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/checkmark",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/checkmark"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/copy-item",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/copy-item"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/description",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/description"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/generic",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/generic"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/interactive",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/interactive"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/radio",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/radio"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/separator",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/separator"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/list-item/title",["exports","@hashicorp/design-system-components/components/hds/dropdown/list-item/title"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/toggle/button",["exports","@hashicorp/design-system-components/components/hds/dropdown/toggle/button"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/toggle/chevron",["exports","@hashicorp/design-system-components/components/hds/dropdown/toggle/chevron"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/dropdown/toggle/icon",["exports","@hashicorp/design-system-components/components/hds/dropdown/toggle/icon"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/flyout/body",["exports","@hashicorp/design-system-components/components/hds/flyout/body"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/flyout/description",["exports","@hashicorp/design-system-components/components/hds/flyout/description"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/flyout/footer",["exports","@hashicorp/design-system-components/components/hds/flyout/footer"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/flyout/header",["exports","@hashicorp/design-system-components/components/hds/flyout/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/flyout/index",["exports","@hashicorp/design-system-components/components/hds/flyout/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/checkbox/base",["exports","@hashicorp/design-system-components/components/hds/form/checkbox/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/checkbox/field",["exports","@hashicorp/design-system-components/components/hds/form/checkbox/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/checkbox/group",["exports","@hashicorp/design-system-components/components/hds/form/checkbox/group"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/error/index",["exports","@hashicorp/design-system-components/components/hds/form/error/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) +define("consul-ui/components/hds/form/error/message",["exports","@hashicorp/design-system-components/components/hds/form/error/message"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/field/index",["exports","@hashicorp/design-system-components/components/hds/form/field/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/fieldset/index",["exports","@hashicorp/design-system-components/components/hds/form/fieldset/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/file-input/base",["exports","@hashicorp/design-system-components/components/hds/form/file-input/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/file-input/field",["exports","@hashicorp/design-system-components/components/hds/form/file-input/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/helper-text/index",["exports","@hashicorp/design-system-components/components/hds/form/helper-text/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/indicator/index",["exports","@hashicorp/design-system-components/components/hds/form/indicator/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/label/index",["exports","@hashicorp/design-system-components/components/hds/form/label/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/legend/index",["exports","@hashicorp/design-system-components/components/hds/form/legend/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/masked-input/base",["exports","@hashicorp/design-system-components/components/hds/form/masked-input/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/masked-input/field",["exports","@hashicorp/design-system-components/components/hds/form/masked-input/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio-card/description",["exports","@hashicorp/design-system-components/components/hds/form/radio-card/description"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio-card/group",["exports","@hashicorp/design-system-components/components/hds/form/radio-card/group"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio-card/index",["exports","@hashicorp/design-system-components/components/hds/form/radio-card/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio-card/label",["exports","@hashicorp/design-system-components/components/hds/form/radio-card/label"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio/base",["exports","@hashicorp/design-system-components/components/hds/form/radio/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio/field",["exports","@hashicorp/design-system-components/components/hds/form/radio/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/radio/group",["exports","@hashicorp/design-system-components/components/hds/form/radio/group"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/select/base",["exports","@hashicorp/design-system-components/components/hds/form/select/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/select/field",["exports","@hashicorp/design-system-components/components/hds/form/select/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/text-input/base",["exports","@hashicorp/design-system-components/components/hds/form/text-input/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/text-input/field",["exports","@hashicorp/design-system-components/components/hds/form/text-input/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/textarea/base",["exports","@hashicorp/design-system-components/components/hds/form/textarea/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/textarea/field",["exports","@hashicorp/design-system-components/components/hds/form/textarea/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/toggle/base",["exports","@hashicorp/design-system-components/components/hds/form/toggle/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/toggle/field",["exports","@hashicorp/design-system-components/components/hds/form/toggle/field"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/toggle/group",["exports","@hashicorp/design-system-components/components/hds/form/toggle/group"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/form/visibility-toggle/index",["exports","@hashicorp/design-system-components/components/hds/form/visibility-toggle/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/icon-tile/index",["exports","@hashicorp/design-system-components/components/hds/icon-tile/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/interactive/index",["exports","@hashicorp/design-system-components/components/hds/interactive/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) +define("consul-ui/components/hds/link/inline",["exports","@hashicorp/design-system-components/components/hds/link/inline"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/link/standalone",["exports","@hashicorp/design-system-components/components/hds/link/standalone"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/menu-primitive/index",["exports","@hashicorp/design-system-components/components/hds/menu-primitive/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/modal/body",["exports","@hashicorp/design-system-components/components/hds/modal/body"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/modal/footer",["exports","@hashicorp/design-system-components/components/hds/modal/footer"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/modal/header",["exports","@hashicorp/design-system-components/components/hds/modal/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/modal/index",["exports","@hashicorp/design-system-components/components/hds/modal/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/actions",["exports","@hashicorp/design-system-components/components/hds/page-header/actions"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/badges",["exports","@hashicorp/design-system-components/components/hds/page-header/badges"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/description",["exports","@hashicorp/design-system-components/components/hds/page-header/description"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/index",["exports","@hashicorp/design-system-components/components/hds/page-header/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/subtitle",["exports","@hashicorp/design-system-components/components/hds/page-header/subtitle"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/page-header/title",["exports","@hashicorp/design-system-components/components/hds/page-header/title"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/compact/index",["exports","@hashicorp/design-system-components/components/hds/pagination/compact/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/info",["exports","@hashicorp/design-system-components/components/hds/pagination/info"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/nav/arrow",["exports","@hashicorp/design-system-components/components/hds/pagination/nav/arrow"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/nav/ellipsis",["exports","@hashicorp/design-system-components/components/hds/pagination/nav/ellipsis"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/nav/number",["exports","@hashicorp/design-system-components/components/hds/pagination/nav/number"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/numbered/index",["exports","@hashicorp/design-system-components/components/hds/pagination/numbered/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/pagination/size-selector",["exports","@hashicorp/design-system-components/components/hds/pagination/size-selector"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/reveal/index",["exports","@hashicorp/design-system-components/components/hds/reveal/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/reveal/toggle/button",["exports","@hashicorp/design-system-components/components/hds/reveal/toggle/button"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/segmented-group/index",["exports","@hashicorp/design-system-components/components/hds/segmented-group/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/separator/index",["exports","@hashicorp/design-system-components/components/hds/separator/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/base",["exports","@hashicorp/design-system-components/components/hds/side-nav/base"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/header/home-link",["exports","@hashicorp/design-system-components/components/hds/side-nav/header/home-link"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/header/icon-button",["exports","@hashicorp/design-system-components/components/hds/side-nav/header/icon-button"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/header/index",["exports","@hashicorp/design-system-components/components/hds/side-nav/header"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/index",["exports","@hashicorp/design-system-components/components/hds/side-nav/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/list/back-link",["exports","@hashicorp/design-system-components/components/hds/side-nav/list/back-link"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) +define("consul-ui/components/hds/side-nav/list/index",["exports","@hashicorp/design-system-components/components/hds/side-nav/list/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/list/item",["exports","@hashicorp/design-system-components/components/hds/side-nav/list/item"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/list/link",["exports","@hashicorp/design-system-components/components/hds/side-nav/list/link"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/list/title",["exports","@hashicorp/design-system-components/components/hds/side-nav/list/title"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/portal/index",["exports","@hashicorp/design-system-components/components/hds/side-nav/portal/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/portal/target",["exports","@hashicorp/design-system-components/components/hds/side-nav/portal/target"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/side-nav/toggle-button",["exports","@hashicorp/design-system-components/components/hds/side-nav/toggle-button"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/stepper/step/indicator",["exports","@hashicorp/design-system-components/components/hds/stepper/step/indicator"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/stepper/task/indicator",["exports","@hashicorp/design-system-components/components/hds/stepper/task/indicator"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/table/index",["exports","@hashicorp/design-system-components/components/hds/table/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/table/td",["exports","@hashicorp/design-system-components/components/hds/table/td"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/table/th-sort",["exports","@hashicorp/design-system-components/components/hds/table/th-sort"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/table/th",["exports","@hashicorp/design-system-components/components/hds/table/th"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/table/tr",["exports","@hashicorp/design-system-components/components/hds/table/tr"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/tabs/index",["exports","@hashicorp/design-system-components/components/hds/tabs/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/tabs/panel",["exports","@hashicorp/design-system-components/components/hds/tabs/panel"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/tabs/tab",["exports","@hashicorp/design-system-components/components/hds/tabs/tab"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/tag/index",["exports","@hashicorp/design-system-components/components/hds/tag/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/text/body",["exports","@hashicorp/design-system-components/components/hds/text/body"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/text/code",["exports","@hashicorp/design-system-components/components/hds/text/code"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/text/display",["exports","@hashicorp/design-system-components/components/hds/text/display"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/text/index",["exports","@hashicorp/design-system-components/components/hds/text/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/toast/index",["exports","@hashicorp/design-system-components/components/hds/toast/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/tooltip-button/index",["exports","@hashicorp/design-system-components/components/hds/tooltip-button/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/hds/yield/index",["exports","@hashicorp/design-system-components/components/hds/yield/index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/informed-action/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const r=(0,n.createTemplateFactory)({id:"OpUoOs2J",block:'[[[1,"\\n"],[11,0],[24,0,"informed-action"],[17,1],[12],[1,"\\n "],[10,0],[12],[1,"\\n "],[10,"header"],[12],[1,"\\n "],[18,2,null],[1,"\\n "],[13],[1,"\\n "],[18,3,null],[1,"\\n "],[13],[1,"\\n "],[10,"ul"],[12],[1,"\\n "],[18,4,[[28,[37,1],null,[["Action"],[[50,"anonymous",0,null,[["tagName"],["li"]]]]]]]],[1,"\\n "],[13],[1,"\\n"],[13]],["&attrs","&header","&body","&actions"],false,["yield","hash","component"]]',moduleName:"consul-ui/components/informed-action/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})),define("consul-ui/components/ivy-codemirror",["exports","ivy-codemirror/components/ivy-codemirror"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/jwt-source/index",["exports","@glimmer/component","@ember/service","consul-ui/utils/dom/event-source"],(function(e,t,n,l){var r,i,o,a,u @@ -1340,14 +1343,14 @@ this.set("height",Math.max(0,r)),this.updateItems(),this.updateScrollPosition()} if(t.target.checked&&e!==this.checked){(0,r.set)(this,"checked",parseInt(e)),this.$row=this.dom.closest("li",t.target),this.$row.style.zIndex=1 const n=this.dom.sibling(t.target,"div") n.getBoundingClientRect().top+n.clientHeight>this.dom.element('footer[role="contentinfo"]').getBoundingClientRect().top?n.classList.add("above"):n.classList.remove("above")}else{this.dom.sibling(t.target,"div").classList.remove("above"),(0,r.set)(this,"checked",null),this.$row.style.zIndex=null}}}})) -e.default=c})),define("consul-ui/components/maybe-in-element",["exports","ember-maybe-in-element/components/maybe-in-element"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/menu-panel/index",["exports","@ember/component","@ember/template-factory","@ember/service","@ember/runloop","@ember/object","block-slots"],(function(e,t,n,l,r,i,o){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=c})),define("consul-ui/components/maybe-in-element",["exports","ember-maybe-in-element/components/maybe-in-element"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) +define("consul-ui/components/menu-panel/index",["exports","@ember/component","@ember/template-factory","@ember/service","@ember/runloop","@ember/object","block-slots"],(function(e,t,n,l,r,i,o){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const a=(0,n.createTemplateFactory)({id:"AUkkhvKM",block:'[[[1,"\\n"],[18,3,null],[1,"\\n"],[44,[[28,[37,2],null,[["change"],[[28,[37,3],[[30,0],"change"],null]]]]],[[[11,0],[16,0,[28,[37,4],[[28,[37,5],["menu-panel"],null],[28,[37,5],["menu-panel-deprecated"],null],[28,[37,5],[[33,6]],null],[28,[37,5],[[33,7],"confirmation"],null]],null]],[4,[38,8],[[28,[37,3],[[30,0],"connect"],null]],null],[12],[1,"\\n "],[8,[39,9],null,[["@name"],["controls"]],[["default"],[[[[1,"\\n "],[18,3,[[30,1]]],[1,"\\n "]],[]]]]],[1,"\\n"],[6,[39,9],null,[["name"],["header"]],[["default","else"],[[[[1," "],[10,0],[12],[1,"\\n "],[18,3,[[30,1]]],[1,"\\n "],[13],[1,"\\n"]],[]],[[],[]]]]],[1," "],[11,"ul"],[24,"role","menu"],[17,2],[12],[1,"\\n "],[8,[39,9],null,[["@name"],["menu"]],[["default"],[[[[1,"\\n "],[18,3,[[30,1]]],[1,"\\n "]],[]]]]],[1,"\\n "],[13],[1,"\\n"],[13],[1,"\\n"]],[1]]]],["api","&attrs","&default"],false,["yield","let","hash","action","class-map","array","position","isConfirmation","did-insert","yield-slot"]]',moduleName:"consul-ui/components/menu-panel/index.hbs",isStrictMode:!1}) var u=(0,t.setComponentTemplate)(a,t.default.extend(o.default,{tagName:"",dom:(0,l.inject)("dom"),isConfirmation:!1,actions:{connect:function(e){(0,r.next)((()=>{if(!this.isDestroyed){const t=this.dom.element('li:only-child > [role="menu"]:first-child',e);(0,i.set)(this,"isConfirmation",void 0!==t)}}))},change:function(e){const t=e.target.getAttribute("id"),n=this.dom.element(`[for='${t}']`),l=this.dom.element("[role=menu]",n.parentElement),r=this.dom.closest(".menu-panel",l) if(e.target.checked){l.style.display="block" const e=l.offsetHeight+2 r.style.maxHeight=r.style.minHeight=`${e}px`}else l.style.display=null,r.style.maxHeight=null,r.style.minHeight="0"}}})) -e.default=u})) -define("consul-ui/components/menu/action/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=u})),define("consul-ui/components/menu/action/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const r=(0,n.createTemplateFactory)({id:"JOnhu+Ze",block:'[[[1,"\\n"],[8,[39,0],[[24,"role","menuitem"],[17,1],[4,[38,1],["click",[52,[30,2],[30,4,["close"]],[28,[37,3],null,null]]],null]],[["@href","@external"],[[30,2],[30,3]]],[["default"],[[[[1,"\\n "],[18,5,null],[1,"\\n"]],[]]]]],[1,"\\n"]],["&attrs","@href","@external","@disclosure","&default"],false,["action","on","if","noop","yield"]]',moduleName:"consul-ui/components/menu/action/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})),define("consul-ui/components/menu/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 @@ -1368,10 +1371,13 @@ var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})),define("consul-ui/components/more-popover-menu/index",["exports","@ember/component","@ember/template-factory"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const l=(0,n.createTemplateFactory)({id:"aLK3TSIx",block:'[[[1,"\\n"],[11,0],[24,0,"more-popover-menu"],[17,1],[12],[1,"\\n "],[8,[39,0],null,[["@expanded","@onchange","@keyboardAccess"],[[99,1,["@expanded"]],[28,[37,2],[[30,0],[33,3]],null],false]],[["default"],[[[[1,"\\n "],[8,[39,4],null,[["@name"],["trigger"]],[["default"],[[[[1,"\\n More\\n "]],[]]]]],[1,"\\n "],[8,[39,4],null,[["@name"],["menu"]],[["default"],[[[[1,"\\n "],[18,4,[[30,2,["MenuItem"]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[2,3]]]]],[1,"\\n"],[13],[1,"\\n"]],["&attrs","components","api","&default"],false,["popover-menu","expanded","action","onchange","block-slot","yield"]]',moduleName:"consul-ui/components/more-popover-menu/index.hbs",isStrictMode:!1}) var r=(0,t.setComponentTemplate)(l,t.default.extend({tagName:""})) -e.default=r})),define("consul-ui/components/nav-selector/index",["exports","@ember/component","@ember/template-factory","@glimmer/component","@ember/object","@glimmer/tracking"],(function(e,t,n,l,r,i){var o,a +e.default=r})),define("consul-ui/components/nav-selector/generic",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +const r=(0,n.createTemplateFactory)({id:"J8OHquCr",block:'[[[1,"\\n"],[18,1,null]],["&default"],false,["yield"]]',moduleName:"consul-ui/components/nav-selector/generic.hbs",isStrictMode:!1}) +var i=(0,t.setComponentTemplate)(r,(0,l.default)()) +e.default=i})),define("consul-ui/components/nav-selector/index",["exports","@ember/component","@ember/template-factory","@glimmer/component","@ember/object","@glimmer/tracking"],(function(e,t,n,l,r,i){var o,a function u(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -const s=(0,n.createTemplateFactory)({id:"gV2Cd+sK",block:'[[[1,"\\n"],[44,[[30,1]],[[[1," "],[8,[30,2,["Item"]],[[24,0,"consul-side-nav__selector"]],null,[["default"],[[[[1,"\\n "],[8,[39,1],[[24,0,"hds-side-nav__dropdown"],[17,3]],[["@listPosition","@width","@isInline"],["bottom-left","15.5rem",true]],[["default"],[[[[1,"\\n "],[8,[30,4,["ToggleButton"]],[[24,0,"consul-side-nav__selector-toggle"],[16,"disabled",[28,[37,2],[[30,5],true],null]]],[["@icon","@text"],[[30,6],[28,[37,3],[[30,7],[30,8]],null]]],null],[1,"\\n "],[8,[30,4,["Header"]],null,[["@hasDivider"],[true]],[["default"],[[[[1,"\\n"],[41,[30,9],[[[1," "],[10,0],[14,0,"consul-side-nav__selector-description"],[12],[1,"\\n "],[8,[39,5],null,[["@size","@color"],["100","faint"]],[["default"],[[[[1,[30,9]]],[]]]]],[1,"\\n "],[13],[1,"\\n"]],[]],null],[1," "],[8,[39,6],[[16,"placeholder",[30,10]],[16,"aria-label",[30,10]],[4,[38,7],["input",[30,0,["onSearchInput"]]],null]],[["@type","@value"],["search",[30,0,["search"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n"],[41,[28,[37,2],[[30,0,["filteredItems","length"]],0],null],[[[1," "],[8,[30,4,["Description"]],null,[["@text"],["No results"]],null],[1,"\\n"]],[]],[[[42,[28,[37,9],[[28,[37,9],[[30,0,["filteredItems"]]],null]],null],null,[[[1," "],[18,14,[[30,4],[30,11]]],[1,"\\n"]],[11]],null]],[]]],[41,[30,12],[[[1," "],[8,[30,4,["Footer"]],null,[["@hasDivider"],[true]],[["default"],[[[[1,"\\n "],[8,[39,11],null,[["@href","@isHrefExternal","@text","@iconPosition","@icon","@color"],[[30,12],false,[30,13],"trailing","arrow-right","secondary"]],null],[1,"\\n "]],[]]]]],[1,"\\n"]],[]],null],[1," "]],[4]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[2]]]],["@list","SNL","&attrs","DD","@disabled","@icon","@item","@key","@description","@placeholder","item","@footerLink","@footerLinkText","&default"],false,["let","hds/dropdown","eq","get","if","hds/text/body","hds/form/text-input/base","on","each","-track-array","yield","hds/link/standalone"]]',moduleName:"consul-ui/components/nav-selector/index.hbs",isStrictMode:!1}) +const s=(0,n.createTemplateFactory)({id:"JCYQiQJP",block:'[[[1,"\\n"],[44,[[30,1]],[[[1," "],[8,[30,2,["Item"]],[[24,0,"consul-side-nav__selector"]],null,[["default"],[[[[1,"\\n "],[8,[39,1],[[24,0,"hds-side-nav__dropdown"],[17,3]],[["@listPosition","@width","@isInline"],["bottom-left","15.5rem",true]],[["default"],[[[[1,"\\n "],[8,[30,4,["ToggleButton"]],[[24,0,"consul-side-nav__selector-toggle"],[16,"disabled",[28,[37,2],[[30,5],true],null]]],[["@icon","@text"],[[30,6],[28,[37,3],[[30,7],[30,8]],null]]],null],[1,"\\n "],[8,[30,4,["Header"]],null,[["@hasDivider"],[true]],[["default"],[[[[1,"\\n "],[18,14,[[28,[37,5],null,[["Data"],[[50,"nav-selector/generic",0,null,null]]]]]],[1,"\\n"],[41,[30,9],[[[1," "],[10,0],[14,0,"consul-side-nav__selector-description"],[12],[1,"\\n "],[8,[39,8],null,[["@size","@color"],["100","faint"]],[["default"],[[[[1,[30,9]]],[]]]]],[1,"\\n "],[13],[1,"\\n"]],[]],null],[1," "],[8,[39,9],[[16,"placeholder",[30,10]],[16,"aria-label",[30,10]],[4,[38,10],["input",[30,0,["onSearchInput"]]],null]],[["@type","@value"],["search",[30,0,["search"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n"],[41,[28,[37,2],[[30,0,["filteredItems","length"]],0],null],[[[1," "],[8,[30,4,["Description"]],null,[["@text"],["No results"]],null],[1,"\\n"]],[]],[[[42,[28,[37,12],[[28,[37,12],[[30,0,["filteredItems"]]],null]],null],null,[[[1," "],[18,14,[[28,[37,5],null,[["Dropdown","item"],[[30,4],[30,11]]]]]],[1,"\\n"]],[11]],null]],[]]],[41,[30,12],[[[1," "],[8,[30,4,["Footer"]],null,[["@hasDivider"],[true]],[["default"],[[[[1,"\\n "],[8,[39,13],null,[["@href","@isHrefExternal","@text","@iconPosition","@icon","@color"],[[30,12],false,[30,13],"trailing","arrow-right","secondary"]],null],[1,"\\n "]],[]]]]],[1,"\\n"]],[]],null],[1," "]],[4]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[2]]]],["@list","SNL","&attrs","DD","@disabled","@icon","@item","@key","@description","@placeholder","item","@footerLink","@footerLinkText","&default"],false,["let","hds/dropdown","eq","get","yield","hash","component","if","hds/text/body","hds/form/text-input/base","on","each","-track-array","hds/link/standalone"]]',moduleName:"consul-ui/components/nav-selector/index.hbs",isStrictMode:!1}) let c=(o=class extends l.default{constructor(){var e,t,n,l super(...arguments),e=this,t="search",l=this,(n=a)&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}get filteredItems(){const e=this.search.toLowerCase() return e?this.args.items.filter((t=>t[this.args.key].toLowerCase().includes(e))):this.args.items}onSearchInput(e){this.search=e.target.value}},a=u(o.prototype,"search",[i.tracked],{configurable:!0,enumerable:!0,writable:!0,initializer:function(){return""}}),u(o.prototype,"onSearchInput",[r.action],Object.getOwnPropertyDescriptor(o.prototype,"onSearchInput"),o.prototype),o) @@ -1495,8 +1501,8 @@ return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumera const s=(0,n.createTemplateFactory)({id:"SC5oIKM/",block:'[[[1,"\\n"],[44,[[30,1,["MenuItem"]]],[[[1," "],[8,[30,2],[[16,0,[52,[30,0,["selected"]],"is-active"]],[17,3],[4,[38,3],[[30,0,["connect"]]],null],[4,[38,3],[[28,[37,4],[[30,0],"selected",[30,5]],null]],null],[4,[38,5],[[28,[37,4],[[30,0],"selected",[30,5]],null]],null],[4,[38,6],[[30,0,["disconnect"]]],null]],[["@onclick","@selected"],[[28,[37,2],[[30,0],[30,4],[30,0]],null],[30,0,["selected"]]]],[["default"],[[[[1,"\\n "],[8,[39,7],null,[["@name"],["label"]],[["default"],[[[[1,"\\n "],[18,6,null],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[2]]]],["@components","MenuItem","&attrs","@onclick","@selected","&default"],false,["let","if","action","did-insert","set","did-update","will-destroy","block-slot","yield"]]',moduleName:"consul-ui/components/popover-select/option/index.hbs",isStrictMode:!1}) let c=(o=class extends l.default{constructor(){var e,t,n,l super(...arguments),e=this,t="selected",l=this,(n=a)&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}connect(){this.args.select.addOption(this)}disconnect(){this.args.select.removeOption(this)}},a=u(o.prototype,"selected",[r.tracked],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),u(o.prototype,"connect",[i.action],Object.getOwnPropertyDescriptor(o.prototype,"connect"),o.prototype),u(o.prototype,"disconnect",[i.action],Object.getOwnPropertyDescriptor(o.prototype,"disconnect"),o.prototype),o) -e.default=c,(0,t.setComponentTemplate)(s,c)})),define("consul-ui/components/portal-target",["exports","ember-stargate/components/portal-target"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/portal",["exports","ember-stargate/components/portal"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select-multiple-with-create",["exports","ember-power-select-with-create/components/power-select-multiple-with-create"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select-multiple",["exports","ember-power-select/components/power-select-multiple"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) -define("consul-ui/components/power-select-multiple/trigger",["exports","ember-power-select/components/power-select-multiple/trigger"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select-with-create",["exports","ember-power-select-with-create/components/power-select-with-create"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select-with-create/suggested-option",["exports","ember-power-select-with-create/components/power-select-with-create/suggested-option"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select",["exports","ember-power-select/components/power-select"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/before-options",["exports","ember-power-select/components/power-select/before-options"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/no-matches-message",["exports","ember-power-select/components/power-select/no-matches-message"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/options",["exports","ember-power-select/components/power-select/options"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/placeholder",["exports","ember-power-select/components/power-select/placeholder"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/power-select-group",["exports","ember-power-select/components/power-select/power-select-group"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/search-message",["exports","ember-power-select/components/power-select/search-message"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/trigger",["exports","ember-power-select/components/power-select/trigger"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/progress/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=c,(0,t.setComponentTemplate)(s,c)})),define("consul-ui/components/portal-target",["exports","ember-stargate/components/portal-target"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/portal",["exports","ember-stargate/components/portal"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) +define("consul-ui/components/power-select-multiple-with-create",["exports","ember-power-select-with-create/components/power-select-multiple-with-create"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select-multiple",["exports","ember-power-select/components/power-select-multiple"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select-multiple/trigger",["exports","ember-power-select/components/power-select-multiple/trigger"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select-with-create",["exports","ember-power-select-with-create/components/power-select-with-create"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select-with-create/suggested-option",["exports","ember-power-select-with-create/components/power-select-with-create/suggested-option"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select",["exports","ember-power-select/components/power-select"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/before-options",["exports","ember-power-select/components/power-select/before-options"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/no-matches-message",["exports","ember-power-select/components/power-select/no-matches-message"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/options",["exports","ember-power-select/components/power-select/options"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/placeholder",["exports","ember-power-select/components/power-select/placeholder"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/power-select-group",["exports","ember-power-select/components/power-select/power-select-group"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/search-message",["exports","ember-power-select/components/power-select/search-message"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/power-select/trigger",["exports","ember-power-select/components/power-select/trigger"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/components/progress/index",["exports","@ember/component","@ember/template-factory","@ember/component/template-only"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const r=(0,n.createTemplateFactory)({id:"v8Ti52Dh",block:'[[[1,"\\n"],[11,0],[24,0,"progress indeterminate"],[24,"role","progressbar"],[17,1],[12],[13],[1,"\\n"]],["&attrs"],false,[]]',moduleName:"consul-ui/components/progress/index.hbs",isStrictMode:!1}) var i=(0,t.setComponentTemplate)(r,(0,l.default)()) e.default=i})),define("consul-ui/components/providers/dimension/index",["exports","@ember/component","@ember/template-factory","@glimmer/component","@glimmer/tracking","@ember/object","ember-ref-bucket","@ember/template"],(function(e,t,n,l,r,i,o,a){var u,s,c,d @@ -1572,7 +1578,8 @@ var o=(0,t.setComponentTemplate)(i,t.default.extend({chart:(0,l.inject)("state") void 0!==this.machine&&this.machine.stop(),void 0!==this.initial&&(this.src.initial=this.initial),this.machine=this.chart.interpret(this.src,{onTransition:e=>{const t=new CustomEvent("transition",{detail:e}) this.ontransition(t),t.defaultPrevented||e.actions.forEach((t=>{"function"==typeof this._actions[t.type]&&this._actions[t.type](t.type,e.context,e.event)})),(0,r.set)(this,"state",e)},onGuard:function(t){for(var n=arguments.length,l=new Array(n>1?n-1:0),r=1;ro!==this.router.currentRouteName||void 0!==t.nspace?a.transitionTo(...(0,i.default)(this.router.currentRoute,t,n)):e))}),e.type,(function(e,t){return e}),{})}},c=m(s.prototype,"router",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),d=m(s.prototype,"store",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),p=m(s.prototype,"feedback",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),m(s.prototype,"reauthorize",[r.action],Object.getOwnPropertyDescriptor(s.prototype,"reauthorize"),s.prototype),s) e.default=h})),define("consul-ui/controllers/dc/acls/policies/create",["exports","consul-ui/controllers/dc/acls/policies/edit"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -class n extends t.default{}e.default=n})),define("consul-ui/controllers/dc/acls/policies/edit",["exports","@ember/service","@ember/controller"],(function(e,t,n){var l,r,i +class n extends t.default{}e.default=n})) +define("consul-ui/controllers/dc/acls/policies/edit",["exports","@ember/service","@ember/controller"],(function(e,t,n){var l,r,i Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 let o=(l=(0,t.inject)("form"),r=class extends n.default{constructor(){var e,t,n,l super(...arguments),e=this,t="builder",l=this,(n=i)&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}init(){super.init(...arguments),this.form=this.builder.form("policy")}setProperties(e){super.setProperties(Object.keys(e).reduce(((e,t,n)=>{if("item"===t)e[t]=this.form.setData(e[t]).getData() return e}),e))}},a=r.prototype,u="builder",s=[l],c={configurable:!0,enumerable:!0,writable:!0,initializer:null},p={},Object.keys(c).forEach((function(e){p[e]=c[e]})),p.enumerable=!!p.enumerable,p.configurable=!!p.configurable,("value"in p||p.initializer)&&(p.writable=!0),p=s.slice().reverse().reduce((function(e,t){return t(a,u,e)||e}),p),d&&void 0!==p.initializer&&(p.value=p.initializer?p.initializer.call(d):void 0,p.initializer=void 0),void 0===p.initializer&&(Object.defineProperty(a,u,p),p=null),i=p,r) var a,u,s,c,d,p e.default=o})),define("consul-ui/controllers/dc/acls/roles/create",["exports","consul-ui/controllers/dc/acls/roles/edit"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -class n extends t.default{}e.default=n})) -define("consul-ui/controllers/dc/acls/roles/edit",["exports","@ember/service","@ember/controller"],(function(e,t,n){var l,r,i +class n extends t.default{}e.default=n})),define("consul-ui/controllers/dc/acls/roles/edit",["exports","@ember/service","@ember/controller"],(function(e,t,n){var l,r,i Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 let o=(l=(0,t.inject)("form"),r=class extends n.default{constructor(){var e,t,n,l super(...arguments),e=this,t="builder",l=this,(n=i)&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}init(){super.init(...arguments),this.form=this.builder.form("role")}setProperties(e){super.setProperties(Object.keys(e).reduce(((e,t,n)=>{if("item"===t)e[t]=this.form.setData(e[t]).getData() @@ -1840,20 +1846,20 @@ const l=(0,n.default)()})),define("consul-ui/forms/kv",["exports","consul-ui/val return i(n,{}).setValidators(r)} const l=(0,n.default)()})),define("consul-ui/forms/policy",["exports","consul-ui/validations/policy","consul-ui/utils/form/builder"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e){let n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"policy",r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:t.default,i=arguments.length>3&&void 0!==arguments[3]?arguments[3]:l return i(n,{Datacenters:{type:"array"}}).setValidators(r)} -const l=(0,n.default)()})),define("consul-ui/forms/role",["exports","consul-ui/validations/role","consul-ui/utils/form/builder"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e){let n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"role",r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:t.default,i=arguments.length>3&&void 0!==arguments[3]?arguments[3]:l +const l=(0,n.default)()})) +define("consul-ui/forms/role",["exports","consul-ui/validations/role","consul-ui/utils/form/builder"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e){let n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"role",r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:t.default,i=arguments.length>3&&void 0!==arguments[3]?arguments[3]:l return i(n,{}).setValidators(r).add(e.form("policy"))} const l=(0,n.default)()})),define("consul-ui/forms/token",["exports","consul-ui/validations/token","consul-ui/utils/form/builder"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e){let n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"",r=arguments.length>2&&void 0!==arguments[2]?arguments[2]:t.default,i=arguments.length>3&&void 0!==arguments[3]?arguments[3]:l return i(n,{}).setValidators(r).add(e.form("policy")).add(e.form("role"))} -const l=(0,n.default)()})) -define("consul-ui/helpers/-element",["exports","ember-element-helper/helpers/-element"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/abs",["exports","ember-math-helpers/helpers/abs"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"abs",{enumerable:!0,get:function(){return t.abs}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/acos",["exports","ember-math-helpers/helpers/acos"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"acos",{enumerable:!0,get:function(){return t.acos}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/acosh",["exports","ember-math-helpers/helpers/acosh"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"acosh",{enumerable:!0,get:function(){return t.acosh}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/add",["exports","ember-math-helpers/helpers/add"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"add",{enumerable:!0,get:function(){return t.add}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/adopt-styles",["exports","@ember/component/helper","@ember/debug","@lit/reactive-element"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +const l=(0,n.default)()})),define("consul-ui/helpers/-element",["exports","ember-element-helper/helpers/-element"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/abs",["exports","ember-math-helpers/helpers/abs"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"abs",{enumerable:!0,get:function(){return t.abs}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/acos",["exports","ember-math-helpers/helpers/acos"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"acos",{enumerable:!0,get:function(){return t.acos}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/acosh",["exports","ember-math-helpers/helpers/acosh"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"acosh",{enumerable:!0,get:function(){return t.acosh}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/add",["exports","ember-math-helpers/helpers/add"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"add",{enumerable:!0,get:function(){return t.add}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/adopt-styles",["exports","@ember/component/helper","@ember/debug","@lit/reactive-element"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 class r extends t.default{compute(e,t){let[n,r]=e Array.isArray(r)||(r=[r]),(0,l.adoptStyles)(n,r)}}e.default=r})),define("consul-ui/helpers/and",["exports","ember-truth-helpers/helpers/and"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"and",{enumerable:!0,get:function(){return t.and}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/app-version",["exports","@ember/component/helper","consul-ui/config/environment","ember-cli-app-version/utils/regexp"],(function(e,t,n,l){function r(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{} const r=n.default.APP.version let i=t.versionOnly||t.hideSha,o=t.shaOnly||t.hideVersion,a=null return i&&(t.showExtended&&(a=r.match(l.versionExtendedRegExp)),a||(a=r.match(l.versionRegExp))),o&&(a=r.match(l.shaRegExp)),a?a[0]:r}Object.defineProperty(e,"__esModule",{value:!0}),e.appVersion=r,e.default=void 0 var i=(0,t.helper)(r) -e.default=i})),define("consul-ui/helpers/append",["exports","ember-composable-helpers/helpers/append"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"append",{enumerable:!0,get:function(){return t.append}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-concat",["exports","ember-array-fns/helpers/array-concat"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayConcat",{enumerable:!0,get:function(){return t.arrayConcat}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-every",["exports","ember-array-fns/helpers/array-every"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayEvery",{enumerable:!0,get:function(){return t.arrayEvery}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-filter",["exports","ember-array-fns/helpers/array-filter"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayFilter",{enumerable:!0,get:function(){return t.arrayFilter}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-find-index",["exports","ember-array-fns/helpers/array-find-index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayFindIndex",{enumerable:!0,get:function(){return t.arrayFindIndex}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-find",["exports","ember-array-fns/helpers/array-find"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayFind",{enumerable:!0,get:function(){return t.arrayFind}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-includes",["exports","ember-array-fns/helpers/array-includes"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayIncludes",{enumerable:!0,get:function(){return t.arrayIncludes}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-index-of",["exports","ember-array-fns/helpers/array-index-of"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayIndexOf",{enumerable:!0,get:function(){return t.arrayIndexOf}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-is-array",["exports","ember-array-fns/helpers/array-is-array"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayIsArray",{enumerable:!0,get:function(){return t.arrayIsArray}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-is-first-element",["exports","ember-array-fns/helpers/array-is-first-element"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayIsFirstElement",{enumerable:!0,get:function(){return t.arrayIsFirstElement}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-is-last-element",["exports","ember-array-fns/helpers/array-is-last-element"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayIsLastElement",{enumerable:!0,get:function(){return t.arrayIsLastElement}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-join",["exports","ember-array-fns/helpers/array-join"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayJoin",{enumerable:!0,get:function(){return t.arrayJoin}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-last-index-of",["exports","ember-array-fns/helpers/array-last-index-of"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayLastIndexOf",{enumerable:!0,get:function(){return t.arrayLastIndexOf}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-map",["exports","ember-array-fns/helpers/array-map"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayMap",{enumerable:!0,get:function(){return t.arrayMap}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-reduce",["exports","ember-array-fns/helpers/array-reduce"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayReduce",{enumerable:!0,get:function(){return t.arrayReduce}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-reverse",["exports","ember-array-fns/helpers/array-reverse"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayReverse",{enumerable:!0,get:function(){return t.arrayReverse}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-slice",["exports","ember-array-fns/helpers/array-slice"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arraySlice",{enumerable:!0,get:function(){return t.arraySlice}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-some",["exports","ember-array-fns/helpers/array-some"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arraySome",{enumerable:!0,get:function(){return t.arraySome}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-sort",["exports","ember-array-fns/helpers/array-sort"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arraySort",{enumerable:!0,get:function(){return t.arraySort}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-splice",["exports","ember-array-fns/helpers/array-splice"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arraySplice",{enumerable:!0,get:function(){return t.arraySplice}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/asin",["exports","ember-math-helpers/helpers/asin"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"asin",{enumerable:!0,get:function(){return t.asin}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/asinh",["exports","ember-math-helpers/helpers/asinh"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"asinh",{enumerable:!0,get:function(){return t.asinh}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) -define("consul-ui/helpers/assign",["exports","ember-assign-helper/helpers/assign"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"assign",{enumerable:!0,get:function(){return t.assign}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/atan",["exports","ember-math-helpers/helpers/atan"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"atan",{enumerable:!0,get:function(){return t.atan}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/atan2",["exports","ember-math-helpers/helpers/atan2"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"atan2",{enumerable:!0,get:function(){return t.atan2}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/atanh",["exports","ember-math-helpers/helpers/atanh"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"atanh",{enumerable:!0,get:function(){return t.atanh}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/atob",["exports","@ember/component/helper","consul-ui/utils/atob"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=i})),define("consul-ui/helpers/append",["exports","ember-composable-helpers/helpers/append"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"append",{enumerable:!0,get:function(){return t.append}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-concat",["exports","ember-array-fns/helpers/array-concat"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayConcat",{enumerable:!0,get:function(){return t.arrayConcat}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-every",["exports","ember-array-fns/helpers/array-every"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayEvery",{enumerable:!0,get:function(){return t.arrayEvery}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-filter",["exports","ember-array-fns/helpers/array-filter"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayFilter",{enumerable:!0,get:function(){return t.arrayFilter}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-find-index",["exports","ember-array-fns/helpers/array-find-index"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayFindIndex",{enumerable:!0,get:function(){return t.arrayFindIndex}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-find",["exports","ember-array-fns/helpers/array-find"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayFind",{enumerable:!0,get:function(){return t.arrayFind}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-includes",["exports","ember-array-fns/helpers/array-includes"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayIncludes",{enumerable:!0,get:function(){return t.arrayIncludes}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-index-of",["exports","ember-array-fns/helpers/array-index-of"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayIndexOf",{enumerable:!0,get:function(){return t.arrayIndexOf}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-is-array",["exports","ember-array-fns/helpers/array-is-array"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayIsArray",{enumerable:!0,get:function(){return t.arrayIsArray}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-is-first-element",["exports","ember-array-fns/helpers/array-is-first-element"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayIsFirstElement",{enumerable:!0,get:function(){return t.arrayIsFirstElement}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-is-last-element",["exports","ember-array-fns/helpers/array-is-last-element"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayIsLastElement",{enumerable:!0,get:function(){return t.arrayIsLastElement}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-join",["exports","ember-array-fns/helpers/array-join"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayJoin",{enumerable:!0,get:function(){return t.arrayJoin}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-last-index-of",["exports","ember-array-fns/helpers/array-last-index-of"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayLastIndexOf",{enumerable:!0,get:function(){return t.arrayLastIndexOf}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-map",["exports","ember-array-fns/helpers/array-map"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayMap",{enumerable:!0,get:function(){return t.arrayMap}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-reduce",["exports","ember-array-fns/helpers/array-reduce"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayReduce",{enumerable:!0,get:function(){return t.arrayReduce}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-reverse",["exports","ember-array-fns/helpers/array-reverse"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arrayReverse",{enumerable:!0,get:function(){return t.arrayReverse}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-slice",["exports","ember-array-fns/helpers/array-slice"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arraySlice",{enumerable:!0,get:function(){return t.arraySlice}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-some",["exports","ember-array-fns/helpers/array-some"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arraySome",{enumerable:!0,get:function(){return t.arraySome}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-sort",["exports","ember-array-fns/helpers/array-sort"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arraySort",{enumerable:!0,get:function(){return t.arraySort}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/array-splice",["exports","ember-array-fns/helpers/array-splice"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"arraySplice",{enumerable:!0,get:function(){return t.arraySplice}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) +define("consul-ui/helpers/asin",["exports","ember-math-helpers/helpers/asin"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"asin",{enumerable:!0,get:function(){return t.asin}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/asinh",["exports","ember-math-helpers/helpers/asinh"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"asinh",{enumerable:!0,get:function(){return t.asinh}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/assign",["exports","ember-assign-helper/helpers/assign"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"assign",{enumerable:!0,get:function(){return t.assign}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/atan",["exports","ember-math-helpers/helpers/atan"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"atan",{enumerable:!0,get:function(){return t.atan}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/atan2",["exports","ember-math-helpers/helpers/atan2"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"atan2",{enumerable:!0,get:function(){return t.atan2}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/atanh",["exports","ember-math-helpers/helpers/atanh"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"atanh",{enumerable:!0,get:function(){return t.atanh}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/atob",["exports","@ember/component/helper","consul-ui/utils/atob"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var l=(0,t.helper)((function(e){let[t=""]=e return(0,n.default)(t)})) e.default=l})),define("consul-ui/helpers/block-params",["exports","block-slots/helpers/block-params"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/cached-model",["exports","@ember/component/helper","@ember/application"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 @@ -1867,10 +1873,10 @@ class o{}class a extends t.default{compute(e,t){let[l,r]=e if(l.length>0){const e=(0,n.get)(l,"firstObject")._internalModel.modelName return new(0,i[e])(l)}return new o}}e.default=a})),define("consul-ui/helpers/compact",["exports","ember-composable-helpers/helpers/compact"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/compute",["exports","ember-composable-helpers/helpers/compute"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"compute",{enumerable:!0,get:function(){return t.compute}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/contains",["exports","ember-composable-helpers/helpers/contains"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"contains",{enumerable:!0,get:function(){return t.contains}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/cos",["exports","ember-math-helpers/helpers/cos"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"cos",{enumerable:!0,get:function(){return t.cos}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/cosh",["exports","ember-math-helpers/helpers/cosh"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"cosh",{enumerable:!0,get:function(){return t.cosh}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/css-map",["exports","@ember/component/helper","@lit/reactive-element"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var l=(0,t.helper)((e=>e.filter((e=>e instanceof n.CSSResult||e[e.length-1])).map((e=>e instanceof n.CSSResult?e:e[0])))) -e.default=l})),define("consul-ui/helpers/css",["exports","@ember/component/helper","@lit/reactive-element"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=l})) +define("consul-ui/helpers/css",["exports","@ember/component/helper","@lit/reactive-element"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 class l extends t.default{compute(e,t){let[l]=e -return(0,n.css)([l])}}e.default=l})),define("consul-ui/helpers/dec",["exports","ember-composable-helpers/helpers/dec"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"dec",{enumerable:!0,get:function(){return t.dec}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) -define("consul-ui/helpers/did-insert",["exports","ember-render-helpers/helpers/did-insert"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/did-update",["exports","ember-render-helpers/helpers/did-update"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/div",["exports","ember-math-helpers/helpers/div"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"div",{enumerable:!0,get:function(){return t.div}})})),define("consul-ui/helpers/document-attrs",["exports","@ember/component/helper","@ember/service","@ember/debug","mnemonist/multi-map"],(function(e,t,n,l,r){var i,o,a +return(0,n.css)([l])}}e.default=l})),define("consul-ui/helpers/dec",["exports","ember-composable-helpers/helpers/dec"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"dec",{enumerable:!0,get:function(){return t.dec}}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/did-insert",["exports","ember-render-helpers/helpers/did-insert"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/did-update",["exports","ember-render-helpers/helpers/did-update"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/div",["exports","ember-math-helpers/helpers/div"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"div",{enumerable:!0,get:function(){return t.div}})})),define("consul-ui/helpers/document-attrs",["exports","@ember/component/helper","@ember/service","@ember/debug","mnemonist/multi-map"],(function(e,t,n,l,r){var i,o,a Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const u=new Map,s=new WeakMap let c=(i=(0,n.inject)("-document"),o=class extends t.default{constructor(){var e,t,n,l @@ -1917,8 +1923,8 @@ switch(!0){case 0!==a:return a+"d" case 0!==u:return u+"h" case 0!==s:return s+"m" default:return c+"s"}})) -e.default=n})),define("consul-ui/helpers/format-time",["exports","ember-intl/helpers/format-time"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/from-entries",["exports","ember-composable-helpers/helpers/from-entries"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"fromEntries",{enumerable:!0,get:function(){return t.fromEntries}})})) -define("consul-ui/helpers/fround",["exports","ember-math-helpers/helpers/fround"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"fround",{enumerable:!0,get:function(){return t.fround}})})),define("consul-ui/helpers/gcd",["exports","ember-math-helpers/helpers/gcd"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"gcd",{enumerable:!0,get:function(){return t.gcd}})})),define("consul-ui/helpers/group-by",["exports","ember-composable-helpers/helpers/group-by"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/gt",["exports","ember-truth-helpers/helpers/gt"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"gt",{enumerable:!0,get:function(){return t.gt}})})),define("consul-ui/helpers/gte",["exports","ember-truth-helpers/helpers/gte"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"gte",{enumerable:!0,get:function(){return t.gte}})})),define("consul-ui/helpers/has-next",["exports","ember-composable-helpers/helpers/has-next"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"hasNext",{enumerable:!0,get:function(){return t.hasNext}})})),define("consul-ui/helpers/has-previous",["exports","ember-composable-helpers/helpers/has-previous"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"hasPrevious",{enumerable:!0,get:function(){return t.hasPrevious}})})),define("consul-ui/helpers/hds-link-to-models",["exports","@hashicorp/design-system-components/helpers/hds-link-to-models"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/hds-link-to-query",["exports","@hashicorp/design-system-components/helpers/hds-link-to-query"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/href-to",["exports","@ember/component/helper","@ember/service","@ember/object","@ember/application","consul-ui/utils/routing/transitionable","consul-ui/utils/routing/wildcard","consul-ui/router"],(function(e,t,n,l,r,i,o,a){var u,s,c +e.default=n})) +define("consul-ui/helpers/format-time",["exports","ember-intl/helpers/format-time"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/from-entries",["exports","ember-composable-helpers/helpers/from-entries"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"fromEntries",{enumerable:!0,get:function(){return t.fromEntries}})})),define("consul-ui/helpers/fround",["exports","ember-math-helpers/helpers/fround"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"fround",{enumerable:!0,get:function(){return t.fround}})})),define("consul-ui/helpers/gcd",["exports","ember-math-helpers/helpers/gcd"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"gcd",{enumerable:!0,get:function(){return t.gcd}})})),define("consul-ui/helpers/group-by",["exports","ember-composable-helpers/helpers/group-by"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/gt",["exports","ember-truth-helpers/helpers/gt"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"gt",{enumerable:!0,get:function(){return t.gt}})})),define("consul-ui/helpers/gte",["exports","ember-truth-helpers/helpers/gte"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"gte",{enumerable:!0,get:function(){return t.gte}})})),define("consul-ui/helpers/has-next",["exports","ember-composable-helpers/helpers/has-next"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"hasNext",{enumerable:!0,get:function(){return t.hasNext}})})),define("consul-ui/helpers/has-previous",["exports","ember-composable-helpers/helpers/has-previous"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"hasPrevious",{enumerable:!0,get:function(){return t.hasPrevious}})})),define("consul-ui/helpers/hds-link-to-models",["exports","@hashicorp/design-system-components/helpers/hds-link-to-models"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/hds-link-to-query",["exports","@hashicorp/design-system-components/helpers/hds-link-to-query"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/href-to",["exports","@ember/component/helper","@ember/service","@ember/object","@ember/application","consul-ui/utils/routing/transitionable","consul-ui/utils/routing/wildcard","consul-ui/router"],(function(e,t,n,l,r,i,o,a){var u,s,c function d(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.hrefTo=e.default=void 0 const p=(0,o.default)(a.routes),f=function(e,t){let n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{} @@ -1946,11 +1952,11 @@ e.is=r class i extends t.default{compute(e,t){let[n,l]=e return r(this,[n,l],t)}}e.default=i})),define("consul-ui/helpers/join",["exports","ember-composable-helpers/helpers/join"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/json-stringify",["exports","@ember/component/helper"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.helper)((function(e,t){try{return JSON.stringify(...e)}catch(n){return e[0].map((t=>JSON.stringify(t,e[1],e[2])))}})) -e.default=n})),define("consul-ui/helpers/keys",["exports","ember-composable-helpers/helpers/keys"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"keys",{enumerable:!0,get:function(){return t.keys}})})),define("consul-ui/helpers/last",["exports","@ember/component/helper"],(function(e,t){function n(e,t){let[n=""]=e +e.default=n})),define("consul-ui/helpers/keys",["exports","ember-composable-helpers/helpers/keys"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"keys",{enumerable:!0,get:function(){return t.keys}})})) +define("consul-ui/helpers/last",["exports","@ember/component/helper"],(function(e,t){function n(e,t){let[n=""]=e if(!0==("string"==typeof n))return n.substr(-1)}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0,e.last=n var l=(0,t.helper)(n) -e.default=l})),define("consul-ui/helpers/lcm",["exports","ember-math-helpers/helpers/lcm"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"lcm",{enumerable:!0,get:function(){return t.lcm}})})) -define("consul-ui/helpers/left-trim",["exports","@ember/component/helper","consul-ui/utils/left-trim"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=l})),define("consul-ui/helpers/lcm",["exports","ember-math-helpers/helpers/lcm"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"lcm",{enumerable:!0,get:function(){return t.lcm}})})),define("consul-ui/helpers/left-trim",["exports","@ember/component/helper","consul-ui/utils/left-trim"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var l=(0,t.helper)((function(e,t){let[l="",r=""]=e return(0,n.default)(l,r)})) e.default=l})),define("consul-ui/helpers/log-e",["exports","ember-math-helpers/helpers/log-e"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"logE",{enumerable:!0,get:function(){return t.logE}})})),define("consul-ui/helpers/log10",["exports","ember-math-helpers/helpers/log10"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"log10",{enumerable:!0,get:function(){return t.log10}})})),define("consul-ui/helpers/log1p",["exports","ember-math-helpers/helpers/log1p"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"log1p",{enumerable:!0,get:function(){return t.log1p}})})),define("consul-ui/helpers/log2",["exports","ember-math-helpers/helpers/log2"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"log2",{enumerable:!0,get:function(){return t.log2}})})),define("consul-ui/helpers/lowercase",["exports","ember-cli-string-helpers/helpers/lowercase"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"lowercase",{enumerable:!0,get:function(){return t.lowercase}})})),define("consul-ui/helpers/lt",["exports","ember-truth-helpers/helpers/lt"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"lt",{enumerable:!0,get:function(){return t.lt}})})),define("consul-ui/helpers/lte",["exports","ember-truth-helpers/helpers/lte"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"lte",{enumerable:!0,get:function(){return t.lte}})})),define("consul-ui/helpers/map-by",["exports","ember-composable-helpers/helpers/map-by"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/map",["exports","ember-composable-helpers/helpers/map"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/max",["exports","ember-math-helpers/helpers/max"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"max",{enumerable:!0,get:function(){return t.max}})})),define("consul-ui/helpers/merge-checks",["exports","@ember/component/helper","consul-ui/utils/merge-checks"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 @@ -1960,14 +1966,14 @@ e.default=l})),define("consul-ui/helpers/min",["exports","ember-math-helpers/hel var l=(0,t.helper)((function(e){return new n.default(e[0])})) e.default=l})),define("consul-ui/helpers/mod",["exports","ember-math-helpers/helpers/mod"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"mod",{enumerable:!0,get:function(){return t.mod}})})),define("consul-ui/helpers/mult",["exports","ember-math-helpers/helpers/mult"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"mult",{enumerable:!0,get:function(){return t.mult}})})),define("consul-ui/helpers/next",["exports","ember-composable-helpers/helpers/next"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"next",{enumerable:!0,get:function(){return t.next}})})),define("consul-ui/helpers/noop",["exports","ember-composable-helpers/helpers/noop"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"noop",{enumerable:!0,get:function(){return t.noop}})})),define("consul-ui/helpers/not-eq",["exports","ember-truth-helpers/helpers/not-eq"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"notEqualHelper",{enumerable:!0,get:function(){return t.notEqualHelper}})})),define("consul-ui/helpers/not",["exports","ember-truth-helpers/helpers/not"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"not",{enumerable:!0,get:function(){return t.not}})})),define("consul-ui/helpers/object-at",["exports","ember-composable-helpers/helpers/object-at"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"objectAt",{enumerable:!0,get:function(){return t.objectAt}})})),define("consul-ui/helpers/on-document",["exports","ember-on-helper/helpers/on-document"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/on-key",["exports","ember-keyboard/helpers/on-key.js"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/on-window",["exports","ember-on-helper/helpers/on-window"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/on",["exports","ember-on-helper/helpers/on"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/optional",["exports","ember-composable-helpers/helpers/optional"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"optional",{enumerable:!0,get:function(){return t.optional}})})),define("consul-ui/helpers/or",["exports","ember-truth-helpers/helpers/or"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"or",{enumerable:!0,get:function(){return t.or}})})),define("consul-ui/helpers/page-title",["exports","ember-page-title/helpers/page-title"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=t.default -e.default=n})),define("consul-ui/helpers/percentage-columns-layout",["exports","@ember/component/helper","ember-collection/layouts/percentage-columns"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=n})) +define("consul-ui/helpers/percentage-columns-layout",["exports","@ember/component/helper","ember-collection/layouts/percentage-columns"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var l=(0,t.helper)((function(e){return new n.default(e[0],e[1],e[2])})) e.default=l})),define("consul-ui/helpers/percentage-of",["exports","@ember/component/helper"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.helper)((function(e,t){let[n,l]=e const r=n/l*100 return isNaN(r)?0:r.toFixed(2)})) -e.default=n})) -define("consul-ui/helpers/perform",["exports","ember-concurrency/helpers/perform"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/pick",["exports","ember-composable-helpers/helpers/pick"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"pick",{enumerable:!0,get:function(){return t.pick}})})),define("consul-ui/helpers/pipe-action",["exports","ember-composable-helpers/helpers/pipe-action"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/pipe",["exports","ember-composable-helpers/helpers/pipe"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"pipe",{enumerable:!0,get:function(){return t.pipe}})})),define("consul-ui/helpers/pluralize",["exports","ember-inflector/lib/helpers/pluralize"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=n})),define("consul-ui/helpers/perform",["exports","ember-concurrency/helpers/perform"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/pick",["exports","ember-composable-helpers/helpers/pick"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"pick",{enumerable:!0,get:function(){return t.pick}})})),define("consul-ui/helpers/pipe-action",["exports","ember-composable-helpers/helpers/pipe-action"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/pipe",["exports","ember-composable-helpers/helpers/pipe"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"pipe",{enumerable:!0,get:function(){return t.pipe}})})),define("consul-ui/helpers/pluralize",["exports","ember-inflector/lib/helpers/pluralize"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=t.default e.default=n})),define("consul-ui/helpers/policy/datacenters",["exports","@ember/component/helper","@ember/object"],(function(e,t,n){function l(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{} const l=(0,n.get)(e[0],"Datacenters") @@ -2030,7 +2036,8 @@ switch(!0){case e:return"allow" case!n&&!e:return"deny" case n&&l:return"not-defined" default:return"allow"}}})) -e.default=n})),define("consul-ui/helpers/service/external-source",["exports","@ember/component/helper","@ember/object"],(function(e,t,n){function l(e,t){let l=(0,n.get)(e[0],"ExternalSources.firstObject") +e.default=n})) +define("consul-ui/helpers/service/external-source",["exports","@ember/component/helper","@ember/object"],(function(e,t,n){function l(e,t){let l=(0,n.get)(e[0],"ExternalSources.firstObject") l||(l=(0,n.get)(e[0],"Meta.external-source")) const r=void 0===t.prefix?"":t.prefix if(l&&["consul-api-gateway","vault","kubernetes","terraform","nomad","consul","aws","lambda"].includes(l))return`${r}${l}`}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0,e.serviceExternalSource=l @@ -2039,8 +2046,7 @@ e.default=r})),define("consul-ui/helpers/service/health-percentage",["exports"," var n=(0,t.helper)((function(e){let[t]=e const n=t.ChecksCritical+t.ChecksPassing+t.ChecksWarning return 0===n?"":{passing:Math.round(t.ChecksPassing/n*100),warning:Math.round(t.ChecksWarning/n*100),critical:Math.round(t.ChecksCritical/n*100)}})) -e.default=n})) -define("consul-ui/helpers/set",["exports","ember-set-helper/helpers/set"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/shuffle",["exports","ember-composable-helpers/helpers/shuffle"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"shuffle",{enumerable:!0,get:function(){return t.shuffle}})})),define("consul-ui/helpers/sign",["exports","ember-math-helpers/helpers/sign"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"sign",{enumerable:!0,get:function(){return t.sign}})})),define("consul-ui/helpers/sin",["exports","ember-math-helpers/helpers/sin"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"sin",{enumerable:!0,get:function(){return t.sin}})})),define("consul-ui/helpers/singularize",["exports","ember-inflector/lib/helpers/singularize"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=n})),define("consul-ui/helpers/set",["exports","ember-set-helper/helpers/set"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/shuffle",["exports","ember-composable-helpers/helpers/shuffle"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"shuffle",{enumerable:!0,get:function(){return t.shuffle}})})),define("consul-ui/helpers/sign",["exports","ember-math-helpers/helpers/sign"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"sign",{enumerable:!0,get:function(){return t.sign}})})),define("consul-ui/helpers/sin",["exports","ember-math-helpers/helpers/sin"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"sin",{enumerable:!0,get:function(){return t.sin}})})),define("consul-ui/helpers/singularize",["exports","ember-inflector/lib/helpers/singularize"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=t.default e.default=n})),define("consul-ui/helpers/slice",["exports","ember-composable-helpers/helpers/slice"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/helpers/slugify",["exports","@ember/component/helper"],(function(e,t){function n(e,t){let[n=""]=e return n.replace(/ /g,"-").toLowerCase()}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0,e.slugify=n @@ -2070,8 +2076,8 @@ var a,u,s,c,d,p e.default=o})),define("consul-ui/helpers/string-char-at",["exports","ember-string-fns/helpers/string-char-at"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringCharAt",{enumerable:!0,get:function(){return t.stringCharAt}})})),define("consul-ui/helpers/string-char-code-at",["exports","ember-string-fns/helpers/string-char-code-at"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringCharCodeAt",{enumerable:!0,get:function(){return t.stringCharCodeAt}})})),define("consul-ui/helpers/string-code-point-at",["exports","ember-string-fns/helpers/string-code-point-at"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringCodePointAt",{enumerable:!0,get:function(){return t.stringCodePointAt}})})),define("consul-ui/helpers/string-concat",["exports","ember-string-fns/helpers/string-concat"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringConcat",{enumerable:!0,get:function(){return t.stringConcat}})})),define("consul-ui/helpers/string-ends-with",["exports","ember-string-fns/helpers/string-ends-with"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringEndsWith",{enumerable:!0,get:function(){return t.stringEndsWith}})})),define("consul-ui/helpers/string-equals",["exports","ember-string-fns/helpers/string-equals"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringEquals",{enumerable:!0,get:function(){return t.stringEquals}})})),define("consul-ui/helpers/string-from-char-code",["exports","ember-string-fns/helpers/string-from-char-code"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringFromCharCode",{enumerable:!0,get:function(){return t.stringFromCharCode}})})),define("consul-ui/helpers/string-from-code-point",["exports","ember-string-fns/helpers/string-from-code-point"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringFromCodePoint",{enumerable:!0,get:function(){return t.stringFromCodePoint}})})),define("consul-ui/helpers/string-html-safe",["exports","@ember/component/helper","@ember/string"],(function(e,t,n){function l(e){let[t=""]=e return(0,n.htmlSafe)(t)}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0,e.stringHtmlSafe=l var r=(0,t.helper)(l) -e.default=r})),define("consul-ui/helpers/string-includes",["exports","ember-string-fns/helpers/string-includes"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringIncludes",{enumerable:!0,get:function(){return t.stringIncludes}})})),define("consul-ui/helpers/string-index-of",["exports","ember-string-fns/helpers/string-index-of"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringIndexOf",{enumerable:!0,get:function(){return t.stringIndexOf}})})),define("consul-ui/helpers/string-last-index-of",["exports","ember-string-fns/helpers/string-last-index-of"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringLastIndexOf",{enumerable:!0,get:function(){return t.stringLastIndexOf}})})),define("consul-ui/helpers/string-not-equals",["exports","ember-string-fns/helpers/string-not-equals"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringNotEquals",{enumerable:!0,get:function(){return t.stringNotEquals}})})),define("consul-ui/helpers/string-pad-end",["exports","ember-string-fns/helpers/string-pad-end"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringPadEnd",{enumerable:!0,get:function(){return t.stringPadEnd}})})),define("consul-ui/helpers/string-pad-start",["exports","ember-string-fns/helpers/string-pad-start"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringPadStart",{enumerable:!0,get:function(){return t.stringPadStart}})})),define("consul-ui/helpers/string-repeat",["exports","ember-string-fns/helpers/string-repeat"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringRepeat",{enumerable:!0,get:function(){return t.stringRepeat}})})),define("consul-ui/helpers/string-replace-all",["exports","ember-string-fns/helpers/string-replace-all"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringReplaceAll",{enumerable:!0,get:function(){return t.stringReplaceAll}})})) -define("consul-ui/helpers/string-replace",["exports","ember-string-fns/helpers/string-replace"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringReplace",{enumerable:!0,get:function(){return t.stringReplace}})})),define("consul-ui/helpers/string-slice",["exports","ember-string-fns/helpers/string-slice"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringSlice",{enumerable:!0,get:function(){return t.stringSlice}})})),define("consul-ui/helpers/string-split",["exports","ember-string-fns/helpers/string-split"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringSplit",{enumerable:!0,get:function(){return t.stringSplit}})})),define("consul-ui/helpers/string-starts-with",["exports","ember-string-fns/helpers/string-starts-with"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringStartsWith",{enumerable:!0,get:function(){return t.stringStartsWith}})})),define("consul-ui/helpers/string-substring",["exports","ember-string-fns/helpers/string-substring"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringSubstring",{enumerable:!0,get:function(){return t.stringSubstring}})})),define("consul-ui/helpers/string-to-camel-case",["exports","ember-string-fns/helpers/string-to-camel-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToCamelCase",{enumerable:!0,get:function(){return t.stringToCamelCase}})})),define("consul-ui/helpers/string-to-kebab-case",["exports","ember-string-fns/helpers/string-to-kebab-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToKebabCase",{enumerable:!0,get:function(){return t.stringToKebabCase}})})),define("consul-ui/helpers/string-to-lower-case",["exports","ember-string-fns/helpers/string-to-lower-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToLowerCase",{enumerable:!0,get:function(){return t.stringToLowerCase}})})),define("consul-ui/helpers/string-to-pascal-case",["exports","ember-string-fns/helpers/string-to-pascal-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToPascalCase",{enumerable:!0,get:function(){return t.stringToPascalCase}})})),define("consul-ui/helpers/string-to-sentence-case",["exports","ember-string-fns/helpers/string-to-sentence-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToSentenceCase",{enumerable:!0,get:function(){return t.stringToSentenceCase}})})),define("consul-ui/helpers/string-to-snake-case",["exports","ember-string-fns/helpers/string-to-snake-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToSnakeCase",{enumerable:!0,get:function(){return t.stringToSnakeCase}})})),define("consul-ui/helpers/string-to-title-case",["exports","ember-string-fns/helpers/string-to-title-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToTitleCase",{enumerable:!0,get:function(){return t.stringToTitleCase}})})),define("consul-ui/helpers/string-to-upper-case",["exports","ember-string-fns/helpers/string-to-upper-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToUpperCase",{enumerable:!0,get:function(){return t.stringToUpperCase}})})),define("consul-ui/helpers/string-trim-end",["exports","ember-string-fns/helpers/string-trim-end"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringTrimEnd",{enumerable:!0,get:function(){return t.stringTrimEnd}})})),define("consul-ui/helpers/string-trim-start",["exports","ember-string-fns/helpers/string-trim-start"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringTrimStart",{enumerable:!0,get:function(){return t.stringTrimStart}})})),define("consul-ui/helpers/string-trim",["exports","ember-string-fns/helpers/string-trim"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringTrim",{enumerable:!0,get:function(){return t.stringTrim}})})),define("consul-ui/helpers/style-map",["exports","@ember/component/helper"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=r})),define("consul-ui/helpers/string-includes",["exports","ember-string-fns/helpers/string-includes"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringIncludes",{enumerable:!0,get:function(){return t.stringIncludes}})})),define("consul-ui/helpers/string-index-of",["exports","ember-string-fns/helpers/string-index-of"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringIndexOf",{enumerable:!0,get:function(){return t.stringIndexOf}})})),define("consul-ui/helpers/string-last-index-of",["exports","ember-string-fns/helpers/string-last-index-of"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringLastIndexOf",{enumerable:!0,get:function(){return t.stringLastIndexOf}})})),define("consul-ui/helpers/string-not-equals",["exports","ember-string-fns/helpers/string-not-equals"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringNotEquals",{enumerable:!0,get:function(){return t.stringNotEquals}})})),define("consul-ui/helpers/string-pad-end",["exports","ember-string-fns/helpers/string-pad-end"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringPadEnd",{enumerable:!0,get:function(){return t.stringPadEnd}})})),define("consul-ui/helpers/string-pad-start",["exports","ember-string-fns/helpers/string-pad-start"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringPadStart",{enumerable:!0,get:function(){return t.stringPadStart}})})) +define("consul-ui/helpers/string-repeat",["exports","ember-string-fns/helpers/string-repeat"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringRepeat",{enumerable:!0,get:function(){return t.stringRepeat}})})),define("consul-ui/helpers/string-replace-all",["exports","ember-string-fns/helpers/string-replace-all"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringReplaceAll",{enumerable:!0,get:function(){return t.stringReplaceAll}})})),define("consul-ui/helpers/string-replace",["exports","ember-string-fns/helpers/string-replace"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringReplace",{enumerable:!0,get:function(){return t.stringReplace}})})),define("consul-ui/helpers/string-slice",["exports","ember-string-fns/helpers/string-slice"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringSlice",{enumerable:!0,get:function(){return t.stringSlice}})})),define("consul-ui/helpers/string-split",["exports","ember-string-fns/helpers/string-split"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringSplit",{enumerable:!0,get:function(){return t.stringSplit}})})),define("consul-ui/helpers/string-starts-with",["exports","ember-string-fns/helpers/string-starts-with"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringStartsWith",{enumerable:!0,get:function(){return t.stringStartsWith}})})),define("consul-ui/helpers/string-substring",["exports","ember-string-fns/helpers/string-substring"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringSubstring",{enumerable:!0,get:function(){return t.stringSubstring}})})),define("consul-ui/helpers/string-to-camel-case",["exports","ember-string-fns/helpers/string-to-camel-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToCamelCase",{enumerable:!0,get:function(){return t.stringToCamelCase}})})),define("consul-ui/helpers/string-to-kebab-case",["exports","ember-string-fns/helpers/string-to-kebab-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToKebabCase",{enumerable:!0,get:function(){return t.stringToKebabCase}})})),define("consul-ui/helpers/string-to-lower-case",["exports","ember-string-fns/helpers/string-to-lower-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToLowerCase",{enumerable:!0,get:function(){return t.stringToLowerCase}})})),define("consul-ui/helpers/string-to-pascal-case",["exports","ember-string-fns/helpers/string-to-pascal-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToPascalCase",{enumerable:!0,get:function(){return t.stringToPascalCase}})})),define("consul-ui/helpers/string-to-sentence-case",["exports","ember-string-fns/helpers/string-to-sentence-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToSentenceCase",{enumerable:!0,get:function(){return t.stringToSentenceCase}})})),define("consul-ui/helpers/string-to-snake-case",["exports","ember-string-fns/helpers/string-to-snake-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToSnakeCase",{enumerable:!0,get:function(){return t.stringToSnakeCase}})})),define("consul-ui/helpers/string-to-title-case",["exports","ember-string-fns/helpers/string-to-title-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToTitleCase",{enumerable:!0,get:function(){return t.stringToTitleCase}})})),define("consul-ui/helpers/string-to-upper-case",["exports","ember-string-fns/helpers/string-to-upper-case"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringToUpperCase",{enumerable:!0,get:function(){return t.stringToUpperCase}})})),define("consul-ui/helpers/string-trim-end",["exports","ember-string-fns/helpers/string-trim-end"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringTrimEnd",{enumerable:!0,get:function(){return t.stringTrimEnd}})})),define("consul-ui/helpers/string-trim-start",["exports","ember-string-fns/helpers/string-trim-start"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringTrimStart",{enumerable:!0,get:function(){return t.stringTrimStart}})})),define("consul-ui/helpers/string-trim",["exports","ember-string-fns/helpers/string-trim"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"stringTrim",{enumerable:!0,get:function(){return t.stringTrim}})})),define("consul-ui/helpers/style-map",["exports","@ember/component/helper"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.helper)((function(e){const t=e.reduce(((e,t)=>{let[n,l,r=""]=t return null==l?e:`${e}${n}:${l.toString()}${r};`}),"") return t.length>0?t:void 0})) @@ -2096,11 +2102,11 @@ Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 let o=(l=(0,n.inject)("temporal"),r=class extends t.default{constructor(){var e,t,n,l super(...arguments),e=this,t="temporal",l=this,(n=i)&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}compute(e,t){return this.temporal.within(e,t)}},a=r.prototype,u="temporal",s=[l],c={configurable:!0,enumerable:!0,writable:!0,initializer:null},p={},Object.keys(c).forEach((function(e){p[e]=c[e]})),p.enumerable=!!p.enumerable,p.configurable=!!p.configurable,("value"in p||p.initializer)&&(p.writable=!0),p=s.slice().reverse().reduce((function(e,t){return t(a,u,e)||e}),p),d&&void 0!==p.initializer&&(p.value=p.initializer?p.initializer.call(d):void 0,p.initializer=void 0),void 0===p.initializer&&(Object.defineProperty(a,u,p),p=null),i=p,r) var a,u,s,c,d,p -e.default=o})),define("consul-ui/helpers/test",["exports","consul-ui/helpers/can","consul-ui/helpers/is"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=o})) +define("consul-ui/helpers/test",["exports","consul-ui/helpers/can","consul-ui/helpers/is"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 class l extends t.default{compute(e,t){let[l,r]=e switch(!0){case l.startsWith("can "):return super.compute([l.substr(4),r],t) -case l.startsWith("is "):return(0,n.is)(this,[l.substr(3),r],t)}throw new Error(`${l} is not supported by the 'test' helper.`)}}e.default=l})),define("consul-ui/helpers/titleize",["exports","ember-cli-string-helpers/helpers/titleize"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"titleize",{enumerable:!0,get:function(){return t.titleize}})})) -define("consul-ui/helpers/to-hash",["exports","@ember/component/helper","@ember/object"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +case l.startsWith("is "):return(0,n.is)(this,[l.substr(3),r],t)}throw new Error(`${l} is not supported by the 'test' helper.`)}}e.default=l})),define("consul-ui/helpers/titleize",["exports","ember-cli-string-helpers/helpers/titleize"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"titleize",{enumerable:!0,get:function(){return t.titleize}})})),define("consul-ui/helpers/to-hash",["exports","@ember/component/helper","@ember/object"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var l=(0,t.helper)(((e,t)=>{let[l=[],r]=e return Array.isArray(l)||(l=l.toArray()),l.reduce(((e,t,l)=>(e[(0,n.get)(t,r)]=t,e)),{})})) e.default=l})),define("consul-ui/helpers/to-route",["exports","@ember/component/helper","@ember/service"],(function(e,t,n){var l,r,i,o,a @@ -2163,12 +2169,12 @@ e.default=l})),define("consul-ui/initializers/initialize-torii-session",["export var l={name:"torii-session",after:"torii",initialize(e){arguments[1]&&(e=arguments[1]) const l=(0,n.getConfiguration)() l.sessionServiceName&&(0,t.default)(e,l.sessionServiceName)}} -e.default=l})),define("consul-ui/initializers/initialize-torii",["exports","torii/bootstrap/torii","torii/configuration","consul-ui/config/environment"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=l})) +define("consul-ui/initializers/initialize-torii",["exports","torii/bootstrap/torii","torii/configuration","consul-ui/config/environment"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var r={name:"torii",initialize(e){arguments[1]&&(e=arguments[1]),(0,n.configure)(l.default.torii||{}),(0,t.default)(e)}},i=r e.default=i})),define("consul-ui/initializers/model-fragments",["exports","ember-data-model-fragments","ember-data-model-fragments/ext"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var l={name:"fragmentTransform",after:"ember-data",initialize(){}} -e.default=l})) -define("consul-ui/initializers/setup-ember-can",["exports","ember-can/initializers/setup-ember-can"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"initialize",{enumerable:!0,get:function(){return t.initialize}})})),define("consul-ui/instance-initializers/container",["exports","@ember/debug","require","deepmerge"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.services=e.default=void 0 +e.default=l})),define("consul-ui/initializers/setup-ember-can",["exports","ember-can/initializers/setup-ember-can"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}}),Object.defineProperty(e,"initialize",{enumerable:!0,get:function(){return t.initialize}})})),define("consul-ui/instance-initializers/container",["exports","@ember/debug","require","deepmerge"],(function(e,t,n,l){Object.defineProperty(e,"__esModule",{value:!0}),e.services=e.default=void 0 const r=document,i=l.default.all([...r.querySelectorAll("script[data-services]")].map((e=>JSON.parse(e.dataset.services)))) e.services=i var o={name:"container",initialize(e){(function(e,t){Object.entries(t).forEach((t=>{let[l,r]=t @@ -2253,7 +2259,7 @@ e.default=class{static create(){return new this(...arguments)}constructor(e,t,n) const l=this.doc.querySelector("base[href]") null!==l&&(this.baseURL=l.getAttribute("href"))}initState(){this.location=this.location||this.doc.defaultView.location,this.machine=this.machine||this.doc.defaultView.history,this.doc.defaultView.addEventListener("popstate",this.route) const e=this.machine.state,t=this.getURL(),n=this.formatURL(t) -e&&e.path===n?(this._previousPath=n,this._previousURL=t):this.dispatch("replace",n)}getURLFrom(e){return e=e||this.location.pathname,this.rootURL=this.rootURL.replace(o,""),this.baseURL=this.baseURL.replace(o,""),e.replace(new RegExp(`^${this.baseURL}(?=/|$)`),"").replace(new RegExp(`^${this.rootURL}(?=/|$)`),"")}getURLForTransition(e){return this.optional={},e=this.getURLFrom(e).split("/").filter(((e,t)=>{if(t<3){let t=!1 +e&&e.path===n?(this._previousPath=n,this._previousURL=t):this.dispatch("replace",n)}getURLFrom(e){return e=e||this.location.pathname,this.rootURL=this.rootURL.replace(o,""),this.baseURL=this.baseURL.replace(o,""),e.replace(new RegExp(`^${this.baseURL}(?=/|$)`),"").replace(new RegExp(`^${this.rootURL}(?=/|$)`),"")}getURLForTransition(e){return this.optional={},e=this.getURLFrom(e).split("/").filter(((e,t)=>{if(t<4){let t=!1 return Object.entries(i).reduce(((n,l)=>{let[r,i]=l const o=i.exec(e) return null!==o&&(n[r]={value:e,match:o[1]},t=!0),n}),this.optional),!t}return!0})).join("/")}optionalParams(){let e=this.optional||{} @@ -2320,8 +2326,8 @@ function U(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,config return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=void 0 e.PRIMARY_KEY="uid" e.SLUG_KEY="Name" -let K=(i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("string"),u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)("string",{defaultValue:()=>""}),d=(0,t.attr)("string",{defaultValue:()=>""}),p=(0,t.attr)("string",{defaultValue:()=>"local"}),f=(0,t.attr)("string"),m=(0,t.attr)(),h=(0,n.or)("DisplayName","Name"),b=(0,t.attr)(),y=(0,t.attr)("string"),v=(0,t.attr)("number"),g=(0,t.attr)("number"),O=(0,t.attr)(),P=(0,t.attr)(),w=(0,r.computed)("MaxTokenTTL"),x=class extends t.default{constructor(){super(...arguments),U(this,"uid",j,this),U(this,"Name",_,this),U(this,"Datacenter",S,this),U(this,"Namespace",k,this),U(this,"Partition",N,this),U(this,"Description",C,this),U(this,"DisplayName",z,this),U(this,"TokenLocality",M,this),U(this,"Type",D,this),U(this,"NamespaceRules",T,this),U(this,"MethodName",E,this),U(this,"Config",L,this),U(this,"MaxTokenTTL",A,this),U(this,"CreateIndex",R,this),U(this,"ModifyIndex",I,this),U(this,"Datacenters",$,this),U(this,"meta",F,this)}get TokenTTL(){return(0,l.default)(this.MaxTokenTTL)}},j=B(x.prototype,"uid",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),_=B(x.prototype,"Name",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),S=B(x.prototype,"Datacenter",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),k=B(x.prototype,"Namespace",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),N=B(x.prototype,"Partition",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),C=B(x.prototype,"Description",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),z=B(x.prototype,"DisplayName",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),M=B(x.prototype,"TokenLocality",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),D=B(x.prototype,"Type",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),T=B(x.prototype,"NamespaceRules",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=B(x.prototype,"MethodName",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),L=B(x.prototype,"Config",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),A=B(x.prototype,"MaxTokenTTL",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),R=B(x.prototype,"CreateIndex",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),I=B(x.prototype,"ModifyIndex",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),$=B(x.prototype,"Datacenters",[O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),F=B(x.prototype,"meta",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),B(x.prototype,"TokenTTL",[w],Object.getOwnPropertyDescriptor(x.prototype,"TokenTTL"),x.prototype),x) -e.default=K})),define("consul-ui/models/binding-rule",["exports","@ember-data/model"],(function(e,t){var n,l,r,i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S +let q=(i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("string"),u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)("string",{defaultValue:()=>""}),d=(0,t.attr)("string",{defaultValue:()=>""}),p=(0,t.attr)("string",{defaultValue:()=>"local"}),f=(0,t.attr)("string"),m=(0,t.attr)(),h=(0,n.or)("DisplayName","Name"),b=(0,t.attr)(),y=(0,t.attr)("string"),v=(0,t.attr)("number"),g=(0,t.attr)("number"),O=(0,t.attr)(),P=(0,t.attr)(),w=(0,r.computed)("MaxTokenTTL"),x=class extends t.default{constructor(){super(...arguments),U(this,"uid",j,this),U(this,"Name",_,this),U(this,"Datacenter",S,this),U(this,"Namespace",k,this),U(this,"Partition",N,this),U(this,"Description",C,this),U(this,"DisplayName",z,this),U(this,"TokenLocality",M,this),U(this,"Type",D,this),U(this,"NamespaceRules",T,this),U(this,"MethodName",E,this),U(this,"Config",L,this),U(this,"MaxTokenTTL",A,this),U(this,"CreateIndex",R,this),U(this,"ModifyIndex",I,this),U(this,"Datacenters",$,this),U(this,"meta",F,this)}get TokenTTL(){return(0,l.default)(this.MaxTokenTTL)}},j=B(x.prototype,"uid",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),_=B(x.prototype,"Name",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),S=B(x.prototype,"Datacenter",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),k=B(x.prototype,"Namespace",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),N=B(x.prototype,"Partition",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),C=B(x.prototype,"Description",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),z=B(x.prototype,"DisplayName",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),M=B(x.prototype,"TokenLocality",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),D=B(x.prototype,"Type",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),T=B(x.prototype,"NamespaceRules",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=B(x.prototype,"MethodName",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),L=B(x.prototype,"Config",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),A=B(x.prototype,"MaxTokenTTL",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),R=B(x.prototype,"CreateIndex",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),I=B(x.prototype,"ModifyIndex",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),$=B(x.prototype,"Datacenters",[O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),F=B(x.prototype,"meta",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),B(x.prototype,"TokenTTL",[w],Object.getOwnPropertyDescriptor(x.prototype,"TokenTTL"),x.prototype),x) +e.default=q})),define("consul-ui/models/binding-rule",["exports","@ember-data/model"],(function(e,t){var n,l,r,i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S function k(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function N(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=void 0 e.PRIMARY_KEY="uid" @@ -2373,35 +2379,35 @@ return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumera const d={Action:{defaultValue:"allow",allowedValues:["allow","deny"]}} e.schema=d let p=(r=(0,l.attr)("string",{defaultValue:()=>d.Action.defaultValue}),i=(0,n.fragment)("intention-permission-http"),o=class extends t.default{constructor(){super(...arguments),s(this,"Action",a,this),s(this,"HTTP",u,this)}},a=c(o.prototype,"Action",[r],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),u=c(o.prototype,"HTTP",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),o) -e.default=p})),define("consul-ui/models/intention",["exports","@ember-data/model","@ember/object","ember-data-model-fragments/attributes","consul-ui/decorators/replace"],(function(e,t,n,l,r){var i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$,F,U,B,K,q,H,Y,G,V,W,Z,Q,J,X,ee,te,ne +e.default=p})) +define("consul-ui/models/intention",["exports","@ember-data/model","@ember/object","ember-data-model-fragments/attributes","consul-ui/decorators/replace"],(function(e,t,n,l,r){var i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$,F,U,B,q,K,H,Y,G,V,W,Z,Q,J,X,ee,te,ne function le(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function re(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=void 0 e.PRIMARY_KEY="uid" e.SLUG_KEY="ID" -let ie=(i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("string"),u=(0,t.attr)("string"),s=(0,r.default)("",void 0),c=(0,t.attr)("string"),d=(0,t.attr)("string",{defaultValue:()=>"*"}),p=(0,t.attr)("string",{defaultValue:()=>"*"}),f=(0,t.attr)("string",{defaultValue:()=>"default"}),m=(0,t.attr)("string",{defaultValue:()=>"default"}),h=(0,t.attr)("string",{defaultValue:()=>"default"}),b=(0,t.attr)("string",{defaultValue:()=>"default"}),y=(0,t.attr)("number"),v=(0,t.attr)("string",{defaultValue:()=>"consul"}),g=(0,r.nullValue)(void 0),O=(0,t.attr)("string"),P=(0,t.attr)("string"),w=(0,t.attr)("boolean",{defaultValue:()=>!0}),x=(0,t.attr)("number"),j=(0,t.attr)("date"),_=(0,t.attr)("date"),S=(0,t.attr)("number"),k=(0,t.attr)("number"),N=(0,t.attr)(),C=(0,t.attr)({defaultValue:()=>[]}),z=(0,l.fragmentArray)("intention-permission"),M=(0,n.computed)("Meta"),D=class extends t.default{constructor(){super(...arguments),le(this,"uid",T,this),le(this,"ID",E,this),le(this,"Datacenter",L,this),le(this,"Description",A,this),le(this,"SourcePeer",R,this),le(this,"SourceName",I,this),le(this,"DestinationName",$,this),le(this,"SourceNS",F,this),le(this,"DestinationNS",U,this),le(this,"SourcePartition",B,this),le(this,"DestinationPartition",K,this),le(this,"Precedence",q,this),le(this,"SourceType",H,this),le(this,"Action",Y,this),le(this,"LegacyID",G,this),le(this,"Legacy",V,this),le(this,"SyncTime",W,this),le(this,"CreatedAt",Z,this),le(this,"UpdatedAt",Q,this),le(this,"CreateIndex",J,this),le(this,"ModifyIndex",X,this),le(this,"Meta",ee,this),le(this,"Resources",te,this),le(this,"Permissions",ne,this)}get IsManagedByCRD(){return void 0!==Object.entries(this.Meta||{}).find((e=>{let[t,n]=e -return"external-source"===t&&"kubernetes"===n}))}},T=re(D.prototype,"uid",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=re(D.prototype,"ID",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),L=re(D.prototype,"Datacenter",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),A=re(D.prototype,"Description",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),R=re(D.prototype,"SourcePeer",[s,c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),I=re(D.prototype,"SourceName",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),$=re(D.prototype,"DestinationName",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),F=re(D.prototype,"SourceNS",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),U=re(D.prototype,"DestinationNS",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),B=re(D.prototype,"SourcePartition",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),K=re(D.prototype,"DestinationPartition",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),q=re(D.prototype,"Precedence",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),H=re(D.prototype,"SourceType",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Y=re(D.prototype,"Action",[g,O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),G=re(D.prototype,"LegacyID",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),V=re(D.prototype,"Legacy",[w],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),W=re(D.prototype,"SyncTime",[x],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Z=re(D.prototype,"CreatedAt",[j],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Q=re(D.prototype,"UpdatedAt",[_],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),J=re(D.prototype,"CreateIndex",[S],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),X=re(D.prototype,"ModifyIndex",[k],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ee=re(D.prototype,"Meta",[N],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),te=re(D.prototype,"Resources",[C],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ne=re(D.prototype,"Permissions",[z],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),re(D.prototype,"IsManagedByCRD",[M],Object.getOwnPropertyDescriptor(D.prototype,"IsManagedByCRD"),D.prototype),D) +let ie=(i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("string"),u=(0,t.attr)("string"),s=(0,r.default)("",void 0),c=(0,t.attr)("string"),d=(0,t.attr)("string",{defaultValue:()=>"*"}),p=(0,t.attr)("string",{defaultValue:()=>"*"}),f=(0,t.attr)("string",{defaultValue:()=>"default"}),m=(0,t.attr)("string",{defaultValue:()=>"default"}),h=(0,t.attr)("string",{defaultValue:()=>"default"}),b=(0,t.attr)("string",{defaultValue:()=>"default"}),y=(0,t.attr)("number"),v=(0,t.attr)("string",{defaultValue:()=>"consul"}),g=(0,r.nullValue)(void 0),O=(0,t.attr)("string"),P=(0,t.attr)("string"),w=(0,t.attr)("boolean",{defaultValue:()=>!0}),x=(0,t.attr)("number"),j=(0,t.attr)("date"),_=(0,t.attr)("date"),S=(0,t.attr)("number"),k=(0,t.attr)("number"),N=(0,t.attr)(),C=(0,t.attr)({defaultValue:()=>[]}),z=(0,l.fragmentArray)("intention-permission"),M=(0,n.computed)("Meta"),D=class extends t.default{constructor(){super(...arguments),le(this,"uid",T,this),le(this,"ID",E,this),le(this,"Datacenter",L,this),le(this,"Description",A,this),le(this,"SourcePeer",R,this),le(this,"SourceName",I,this),le(this,"DestinationName",$,this),le(this,"SourceNS",F,this),le(this,"DestinationNS",U,this),le(this,"SourcePartition",B,this),le(this,"DestinationPartition",q,this),le(this,"Precedence",K,this),le(this,"SourceType",H,this),le(this,"Action",Y,this),le(this,"LegacyID",G,this),le(this,"Legacy",V,this),le(this,"SyncTime",W,this),le(this,"CreatedAt",Z,this),le(this,"UpdatedAt",Q,this),le(this,"CreateIndex",J,this),le(this,"ModifyIndex",X,this),le(this,"Meta",ee,this),le(this,"Resources",te,this),le(this,"Permissions",ne,this)}get IsManagedByCRD(){return void 0!==Object.entries(this.Meta||{}).find((e=>{let[t,n]=e +return"external-source"===t&&"kubernetes"===n}))}},T=re(D.prototype,"uid",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=re(D.prototype,"ID",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),L=re(D.prototype,"Datacenter",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),A=re(D.prototype,"Description",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),R=re(D.prototype,"SourcePeer",[s,c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),I=re(D.prototype,"SourceName",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),$=re(D.prototype,"DestinationName",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),F=re(D.prototype,"SourceNS",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),U=re(D.prototype,"DestinationNS",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),B=re(D.prototype,"SourcePartition",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),q=re(D.prototype,"DestinationPartition",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),K=re(D.prototype,"Precedence",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),H=re(D.prototype,"SourceType",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Y=re(D.prototype,"Action",[g,O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),G=re(D.prototype,"LegacyID",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),V=re(D.prototype,"Legacy",[w],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),W=re(D.prototype,"SyncTime",[x],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Z=re(D.prototype,"CreatedAt",[j],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Q=re(D.prototype,"UpdatedAt",[_],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),J=re(D.prototype,"CreateIndex",[S],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),X=re(D.prototype,"ModifyIndex",[k],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ee=re(D.prototype,"Meta",[N],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),te=re(D.prototype,"Resources",[C],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ne=re(D.prototype,"Permissions",[z],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),re(D.prototype,"IsManagedByCRD",[M],Object.getOwnPropertyDescriptor(D.prototype,"IsManagedByCRD"),D.prototype),D) e.default=ie})),define("consul-ui/models/kv",["exports","@ember-data/model","@ember/object","consul-ui/utils/isFolder","consul-ui/decorators/replace"],(function(e,t,n,l,r){var i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A function R(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function I(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=void 0 e.PRIMARY_KEY="uid" e.SLUG_KEY="Key" let $=(i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("number"),u=(0,t.attr)(),s=(0,t.attr)("string"),c=(0,t.attr)("string"),d=(0,t.attr)("string"),p=(0,t.attr)("number"),f=(0,t.attr)("number"),m=(0,r.nullValue)(void 0),h=(0,t.attr)("string"),b=(0,t.attr)("number"),y=(0,t.attr)("number"),v=(0,t.attr)("string"),g=(0,t.attr)({defaultValue:()=>[]}),O=(0,n.computed)("isFolder"),P=(0,n.computed)("Key"),w=class extends t.default{constructor(){super(...arguments),R(this,"uid",x,this),R(this,"Key",j,this),R(this,"SyncTime",_,this),R(this,"meta",S,this),R(this,"Datacenter",k,this),R(this,"Namespace",N,this),R(this,"Partition",C,this),R(this,"LockIndex",z,this),R(this,"Flags",M,this),R(this,"Value",D,this),R(this,"CreateIndex",T,this),R(this,"ModifyIndex",E,this),R(this,"Session",L,this),R(this,"Resources",A,this)}get Kind(){return this.isFolder?"folder":"key"}get isFolder(){return(0,l.default)(this.Key||"")}},x=I(w.prototype,"uid",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),j=I(w.prototype,"Key",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),_=I(w.prototype,"SyncTime",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),S=I(w.prototype,"meta",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),k=I(w.prototype,"Datacenter",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),N=I(w.prototype,"Namespace",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),C=I(w.prototype,"Partition",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),z=I(w.prototype,"LockIndex",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),M=I(w.prototype,"Flags",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),D=I(w.prototype,"Value",[m,h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),T=I(w.prototype,"CreateIndex",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=I(w.prototype,"ModifyIndex",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),L=I(w.prototype,"Session",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),A=I(w.prototype,"Resources",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),I(w.prototype,"Kind",[O],Object.getOwnPropertyDescriptor(w.prototype,"Kind"),w.prototype),I(w.prototype,"isFolder",[P],Object.getOwnPropertyDescriptor(w.prototype,"isFolder"),w.prototype),w) -e.default=$})) -define("consul-ui/models/license",["exports","@ember-data/model"],(function(e,t){var n,l,r,i,o,a,u,s,c,d,p,f,m,h,b,y,v +e.default=$})),define("consul-ui/models/license",["exports","@ember-data/model"],(function(e,t){var n,l,r,i,o,a,u,s,c,d,p,f,m,h,b,y,v function g(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function O(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.PRIMARY_KEY=void 0 e.PRIMARY_KEY="uri" let P=(n=(0,t.attr)("string"),l=(0,t.attr)("boolean"),r=(0,t.attr)("number"),i=(0,t.attr)(),o=(0,t.attr)("string"),a=(0,t.attr)("string"),u=(0,t.attr)("string"),s=(0,t.attr)(),c=class extends t.default{constructor(){super(...arguments),g(this,"uri",d,this),g(this,"Valid",p,this),g(this,"SyncTime",f,this),g(this,"meta",m,this),g(this,"Datacenter",h,this),g(this,"Namespace",b,this),g(this,"Partition",y,this),g(this,"License",v,this)}},d=O(c.prototype,"uri",[n],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),p=O(c.prototype,"Valid",[l],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),f=O(c.prototype,"SyncTime",[r],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),m=O(c.prototype,"meta",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),h=O(c.prototype,"Datacenter",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),b=O(c.prototype,"Namespace",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),y=O(c.prototype,"Partition",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),v=O(c.prototype,"License",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),c) -e.default=P})),define("consul-ui/models/node",["exports","@ember-data/model","@ember/object","@ember/object/computed","ember-data-model-fragments/attributes"],(function(e,t,n,l,r){var i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$,F,U,B,K,q,H,Y,G,V +e.default=P})),define("consul-ui/models/node",["exports","@ember-data/model","@ember/object","@ember/object/computed","ember-data-model-fragments/attributes"],(function(e,t,n,l,r){var i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$,F,U,B,q,K,H,Y,G,V function W(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function Z(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=void 0 e.PRIMARY_KEY="uid" e.SLUG_KEY="ID" -let Q=(i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("string"),u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)("string"),d=(0,t.attr)("string"),p=(0,t.attr)("number"),f=(0,t.attr)("number"),m=(0,t.attr)("number"),h=(0,t.attr)(),b=(0,t.attr)(),y=(0,t.attr)(),v=(0,t.attr)({defaultValue:()=>[]}),g=(0,t.hasMany)("service-instance"),O=(0,r.fragmentArray)("health-check"),P=(0,l.filter)("Services",(e=>"connect-proxy"!==e.Service.Kind)),w=(0,l.filter)("Services",(e=>"connect-proxy"===e.Service.Kind)),x=(0,l.filter)("Checks",(e=>""===e.ServiceID)),j=(0,n.computed)("ChecksCritical","ChecksPassing","ChecksWarning"),_=(0,n.computed)("NodeChecks.[]"),S=(0,n.computed)("NodeChecks.[]"),k=(0,n.computed)("NodeChecks.[]"),N=(0,n.computed)("Meta"),C=class extends t.default{constructor(){super(...arguments),W(this,"uid",z,this),W(this,"ID",M,this),W(this,"Datacenter",D,this),W(this,"PeerName",T,this),W(this,"Partition",E,this),W(this,"Address",L,this),W(this,"Node",A,this),W(this,"SyncTime",R,this),W(this,"CreateIndex",I,this),W(this,"ModifyIndex",$,this),W(this,"meta",F,this),W(this,"Meta",U,this),W(this,"TaggedAddresses",B,this),W(this,"Resources",K,this),W(this,"Services",q,this),W(this,"Checks",H,this),W(this,"MeshServiceInstances",Y,this),W(this,"ProxyServiceInstances",G,this),W(this,"NodeChecks",V,this)}get Status(){switch(!0){case 0!==this.ChecksCritical:return"critical" +let Q=(i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("string"),u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)("string"),d=(0,t.attr)("string"),p=(0,t.attr)("number"),f=(0,t.attr)("number"),m=(0,t.attr)("number"),h=(0,t.attr)(),b=(0,t.attr)(),y=(0,t.attr)(),v=(0,t.attr)({defaultValue:()=>[]}),g=(0,t.hasMany)("service-instance"),O=(0,r.fragmentArray)("health-check"),P=(0,l.filter)("Services",(e=>"connect-proxy"!==e.Service.Kind)),w=(0,l.filter)("Services",(e=>"connect-proxy"===e.Service.Kind)),x=(0,l.filter)("Checks",(e=>""===e.ServiceID)),j=(0,n.computed)("ChecksCritical","ChecksPassing","ChecksWarning"),_=(0,n.computed)("NodeChecks.[]"),S=(0,n.computed)("NodeChecks.[]"),k=(0,n.computed)("NodeChecks.[]"),N=(0,n.computed)("Meta"),C=class extends t.default{constructor(){super(...arguments),W(this,"uid",z,this),W(this,"ID",M,this),W(this,"Datacenter",D,this),W(this,"PeerName",T,this),W(this,"Partition",E,this),W(this,"Address",L,this),W(this,"Node",A,this),W(this,"SyncTime",R,this),W(this,"CreateIndex",I,this),W(this,"ModifyIndex",$,this),W(this,"meta",F,this),W(this,"Meta",U,this),W(this,"TaggedAddresses",B,this),W(this,"Resources",q,this),W(this,"Services",K,this),W(this,"Checks",H,this),W(this,"MeshServiceInstances",Y,this),W(this,"ProxyServiceInstances",G,this),W(this,"NodeChecks",V,this)}get Status(){switch(!0){case 0!==this.ChecksCritical:return"critical" case 0!==this.ChecksWarning:return"warning" case 0!==this.ChecksPassing:return"passing" default:return"empty"}}get ChecksCritical(){return this.NodeChecks.filter((e=>"critical"===e.Status)).length}get ChecksPassing(){return this.NodeChecks.filter((e=>"passing"===e.Status)).length}get ChecksWarning(){return this.NodeChecks.filter((e=>"warning"===e.Status)).length}get Version(){var e,t -return null!==(e=null===(t=this.Meta)||void 0===t?void 0:t["consul-version"])&&void 0!==e?e:""}},z=Z(C.prototype,"uid",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),M=Z(C.prototype,"ID",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),D=Z(C.prototype,"Datacenter",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),T=Z(C.prototype,"PeerName",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=Z(C.prototype,"Partition",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),L=Z(C.prototype,"Address",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),A=Z(C.prototype,"Node",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),R=Z(C.prototype,"SyncTime",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),I=Z(C.prototype,"CreateIndex",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),$=Z(C.prototype,"ModifyIndex",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),F=Z(C.prototype,"meta",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),U=Z(C.prototype,"Meta",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),B=Z(C.prototype,"TaggedAddresses",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),K=Z(C.prototype,"Resources",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),q=Z(C.prototype,"Services",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),H=Z(C.prototype,"Checks",[O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Y=Z(C.prototype,"MeshServiceInstances",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),G=Z(C.prototype,"ProxyServiceInstances",[w],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),V=Z(C.prototype,"NodeChecks",[x],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Z(C.prototype,"Status",[j],Object.getOwnPropertyDescriptor(C.prototype,"Status"),C.prototype),Z(C.prototype,"ChecksCritical",[_],Object.getOwnPropertyDescriptor(C.prototype,"ChecksCritical"),C.prototype),Z(C.prototype,"ChecksPassing",[S],Object.getOwnPropertyDescriptor(C.prototype,"ChecksPassing"),C.prototype),Z(C.prototype,"ChecksWarning",[k],Object.getOwnPropertyDescriptor(C.prototype,"ChecksWarning"),C.prototype),Z(C.prototype,"Version",[N],Object.getOwnPropertyDescriptor(C.prototype,"Version"),C.prototype),C) +return null!==(e=null===(t=this.Meta)||void 0===t?void 0:t["consul-version"])&&void 0!==e?e:""}},z=Z(C.prototype,"uid",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),M=Z(C.prototype,"ID",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),D=Z(C.prototype,"Datacenter",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),T=Z(C.prototype,"PeerName",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=Z(C.prototype,"Partition",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),L=Z(C.prototype,"Address",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),A=Z(C.prototype,"Node",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),R=Z(C.prototype,"SyncTime",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),I=Z(C.prototype,"CreateIndex",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),$=Z(C.prototype,"ModifyIndex",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),F=Z(C.prototype,"meta",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),U=Z(C.prototype,"Meta",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),B=Z(C.prototype,"TaggedAddresses",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),q=Z(C.prototype,"Resources",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),K=Z(C.prototype,"Services",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),H=Z(C.prototype,"Checks",[O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Y=Z(C.prototype,"MeshServiceInstances",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),G=Z(C.prototype,"ProxyServiceInstances",[w],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),V=Z(C.prototype,"NodeChecks",[x],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Z(C.prototype,"Status",[j],Object.getOwnPropertyDescriptor(C.prototype,"Status"),C.prototype),Z(C.prototype,"ChecksCritical",[_],Object.getOwnPropertyDescriptor(C.prototype,"ChecksCritical"),C.prototype),Z(C.prototype,"ChecksPassing",[S],Object.getOwnPropertyDescriptor(C.prototype,"ChecksPassing"),C.prototype),Z(C.prototype,"ChecksWarning",[k],Object.getOwnPropertyDescriptor(C.prototype,"ChecksWarning"),C.prototype),Z(C.prototype,"Version",[N],Object.getOwnPropertyDescriptor(C.prototype,"Version"),C.prototype),C) e.default=Q})),define("consul-ui/models/nspace",["exports","@ember-data/model"],(function(e,t){var n,l,r,i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w function x(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function j(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=e.NSPACE_KEY=void 0 @@ -2451,7 +2457,7 @@ return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumera e.PRIMARY_KEY="uid" e.SLUG_KEY="ID" let R=(n=(0,t.attr)("string"),l=(0,t.attr)("string"),r=(0,t.attr)("string"),i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("string",{defaultValue:()=>""}),u=(0,t.attr)("string",{defaultValue:()=>""}),s=(0,t.attr)({defaultValue:()=>[]}),c=(0,t.attr)({defaultValue:()=>[]}),d=(0,t.attr)({defaultValue:()=>[]}),p=(0,t.attr)("number"),f=(0,t.attr)("number"),m=(0,t.attr)("number"),h=(0,t.attr)("number"),b=(0,t.attr)(),y=(0,t.attr)("string"),v=class extends t.default{constructor(){super(...arguments),L(this,"uid",g,this),L(this,"ID",O,this),L(this,"Datacenter",P,this),L(this,"Namespace",w,this),L(this,"Partition",x,this),L(this,"Name",j,this),L(this,"Description",_,this),L(this,"Policies",S,this),L(this,"ServiceIdentities",k,this),L(this,"NodeIdentities",N,this),L(this,"SyncTime",C,this),L(this,"CreateIndex",z,this),L(this,"ModifyIndex",M,this),L(this,"CreateTime",D,this),L(this,"Datacenters",T,this),L(this,"Hash",E,this)}},g=A(v.prototype,"uid",[n],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),O=A(v.prototype,"ID",[l],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),P=A(v.prototype,"Datacenter",[r],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),w=A(v.prototype,"Namespace",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),x=A(v.prototype,"Partition",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),j=A(v.prototype,"Name",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),_=A(v.prototype,"Description",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),S=A(v.prototype,"Policies",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),k=A(v.prototype,"ServiceIdentities",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),N=A(v.prototype,"NodeIdentities",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),C=A(v.prototype,"SyncTime",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),z=A(v.prototype,"CreateIndex",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),M=A(v.prototype,"ModifyIndex",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),D=A(v.prototype,"CreateTime",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),T=A(v.prototype,"Datacenters",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=A(v.prototype,"Hash",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),v) -e.default=R})),define("consul-ui/models/service-instance",["exports","@ember-data/model","ember-data-model-fragments/attributes","@ember/object","@ember/object/computed","@glimmer/tracking"],(function(e,t,n,l,r,i){var o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$,F,U,B,K,q,H,Y,G,V,W,Z,Q,J,X,ee,te,ne,le +e.default=R})),define("consul-ui/models/service-instance",["exports","@ember-data/model","ember-data-model-fragments/attributes","@ember/object","@ember/object/computed","@glimmer/tracking"],(function(e,t,n,l,r,i){var o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$,F,U,B,q,K,H,Y,G,V,W,Z,Q,J,X,ee,te,ne,le function re(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function ie(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=e.Collection=void 0 e.PRIMARY_KEY="uid" @@ -2459,14 +2465,14 @@ e.SLUG_KEY="Node.Node,Service.ID" const oe=(a=ie((o=class{constructor(e){re(this,"items",a,this),this.items=e}get ExternalSources(){const e=this.items.reduce((function(e,t){return e.concat(t.ExternalSources||[])}),[]) return[...new Set(e)].filter(Boolean).sort()}}).prototype,"items",[i.tracked],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),o) e.Collection=oe -let ae=(u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)(),d=(0,t.attr)(),p=(0,t.attr)(),f=(0,n.fragmentArray)("health-check"),m=(0,t.attr)("number"),h=(0,t.attr)(),b=(0,t.attr)({defaultValue:()=>[]}),y=(0,r.alias)("Service.Service"),v=(0,r.or)("Service.{ID,Service}"),g=(0,r.or)("Service.Address","Node.Service"),O=(0,t.attr)("string"),P=(0,r.alias)("Service.Tags"),w=(0,r.alias)("Service.Meta"),x=(0,r.alias)("Service.Namespace"),j=(0,r.alias)("Service.Partition"),_=(0,r.filter)("Checks.@each.Kind",((e,t,n)=>"service"===e.Kind)),S=(0,r.filter)("Checks.@each.Kind",((e,t,n)=>"node"===e.Kind)),k=(0,l.computed)("Service.Meta"),N=(0,l.computed)("Service.Kind"),C=(0,l.computed)("Service.Kind"),z=(0,l.computed)("IsOrigin"),M=(0,l.computed)("ChecksPassing","ChecksWarning","ChecksCritical"),D=(0,l.computed)("Checks.[]"),T=(0,l.computed)("Checks.[]"),E=(0,l.computed)("Checks.[]"),L=(0,l.computed)("Checks.[]","ChecksPassing"),A=(0,l.computed)("Checks.[]","ChecksWarning"),R=(0,l.computed)("Checks.[]","ChecksCritical"),I=class extends t.default{constructor(){super(...arguments),re(this,"uid",$,this),re(this,"Datacenter",F,this),re(this,"Proxy",U,this),re(this,"Node",B,this),re(this,"Service",K,this),re(this,"Checks",q,this),re(this,"SyncTime",H,this),re(this,"meta",Y,this),re(this,"Resources",G,this),re(this,"Name",V,this),re(this,"ID",W,this),re(this,"Address",Z,this),re(this,"SocketPath",Q,this),re(this,"Tags",J,this),re(this,"Meta",X,this),re(this,"Namespace",ee,this),re(this,"Partition",te,this),re(this,"ServiceChecks",ne,this),re(this,"NodeChecks",le,this)}get ExternalSources(){const e=Object.entries(this.Service.Meta||{}).filter((e=>{let[t,n]=e +let ae=(u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)(),d=(0,t.attr)(),p=(0,t.attr)(),f=(0,n.fragmentArray)("health-check"),m=(0,t.attr)("number"),h=(0,t.attr)(),b=(0,t.attr)({defaultValue:()=>[]}),y=(0,r.alias)("Service.Service"),v=(0,r.or)("Service.{ID,Service}"),g=(0,r.or)("Service.Address","Node.Service"),O=(0,t.attr)("string"),P=(0,r.alias)("Service.Tags"),w=(0,r.alias)("Service.Meta"),x=(0,r.alias)("Service.Namespace"),j=(0,r.alias)("Service.Partition"),_=(0,r.filter)("Checks.@each.Kind",((e,t,n)=>"service"===e.Kind)),S=(0,r.filter)("Checks.@each.Kind",((e,t,n)=>"node"===e.Kind)),k=(0,l.computed)("Service.Meta"),N=(0,l.computed)("Service.Kind"),C=(0,l.computed)("Service.Kind"),z=(0,l.computed)("IsOrigin"),M=(0,l.computed)("ChecksPassing","ChecksWarning","ChecksCritical"),D=(0,l.computed)("Checks.[]"),T=(0,l.computed)("Checks.[]"),E=(0,l.computed)("Checks.[]"),L=(0,l.computed)("Checks.[]","ChecksPassing"),A=(0,l.computed)("Checks.[]","ChecksWarning"),R=(0,l.computed)("Checks.[]","ChecksCritical"),I=class extends t.default{constructor(){super(...arguments),re(this,"uid",$,this),re(this,"Datacenter",F,this),re(this,"Proxy",U,this),re(this,"Node",B,this),re(this,"Service",q,this),re(this,"Checks",K,this),re(this,"SyncTime",H,this),re(this,"meta",Y,this),re(this,"Resources",G,this),re(this,"Name",V,this),re(this,"ID",W,this),re(this,"Address",Z,this),re(this,"SocketPath",Q,this),re(this,"Tags",J,this),re(this,"Meta",X,this),re(this,"Namespace",ee,this),re(this,"Partition",te,this),re(this,"ServiceChecks",ne,this),re(this,"NodeChecks",le,this)}get ExternalSources(){const e=Object.entries(this.Service.Meta||{}).filter((e=>{let[t,n]=e return"external-source"===t})).map((e=>{let[t,n]=e return n})) return[...new Set(e)]}get IsProxy(){return["connect-proxy","mesh-gateway","ingress-gateway","terminating-gateway","api-gateway"].includes(this.Service.Kind)}get IsOrigin(){return!["connect-proxy","mesh-gateway"].includes(this.Service.Kind)}get IsMeshOrigin(){return this.IsOrigin&&!["terminating-gateway"].includes(this.Service.Kind)}get Status(){switch(!0){case 0!==this.ChecksCritical.length:return"critical" case 0!==this.ChecksWarning.length:return"warning" case 0!==this.ChecksPassing.length:return"passing" -default:return"empty"}}get ChecksPassing(){return this.Checks.filter((e=>"passing"===e.Status))}get ChecksWarning(){return this.Checks.filter((e=>"warning"===e.Status))}get ChecksCritical(){return this.Checks.filter((e=>"critical"===e.Status))}get PercentageChecksPassing(){return this.ChecksPassing.length/this.Checks.length*100}get PercentageChecksWarning(){return this.ChecksWarning.length/this.Checks.length*100}get PercentageChecksCritical(){return this.ChecksCritical.length/this.Checks.length*100}},$=ie(I.prototype,"uid",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),F=ie(I.prototype,"Datacenter",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),U=ie(I.prototype,"Proxy",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),B=ie(I.prototype,"Node",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),K=ie(I.prototype,"Service",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),q=ie(I.prototype,"Checks",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),H=ie(I.prototype,"SyncTime",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Y=ie(I.prototype,"meta",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),G=ie(I.prototype,"Resources",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),V=ie(I.prototype,"Name",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),W=ie(I.prototype,"ID",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Z=ie(I.prototype,"Address",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Q=ie(I.prototype,"SocketPath",[O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),J=ie(I.prototype,"Tags",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),X=ie(I.prototype,"Meta",[w],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ee=ie(I.prototype,"Namespace",[x],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),te=ie(I.prototype,"Partition",[j],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ne=ie(I.prototype,"ServiceChecks",[_],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),le=ie(I.prototype,"NodeChecks",[S],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ie(I.prototype,"ExternalSources",[k],Object.getOwnPropertyDescriptor(I.prototype,"ExternalSources"),I.prototype),ie(I.prototype,"IsProxy",[N],Object.getOwnPropertyDescriptor(I.prototype,"IsProxy"),I.prototype),ie(I.prototype,"IsOrigin",[C],Object.getOwnPropertyDescriptor(I.prototype,"IsOrigin"),I.prototype),ie(I.prototype,"IsMeshOrigin",[z],Object.getOwnPropertyDescriptor(I.prototype,"IsMeshOrigin"),I.prototype),ie(I.prototype,"Status",[M],Object.getOwnPropertyDescriptor(I.prototype,"Status"),I.prototype),ie(I.prototype,"ChecksPassing",[D],Object.getOwnPropertyDescriptor(I.prototype,"ChecksPassing"),I.prototype),ie(I.prototype,"ChecksWarning",[T],Object.getOwnPropertyDescriptor(I.prototype,"ChecksWarning"),I.prototype),ie(I.prototype,"ChecksCritical",[E],Object.getOwnPropertyDescriptor(I.prototype,"ChecksCritical"),I.prototype),ie(I.prototype,"PercentageChecksPassing",[L],Object.getOwnPropertyDescriptor(I.prototype,"PercentageChecksPassing"),I.prototype),ie(I.prototype,"PercentageChecksWarning",[A],Object.getOwnPropertyDescriptor(I.prototype,"PercentageChecksWarning"),I.prototype),ie(I.prototype,"PercentageChecksCritical",[R],Object.getOwnPropertyDescriptor(I.prototype,"PercentageChecksCritical"),I.prototype),I) -e.default=ae})),define("consul-ui/models/service",["exports","@ember-data/model","@ember/object","@glimmer/tracking","ember-data-model-fragments/attributes","consul-ui/decorators/replace"],(function(e,t,n,l,r,i){var o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$,F,U,B,K,q,H,Y,G,V,W,Z,Q,J,X,ee,te,ne,le,re,ie,oe,ae,ue,se,ce,de,pe,fe,me,he,be,ye,ve +default:return"empty"}}get ChecksPassing(){return this.Checks.filter((e=>"passing"===e.Status))}get ChecksWarning(){return this.Checks.filter((e=>"warning"===e.Status))}get ChecksCritical(){return this.Checks.filter((e=>"critical"===e.Status))}get PercentageChecksPassing(){return this.ChecksPassing.length/this.Checks.length*100}get PercentageChecksWarning(){return this.ChecksWarning.length/this.Checks.length*100}get PercentageChecksCritical(){return this.ChecksCritical.length/this.Checks.length*100}},$=ie(I.prototype,"uid",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),F=ie(I.prototype,"Datacenter",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),U=ie(I.prototype,"Proxy",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),B=ie(I.prototype,"Node",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),q=ie(I.prototype,"Service",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),K=ie(I.prototype,"Checks",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),H=ie(I.prototype,"SyncTime",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Y=ie(I.prototype,"meta",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),G=ie(I.prototype,"Resources",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),V=ie(I.prototype,"Name",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),W=ie(I.prototype,"ID",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Z=ie(I.prototype,"Address",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Q=ie(I.prototype,"SocketPath",[O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),J=ie(I.prototype,"Tags",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),X=ie(I.prototype,"Meta",[w],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ee=ie(I.prototype,"Namespace",[x],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),te=ie(I.prototype,"Partition",[j],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ne=ie(I.prototype,"ServiceChecks",[_],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),le=ie(I.prototype,"NodeChecks",[S],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ie(I.prototype,"ExternalSources",[k],Object.getOwnPropertyDescriptor(I.prototype,"ExternalSources"),I.prototype),ie(I.prototype,"IsProxy",[N],Object.getOwnPropertyDescriptor(I.prototype,"IsProxy"),I.prototype),ie(I.prototype,"IsOrigin",[C],Object.getOwnPropertyDescriptor(I.prototype,"IsOrigin"),I.prototype),ie(I.prototype,"IsMeshOrigin",[z],Object.getOwnPropertyDescriptor(I.prototype,"IsMeshOrigin"),I.prototype),ie(I.prototype,"Status",[M],Object.getOwnPropertyDescriptor(I.prototype,"Status"),I.prototype),ie(I.prototype,"ChecksPassing",[D],Object.getOwnPropertyDescriptor(I.prototype,"ChecksPassing"),I.prototype),ie(I.prototype,"ChecksWarning",[T],Object.getOwnPropertyDescriptor(I.prototype,"ChecksWarning"),I.prototype),ie(I.prototype,"ChecksCritical",[E],Object.getOwnPropertyDescriptor(I.prototype,"ChecksCritical"),I.prototype),ie(I.prototype,"PercentageChecksPassing",[L],Object.getOwnPropertyDescriptor(I.prototype,"PercentageChecksPassing"),I.prototype),ie(I.prototype,"PercentageChecksWarning",[A],Object.getOwnPropertyDescriptor(I.prototype,"PercentageChecksWarning"),I.prototype),ie(I.prototype,"PercentageChecksCritical",[R],Object.getOwnPropertyDescriptor(I.prototype,"PercentageChecksCritical"),I.prototype),I) +e.default=ae})),define("consul-ui/models/service",["exports","@ember-data/model","@ember/object","@glimmer/tracking","ember-data-model-fragments/attributes","consul-ui/decorators/replace"],(function(e,t,n,l,r,i){var o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$,F,U,B,q,K,H,Y,G,V,W,Z,Q,J,X,ee,te,ne,le,re,ie,oe,ae,ue,se,ce,de,pe,fe,me,he,be,ye,ve function ge(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function Oe(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=e.Collection=void 0 e.PRIMARY_KEY="uid" @@ -2474,7 +2480,7 @@ e.SLUG_KEY="Name,PeerName" const Pe=(a=Oe((o=class{constructor(e){ge(this,"items",a,this),this.items=e}get ExternalSources(){const e=this.items.reduce((function(e,t){return e.concat(t.ExternalSources||[])}),[]) return[...new Set(e)].filter(Boolean).sort()}get Partitions(){return[...new Set(this.items.map((e=>e.Partition)))].sort()}}).prototype,"items",[l.tracked],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),o) e.Collection=Pe -let we=(u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)("string"),d=(0,t.attr)("string"),p=(0,t.attr)("string"),f=(0,t.attr)("string"),m=(0,i.default)("",void 0),h=(0,t.attr)("string"),b=(0,t.attr)("number"),y=(0,t.attr)("number"),v=(0,t.attr)("number"),g=(0,t.attr)("number"),O=(0,t.attr)("boolean"),P=(0,t.attr)("boolean"),w=(0,t.attr)({defaultValue:()=>[]}),x=(0,t.attr)("number"),j=(0,t.attr)("number"),_=(0,t.attr)("number"),S=(0,i.nullValue)([]),k=(0,t.attr)({defaultValue:()=>[]}),N=(0,t.attr)(),C=(0,t.attr)(),z=(0,r.fragment)("gateway-config"),M=(0,i.nullValue)([]),D=(0,t.attr)(),T=(0,t.attr)(),E=(0,t.attr)(),L=(0,t.belongsTo)({async:!1}),A=(0,n.computed)("peer","InstanceCount"),R=(0,n.computed)("peer.State"),I=(0,n.computed)("ChecksPassing","ChecksWarning","ChecksCritical"),$=(0,n.computed)("MeshChecksPassing","MeshChecksWarning","MeshChecksCritical"),F=(0,n.computed)("ConnectedWithProxy","ConnectedWithGateway"),U=(0,n.computed)("MeshEnabled","Kind"),B=(0,n.computed)("MeshChecksPassing","MeshChecksWarning","MeshChecksCritical","isZeroCountButPeered","peerIsFailing"),K=(0,n.computed)("isZeroCountButPeered","peerIsFailing","MeshStatus"),q=(0,n.computed)("ChecksPassing","Proxy.ChecksPassing"),H=(0,n.computed)("ChecksWarning","Proxy.ChecksWarning"),Y=(0,n.computed)("ChecksCritical","Proxy.ChecksCritical"),G=class extends t.default{constructor(){super(...arguments),ge(this,"uid",V,this),ge(this,"Name",W,this),ge(this,"Datacenter",Z,this),ge(this,"Namespace",Q,this),ge(this,"Partition",J,this),ge(this,"Kind",X,this),ge(this,"PeerName",ee,this),ge(this,"ChecksPassing",te,this),ge(this,"ChecksCritical",ne,this),ge(this,"ChecksWarning",le,this),ge(this,"InstanceCount",re,this),ge(this,"ConnectedWithGateway",ie,this),ge(this,"ConnectedWithProxy",oe,this),ge(this,"Resources",ae,this),ge(this,"SyncTime",ue,this),ge(this,"CreateIndex",se,this),ge(this,"ModifyIndex",ce,this),ge(this,"Tags",de,this),ge(this,"Nodes",pe,this),ge(this,"Proxy",fe,this),ge(this,"GatewayConfig",me,this),ge(this,"ExternalSources",he,this),ge(this,"Meta",be,this),ge(this,"meta",ye,this),ge(this,"peer",ve,this)}get isZeroCountButPeered(){return this.peer&&0===this.InstanceCount}get peerIsFailing(){return this.peer&&"FAILING"===this.peer.State}get ChecksTotal(){return this.ChecksPassing+this.ChecksWarning+this.ChecksCritical}get MeshChecksTotal(){return this.MeshChecksPassing+this.MeshChecksWarning+this.MeshChecksCritical}get MeshEnabled(){return this.ConnectedWithProxy||this.ConnectedWithGateway}get InMesh(){return this.MeshEnabled||(this.Kind||"").length>0}get MeshStatus(){switch(!0){case this.isZeroCountButPeered:case this.peerIsFailing:return"unknown" +let we=(u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)("string"),d=(0,t.attr)("string"),p=(0,t.attr)("string"),f=(0,t.attr)("string"),m=(0,i.default)("",void 0),h=(0,t.attr)("string"),b=(0,t.attr)("number"),y=(0,t.attr)("number"),v=(0,t.attr)("number"),g=(0,t.attr)("number"),O=(0,t.attr)("boolean"),P=(0,t.attr)("boolean"),w=(0,t.attr)({defaultValue:()=>[]}),x=(0,t.attr)("number"),j=(0,t.attr)("number"),_=(0,t.attr)("number"),S=(0,i.nullValue)([]),k=(0,t.attr)({defaultValue:()=>[]}),N=(0,t.attr)(),C=(0,t.attr)(),z=(0,r.fragment)("gateway-config"),M=(0,i.nullValue)([]),D=(0,t.attr)(),T=(0,t.attr)(),E=(0,t.attr)(),L=(0,t.belongsTo)({async:!1}),A=(0,n.computed)("peer","InstanceCount"),R=(0,n.computed)("peer.State"),I=(0,n.computed)("ChecksPassing","ChecksWarning","ChecksCritical"),$=(0,n.computed)("MeshChecksPassing","MeshChecksWarning","MeshChecksCritical"),F=(0,n.computed)("ConnectedWithProxy","ConnectedWithGateway"),U=(0,n.computed)("MeshEnabled","Kind"),B=(0,n.computed)("MeshChecksPassing","MeshChecksWarning","MeshChecksCritical","isZeroCountButPeered","peerIsFailing"),q=(0,n.computed)("isZeroCountButPeered","peerIsFailing","MeshStatus"),K=(0,n.computed)("ChecksPassing","Proxy.ChecksPassing"),H=(0,n.computed)("ChecksWarning","Proxy.ChecksWarning"),Y=(0,n.computed)("ChecksCritical","Proxy.ChecksCritical"),G=class extends t.default{constructor(){super(...arguments),ge(this,"uid",V,this),ge(this,"Name",W,this),ge(this,"Datacenter",Z,this),ge(this,"Namespace",Q,this),ge(this,"Partition",J,this),ge(this,"Kind",X,this),ge(this,"PeerName",ee,this),ge(this,"ChecksPassing",te,this),ge(this,"ChecksCritical",ne,this),ge(this,"ChecksWarning",le,this),ge(this,"InstanceCount",re,this),ge(this,"ConnectedWithGateway",ie,this),ge(this,"ConnectedWithProxy",oe,this),ge(this,"Resources",ae,this),ge(this,"SyncTime",ue,this),ge(this,"CreateIndex",se,this),ge(this,"ModifyIndex",ce,this),ge(this,"Tags",de,this),ge(this,"Nodes",pe,this),ge(this,"Proxy",fe,this),ge(this,"GatewayConfig",me,this),ge(this,"ExternalSources",he,this),ge(this,"Meta",be,this),ge(this,"meta",ye,this),ge(this,"peer",ve,this)}get isZeroCountButPeered(){return this.peer&&0===this.InstanceCount}get peerIsFailing(){return this.peer&&"FAILING"===this.peer.State}get ChecksTotal(){return this.ChecksPassing+this.ChecksWarning+this.ChecksCritical}get MeshChecksTotal(){return this.MeshChecksPassing+this.MeshChecksWarning+this.MeshChecksCritical}get MeshEnabled(){return this.ConnectedWithProxy||this.ConnectedWithGateway}get InMesh(){return this.MeshEnabled||(this.Kind||"").length>0}get MeshStatus(){switch(!0){case this.isZeroCountButPeered:case this.peerIsFailing:return"unknown" case 0!==this.MeshChecksCritical:return"critical" case 0!==this.MeshChecksWarning:return"warning" case 0!==this.MeshChecksPassing:return"passing" @@ -2482,7 +2488,7 @@ default:return"empty"}}get healthTooltipText(){const{MeshStatus:e,isZeroCountBut return t?"This service currently has 0 instances. Check with the operator of its peer to make sure this is expected behavior.":n?"This peer is out of sync, so the current health statuses of its services are unknown.":"critical"===e?"At least one health check on one instance is failing.":"warning"===e?"At least one health check on one instance has a warning.":"passing"==e?"All health checks are passing.":"There are no health checks"}get MeshChecksPassing(){let e=0 return void 0!==this.Proxy&&(e=this.Proxy.ChecksPassing),this.ChecksPassing+e}get MeshChecksWarning(){let e=0 return void 0!==this.Proxy&&(e=this.Proxy.ChecksWarning),this.ChecksWarning+e}get MeshChecksCritical(){let e=0 -return void 0!==this.Proxy&&(e=this.Proxy.ChecksCritical),this.ChecksCritical+e}},V=Oe(G.prototype,"uid",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),W=Oe(G.prototype,"Name",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Z=Oe(G.prototype,"Datacenter",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Q=Oe(G.prototype,"Namespace",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),J=Oe(G.prototype,"Partition",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),X=Oe(G.prototype,"Kind",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ee=Oe(G.prototype,"PeerName",[m,h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),te=Oe(G.prototype,"ChecksPassing",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ne=Oe(G.prototype,"ChecksCritical",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),le=Oe(G.prototype,"ChecksWarning",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),re=Oe(G.prototype,"InstanceCount",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ie=Oe(G.prototype,"ConnectedWithGateway",[O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),oe=Oe(G.prototype,"ConnectedWithProxy",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ae=Oe(G.prototype,"Resources",[w],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ue=Oe(G.prototype,"SyncTime",[x],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),se=Oe(G.prototype,"CreateIndex",[j],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ce=Oe(G.prototype,"ModifyIndex",[_],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),de=Oe(G.prototype,"Tags",[S,k],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),pe=Oe(G.prototype,"Nodes",[N],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),fe=Oe(G.prototype,"Proxy",[C],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),me=Oe(G.prototype,"GatewayConfig",[z],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),he=Oe(G.prototype,"ExternalSources",[M,D],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),be=Oe(G.prototype,"Meta",[T],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ye=Oe(G.prototype,"meta",[E],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ve=Oe(G.prototype,"peer",[L],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Oe(G.prototype,"isZeroCountButPeered",[A],Object.getOwnPropertyDescriptor(G.prototype,"isZeroCountButPeered"),G.prototype),Oe(G.prototype,"peerIsFailing",[R],Object.getOwnPropertyDescriptor(G.prototype,"peerIsFailing"),G.prototype),Oe(G.prototype,"ChecksTotal",[I],Object.getOwnPropertyDescriptor(G.prototype,"ChecksTotal"),G.prototype),Oe(G.prototype,"MeshChecksTotal",[$],Object.getOwnPropertyDescriptor(G.prototype,"MeshChecksTotal"),G.prototype),Oe(G.prototype,"MeshEnabled",[F],Object.getOwnPropertyDescriptor(G.prototype,"MeshEnabled"),G.prototype),Oe(G.prototype,"InMesh",[U],Object.getOwnPropertyDescriptor(G.prototype,"InMesh"),G.prototype),Oe(G.prototype,"MeshStatus",[B],Object.getOwnPropertyDescriptor(G.prototype,"MeshStatus"),G.prototype),Oe(G.prototype,"healthTooltipText",[K],Object.getOwnPropertyDescriptor(G.prototype,"healthTooltipText"),G.prototype),Oe(G.prototype,"MeshChecksPassing",[q],Object.getOwnPropertyDescriptor(G.prototype,"MeshChecksPassing"),G.prototype),Oe(G.prototype,"MeshChecksWarning",[H],Object.getOwnPropertyDescriptor(G.prototype,"MeshChecksWarning"),G.prototype),Oe(G.prototype,"MeshChecksCritical",[Y],Object.getOwnPropertyDescriptor(G.prototype,"MeshChecksCritical"),G.prototype),G) +return void 0!==this.Proxy&&(e=this.Proxy.ChecksCritical),this.ChecksCritical+e}},V=Oe(G.prototype,"uid",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),W=Oe(G.prototype,"Name",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Z=Oe(G.prototype,"Datacenter",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Q=Oe(G.prototype,"Namespace",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),J=Oe(G.prototype,"Partition",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),X=Oe(G.prototype,"Kind",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ee=Oe(G.prototype,"PeerName",[m,h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),te=Oe(G.prototype,"ChecksPassing",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ne=Oe(G.prototype,"ChecksCritical",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),le=Oe(G.prototype,"ChecksWarning",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),re=Oe(G.prototype,"InstanceCount",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ie=Oe(G.prototype,"ConnectedWithGateway",[O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),oe=Oe(G.prototype,"ConnectedWithProxy",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ae=Oe(G.prototype,"Resources",[w],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ue=Oe(G.prototype,"SyncTime",[x],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),se=Oe(G.prototype,"CreateIndex",[j],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ce=Oe(G.prototype,"ModifyIndex",[_],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),de=Oe(G.prototype,"Tags",[S,k],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),pe=Oe(G.prototype,"Nodes",[N],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),fe=Oe(G.prototype,"Proxy",[C],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),me=Oe(G.prototype,"GatewayConfig",[z],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),he=Oe(G.prototype,"ExternalSources",[M,D],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),be=Oe(G.prototype,"Meta",[T],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ye=Oe(G.prototype,"meta",[E],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),ve=Oe(G.prototype,"peer",[L],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Oe(G.prototype,"isZeroCountButPeered",[A],Object.getOwnPropertyDescriptor(G.prototype,"isZeroCountButPeered"),G.prototype),Oe(G.prototype,"peerIsFailing",[R],Object.getOwnPropertyDescriptor(G.prototype,"peerIsFailing"),G.prototype),Oe(G.prototype,"ChecksTotal",[I],Object.getOwnPropertyDescriptor(G.prototype,"ChecksTotal"),G.prototype),Oe(G.prototype,"MeshChecksTotal",[$],Object.getOwnPropertyDescriptor(G.prototype,"MeshChecksTotal"),G.prototype),Oe(G.prototype,"MeshEnabled",[F],Object.getOwnPropertyDescriptor(G.prototype,"MeshEnabled"),G.prototype),Oe(G.prototype,"InMesh",[U],Object.getOwnPropertyDescriptor(G.prototype,"InMesh"),G.prototype),Oe(G.prototype,"MeshStatus",[B],Object.getOwnPropertyDescriptor(G.prototype,"MeshStatus"),G.prototype),Oe(G.prototype,"healthTooltipText",[q],Object.getOwnPropertyDescriptor(G.prototype,"healthTooltipText"),G.prototype),Oe(G.prototype,"MeshChecksPassing",[K],Object.getOwnPropertyDescriptor(G.prototype,"MeshChecksPassing"),G.prototype),Oe(G.prototype,"MeshChecksWarning",[H],Object.getOwnPropertyDescriptor(G.prototype,"MeshChecksWarning"),G.prototype),Oe(G.prototype,"MeshChecksCritical",[Y],Object.getOwnPropertyDescriptor(G.prototype,"MeshChecksCritical"),G.prototype),G) e.default=we})),define("consul-ui/models/session",["exports","@ember-data/model","@ember/object","consul-ui/decorators/replace"],(function(e,t,n,l){var r,i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$ function F(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function U(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=void 0 @@ -2490,12 +2496,12 @@ e.PRIMARY_KEY="uid" e.SLUG_KEY="ID" let B=(r=(0,t.attr)("string"),i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("string"),u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)("string"),d=(0,t.attr)("string"),p=(0,t.attr)("string"),f=(0,t.attr)("number"),m=(0,t.attr)("number"),h=(0,t.attr)("number"),b=(0,t.attr)("number"),y=(0,l.nullValue)([]),v=(0,t.attr)({defaultValue:()=>[]}),g=(0,l.nullValue)([]),O=(0,t.attr)({defaultValue:()=>[]}),P=(0,t.attr)({defaultValue:()=>[]}),w=(0,n.computed)("NodeChecks","ServiceChecks"),x=class extends t.default{constructor(){super(...arguments),F(this,"uid",j,this),F(this,"ID",_,this),F(this,"Name",S,this),F(this,"Datacenter",k,this),F(this,"Namespace",N,this),F(this,"Partition",C,this),F(this,"Node",z,this),F(this,"Behavior",M,this),F(this,"TTL",D,this),F(this,"LockDelay",T,this),F(this,"SyncTime",E,this),F(this,"CreateIndex",L,this),F(this,"ModifyIndex",A,this),F(this,"NodeChecks",R,this),F(this,"ServiceChecks",I,this),F(this,"Resources",$,this)}get checks(){return[...this.NodeChecks,...this.ServiceChecks.map((e=>{let{ID:t}=e return t}))]}},j=U(x.prototype,"uid",[r],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),_=U(x.prototype,"ID",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),S=U(x.prototype,"Name",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),k=U(x.prototype,"Datacenter",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),N=U(x.prototype,"Namespace",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),C=U(x.prototype,"Partition",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),z=U(x.prototype,"Node",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),M=U(x.prototype,"Behavior",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),D=U(x.prototype,"TTL",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),T=U(x.prototype,"LockDelay",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=U(x.prototype,"SyncTime",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),L=U(x.prototype,"CreateIndex",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),A=U(x.prototype,"ModifyIndex",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),R=U(x.prototype,"NodeChecks",[y,v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),I=U(x.prototype,"ServiceChecks",[g,O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),$=U(x.prototype,"Resources",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),U(x.prototype,"checks",[w],Object.getOwnPropertyDescriptor(x.prototype,"checks"),x.prototype),x) -e.default=B})),define("consul-ui/models/token",["exports","@ember-data/model","@ember/object","consul-ui/models/policy"],(function(e,t,n,l){var r,i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$,F,U,B,K,q,H,Y,G,V,W,Z +e.default=B})),define("consul-ui/models/token",["exports","@ember-data/model","@ember/object","consul-ui/models/policy"],(function(e,t,n,l){var r,i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z,M,D,T,E,L,A,R,I,$,F,U,B,q,K,H,Y,G,V,W,Z function Q(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function J(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=void 0 e.PRIMARY_KEY="uid" e.SLUG_KEY="AccessorID" -let X=(r=(0,t.attr)("string"),i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("string"),u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)("string"),d=(0,t.attr)("boolean"),p=(0,t.attr)("boolean"),f=(0,t.attr)("string",{defaultValue:()=>""}),m=(0,t.attr)(),h=(0,t.attr)({defaultValue:()=>[]}),b=(0,t.attr)({defaultValue:()=>[]}),y=(0,t.attr)({defaultValue:()=>[]}),v=(0,t.attr)({defaultValue:()=>[]}),g=(0,t.attr)("date"),O=(0,t.attr)("string"),P=(0,t.attr)("number"),w=(0,t.attr)("number"),x=(0,t.attr)("string"),j=(0,t.attr)("string",{defaultValue:()=>""}),_=(0,t.attr)("string"),S=(0,n.computed)("Policies.[]"),k=(0,n.computed)("SecretID"),N=class extends t.default{constructor(){super(...arguments),Q(this,"uid",C,this),Q(this,"AccessorID",z,this),Q(this,"Datacenter",M,this),Q(this,"Namespace",D,this),Q(this,"Partition",T,this),Q(this,"IDPName",E,this),Q(this,"SecretID",L,this),Q(this,"Legacy",A,this),Q(this,"Local",R,this),Q(this,"Description",I,this),Q(this,"meta",$,this),Q(this,"Policies",F,this),Q(this,"Roles",U,this),Q(this,"ServiceIdentities",B,this),Q(this,"NodeIdentities",K,this),Q(this,"CreateTime",q,this),Q(this,"Hash",H,this),Q(this,"CreateIndex",Y,this),Q(this,"ModifyIndex",G,this),Q(this,"Type",V,this),Q(this,"Name",W,this),Q(this,"Rules",Z,this)}get isGlobalManagement(){return(this.Policies||[]).find((e=>e.ID===l.MANAGEMENT_ID))}get hasSecretID(){return""!==this.SecretID&&""!==this.SecretID}},C=J(N.prototype,"uid",[r],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),z=J(N.prototype,"AccessorID",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),M=J(N.prototype,"Datacenter",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),D=J(N.prototype,"Namespace",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),T=J(N.prototype,"Partition",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=J(N.prototype,"IDPName",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),L=J(N.prototype,"SecretID",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),A=J(N.prototype,"Legacy",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),R=J(N.prototype,"Local",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),I=J(N.prototype,"Description",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),$=J(N.prototype,"meta",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),F=J(N.prototype,"Policies",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),U=J(N.prototype,"Roles",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),B=J(N.prototype,"ServiceIdentities",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),K=J(N.prototype,"NodeIdentities",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),q=J(N.prototype,"CreateTime",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),H=J(N.prototype,"Hash",[O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Y=J(N.prototype,"CreateIndex",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),G=J(N.prototype,"ModifyIndex",[w],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),V=J(N.prototype,"Type",[x],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),W=J(N.prototype,"Name",[j],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Z=J(N.prototype,"Rules",[_],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),J(N.prototype,"isGlobalManagement",[S],Object.getOwnPropertyDescriptor(N.prototype,"isGlobalManagement"),N.prototype),J(N.prototype,"hasSecretID",[k],Object.getOwnPropertyDescriptor(N.prototype,"hasSecretID"),N.prototype),N) +let X=(r=(0,t.attr)("string"),i=(0,t.attr)("string"),o=(0,t.attr)("string"),a=(0,t.attr)("string"),u=(0,t.attr)("string"),s=(0,t.attr)("string"),c=(0,t.attr)("string"),d=(0,t.attr)("boolean"),p=(0,t.attr)("boolean"),f=(0,t.attr)("string",{defaultValue:()=>""}),m=(0,t.attr)(),h=(0,t.attr)({defaultValue:()=>[]}),b=(0,t.attr)({defaultValue:()=>[]}),y=(0,t.attr)({defaultValue:()=>[]}),v=(0,t.attr)({defaultValue:()=>[]}),g=(0,t.attr)("date"),O=(0,t.attr)("string"),P=(0,t.attr)("number"),w=(0,t.attr)("number"),x=(0,t.attr)("string"),j=(0,t.attr)("string",{defaultValue:()=>""}),_=(0,t.attr)("string"),S=(0,n.computed)("Policies.[]"),k=(0,n.computed)("SecretID"),N=class extends t.default{constructor(){super(...arguments),Q(this,"uid",C,this),Q(this,"AccessorID",z,this),Q(this,"Datacenter",M,this),Q(this,"Namespace",D,this),Q(this,"Partition",T,this),Q(this,"IDPName",E,this),Q(this,"SecretID",L,this),Q(this,"Legacy",A,this),Q(this,"Local",R,this),Q(this,"Description",I,this),Q(this,"meta",$,this),Q(this,"Policies",F,this),Q(this,"Roles",U,this),Q(this,"ServiceIdentities",B,this),Q(this,"NodeIdentities",q,this),Q(this,"CreateTime",K,this),Q(this,"Hash",H,this),Q(this,"CreateIndex",Y,this),Q(this,"ModifyIndex",G,this),Q(this,"Type",V,this),Q(this,"Name",W,this),Q(this,"Rules",Z,this)}get isGlobalManagement(){return(this.Policies||[]).find((e=>e.ID===l.MANAGEMENT_ID))}get hasSecretID(){return""!==this.SecretID&&""!==this.SecretID}},C=J(N.prototype,"uid",[r],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),z=J(N.prototype,"AccessorID",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),M=J(N.prototype,"Datacenter",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),D=J(N.prototype,"Namespace",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),T=J(N.prototype,"Partition",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),E=J(N.prototype,"IDPName",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),L=J(N.prototype,"SecretID",[c],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),A=J(N.prototype,"Legacy",[d],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),R=J(N.prototype,"Local",[p],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),I=J(N.prototype,"Description",[f],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),$=J(N.prototype,"meta",[m],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),F=J(N.prototype,"Policies",[h],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),U=J(N.prototype,"Roles",[b],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),B=J(N.prototype,"ServiceIdentities",[y],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),q=J(N.prototype,"NodeIdentities",[v],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),K=J(N.prototype,"CreateTime",[g],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),H=J(N.prototype,"Hash",[O],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Y=J(N.prototype,"CreateIndex",[P],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),G=J(N.prototype,"ModifyIndex",[w],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),V=J(N.prototype,"Type",[x],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),W=J(N.prototype,"Name",[j],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),Z=J(N.prototype,"Rules",[_],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),J(N.prototype,"isGlobalManagement",[S],Object.getOwnPropertyDescriptor(N.prototype,"isGlobalManagement"),N.prototype),J(N.prototype,"hasSecretID",[k],Object.getOwnPropertyDescriptor(N.prototype,"hasSecretID"),N.prototype),N) e.default=X})),define("consul-ui/models/topology",["exports","@ember-data/model","@ember/object"],(function(e,t,n){var l,r,i,o,a,u,s,c,d,p,f,m,h,b,y,v,g,O,P,w,x,j,_,S,k,N,C,z function M(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function D(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=e.SLUG_KEY=e.PRIMARY_KEY=void 0 @@ -2558,15 +2564,15 @@ const r=function(e){for(var t=1;tr.after())).catch((e=>{if("TransitionAborted"!==e.name)throw e})).then((e=>{this.notify.add(r)})):this.notify.add(r),(0,l.registerDestructor)(this,s)}},d=i.prototype,p="notify",f=[r],m={configurable:!0,enumerable:!0,writable:!0,initializer:null},b={},Object.keys(m).forEach((function(e){b[e]=m[e]})),b.enumerable=!!b.enumerable,b.configurable=!!b.configurable,("value"in b||b.initializer)&&(b.writable=!0),b=f.slice().reverse().reduce((function(e,t){return t(d,p,e)||e}),b),h&&void 0!==b.initializer&&(b.value=b.initializer?b.initializer.call(h):void 0,b.initializer=void 0),void 0===b.initializer&&(Object.defineProperty(d,p,b),b=null),o=b,i) var d,p,f,m,h,b -e.default=c})),define("consul-ui/modifiers/on-key",["exports","ember-keyboard/modifiers/on-key.js"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/modifiers/on-outside",["exports","ember-modifier","@ember/object","@ember/service","@ember/destroyable"],(function(e,t,n,l,r){var i,o,a +e.default=c})),define("consul-ui/modifiers/on-key",["exports","ember-keyboard/modifiers/on-key.js"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) +define("consul-ui/modifiers/on-outside",["exports","ember-modifier","@ember/object","@ember/service","@ember/destroyable"],(function(e,t,n,l,r){var i,o,a function u(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}function s(e){var t e&&(null===(t=e.doc)||void 0===t||t.removeEventListener("click",e.listen))}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 let c=(i=(0,l.inject)("dom"),o=class extends t.default{constructor(e,t){var n,l,i,o super(e,t),n=this,l="dom",o=this,(i=a)&&Object.defineProperty(n,l,{enumerable:i.enumerable,configurable:i.configurable,writable:i.writable,value:i.initializer?i.initializer.call(o):void 0}),this.doc=this.dom.document(),(0,r.registerDestructor)(this,s)}async modify(e,t,n){s.call(this),this.params=t,this.options=n,this.element=e,await new Promise((e=>setTimeout(e,0))) try{this.doc.addEventListener(t[0],this.listen)}catch(l){}}listen(e){if(this.element&&this.dom.isOutside(this.element,e.target)){("function"==typeof this.params[1]?this.params[1]:e=>{}).apply(this.element,[e])}}},a=u(o.prototype,"dom",[i],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),u(o.prototype,"listen",[n.action],Object.getOwnPropertyDescriptor(o.prototype,"listen"),o.prototype),o) -e.default=c})),define("consul-ui/modifiers/on-resize",["exports","ember-on-resize-modifier/modifiers/on-resize"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})) -define("consul-ui/modifiers/style",["exports","ember-modifier","@ember/debug"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=c})),define("consul-ui/modifiers/on-resize",["exports","ember-on-resize-modifier/modifiers/on-resize"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.default}})})),define("consul-ui/modifiers/style",["exports","ember-modifier","@ember/debug"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 class l extends t.default{setStyles(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:[] const t=this._oldStyles||new Set Array.isArray(e)||(e=Object.entries(e)),e.forEach((e=>{let[n,l]=e,r="" @@ -2819,14 +2825,14 @@ return(0,l.hash)(function(e){for(var t=1;te.ID,Name:e=>e.Name}})),define("consul-ui/search/predicates/auth-method",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -e.default={Name:e=>e.Name,DisplayName:e=>e.DisplayName}})),define("consul-ui/search/predicates/health-check",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default={Name:e=>e.Name,DisplayName:e=>e.DisplayName}})) +define("consul-ui/search/predicates/health-check",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var t={Name:e=>e.Name,Node:e=>e.Node,Service:e=>e.ServiceName,CheckID:e=>e.CheckID||"",ID:e=>e.Service.ID||"",Notes:e=>e.Notes,Output:e=>e.Output,ServiceTags:e=>{return t=e.ServiceTags,Array.isArray(t)?t:t.toArray() var t}} e.default=t})),define("consul-ui/search/predicates/intention",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 const t="All Services (*)" var n={SourceName:e=>[e.SourceName,"*"===e.SourceName?t:void 0].filter(Boolean),DestinationName:e=>[e.DestinationName,"*"===e.DestinationName?t:void 0].filter(Boolean)} -e.default=n})) -define("consul-ui/search/predicates/kv",["exports","consul-ui/utils/right-trim"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=n})),define("consul-ui/search/predicates/kv",["exports","consul-ui/utils/right-trim"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n={Key:e=>(0,t.default)(e.Key.toLowerCase()).split("/").filter((e=>Boolean(e))).pop()} e.default=n})),define("consul-ui/search/predicates/node",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var t={Node:e=>e.Node,Address:e=>e.Address,PeerName:e=>e.PeerName,Meta:e=>Object.entries(e.Meta||{}).reduce(((e,t)=>e.concat(t)),[])} @@ -2962,7 +2968,8 @@ if(void 0!==n){var l=n.call(e,t||"default") if("object"!=typeof l)return l throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string") return"symbol"==typeof t?t:String(t)}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -class r extends t.default{constructor(){super(...arguments),l(this,"primaryKey",n.PRIMARY_KEY),l(this,"slugKey",n.SLUG_KEY),l(this,"attrs",{NodeName:"Node"})}}e.default=r})),define("consul-ui/serializers/role",["exports","consul-ui/serializers/application","consul-ui/models/role","consul-ui/mixins/policy/as-many"],(function(e,t,n,l){function r(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||null===e)return e +class r extends t.default{constructor(){super(...arguments),l(this,"primaryKey",n.PRIMARY_KEY),l(this,"slugKey",n.SLUG_KEY),l(this,"attrs",{NodeName:"Node"})}}e.default=r})) +define("consul-ui/serializers/role",["exports","consul-ui/serializers/application","consul-ui/models/role","consul-ui/mixins/policy/as-many"],(function(e,t,n,l){function r(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||null===e)return e var n=e[Symbol.toPrimitive] if(void 0!==n){var l=n.call(e,t||"default") if("object"!=typeof l)return l @@ -2984,8 +2991,7 @@ break case"critical":e.ChecksCritical.push(t)}return e}),{ChecksPassing:[],ChecksWarning:[],ChecksCritical:[]}),o=r(r({},i),{},{Service:t,Checks:l,Node:{Datacenter:e.Datacenter,Namespace:e.Namespace,Partition:e.Partition,ID:e.ID,Node:e.Node,Address:e.Address,TaggedAddresses:e.TaggedAddresses,Meta:e.Meta}}) return o.uid=this.extractUid(o),o}respondForQuery(e,t){return super.respondForQuery((n=>e(((e,l)=>{if(0===l.length){const e=new Error throw e.errors=[{status:"404",title:"Not found"}],e}return l.forEach((e=>{e.Datacenter=t.dc,e.Namespace=t.ns||"default",e.Partition=t.partition||"default",e.uid=this.extractUid(e)})),n(e,l)}))),t)}respondForQueryRecord(e,t){return super.respondForQueryRecord((n=>e(((e,l)=>{if(l.forEach((e=>{e.Datacenter=t.dc,e.Namespace=t.ns||"default",e.Partition=t.partition||"default",e.uid=this.extractUid(e)})),void 0===(l=l.find((function(e){return e.Node.Node===t.node&&e.Service.ID===t.serviceId})))){const e=new Error -throw e.errors=[{status:"404",title:"Not found"}],e}return l.Namespace=l.Service.Namespace,l.Partition=l.Service.Partition,n(e,l)}))),t)}}e.default=o})) -define("consul-ui/serializers/service",["exports","consul-ui/serializers/application","consul-ui/models/service","@ember/object","consul-ui/utils/http/consul"],(function(e,t,n,l,r){function i(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||null===e)return e +throw e.errors=[{status:"404",title:"Not found"}],e}return l.Namespace=l.Service.Namespace,l.Partition=l.Service.Partition,n(e,l)}))),t)}}e.default=o})),define("consul-ui/serializers/service",["exports","consul-ui/serializers/application","consul-ui/models/service","@ember/object","consul-ui/utils/http/consul"],(function(e,t,n,l,r){function i(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||null===e)return e var n=e[Symbol.toPrimitive] if(void 0!==n){var l=n.call(e,t||"default") if("object"!=typeof l)return l @@ -3181,7 +3187,8 @@ const n=this._listeners.add(l,{close:t=>{const l=t.target,r=l.getCurrentEvent(), void 0!==r&&void 0!==i&&t.errors&&"401"!==t.errors[0].status&&y.set(e,{currentEvent:r,cursor:i}),g.has(l)||v.delete(e),n()}}) v.set(e,l)}return(!g.has(l)||l.readyState>1||r)&&l.open(),g.set(l,t),l}close(e,t){e&&(g.remove(e,t),g.has(e)||(e.close(),2===e.readyState&&v.delete(e.configuration.uri)))}closed(){return[...v.entries()].filter((e=>{let[t,n]=e return n.readyState>1})).map((e=>e[0]))}},d=b(c.prototype,"dom",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),p=b(c.prototype,"encoder",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),f=b(c.prototype,"consul",[u],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),m=b(c.prototype,"settings",[s],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),c) -e.default=P})),define("consul-ui/services/data-structs",["exports","@ember/service","ngraph.graph"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=P})) +define("consul-ui/services/data-structs",["exports","@ember/service","ngraph.graph"],(function(e,t,n){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 class l extends t.default{graph(){return(0,n.default)()}}e.default=l})),define("consul-ui/services/dom",["exports","@ember/service","@ember/object/internals","consul-ui/utils/dom/qsa-factory","consul-ui/utils/dom/sibling","consul-ui/utils/dom/closest","consul-ui/utils/dom/is-outside","consul-ui/utils/dom/get-component-factory","consul-ui/utils/dom/normalize-event","consul-ui/utils/dom/create-listeners","consul-ui/utils/dom/click-first-anchor"],(function(e,t,n,l,r,i,o,a,u,s,c){var d,p,f function m(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||null===e)return e var n=e[Symbol.toPrimitive] @@ -3202,8 +3209,7 @@ let l=new IntersectionObserver(((e,t)=>{e.map((e=>{const t=y.get(e.target) "function"==typeof t&&t(e.isIntersecting)}))}),{rootMargin:"0px",threshold:n}) return l.observe(e),()=>{l.unobserve(e),y&&y.delete(e),l.disconnect(),l=null}}},O=p.prototype,P="doc",w=[d],x={configurable:!0,enumerable:!0,writable:!0,initializer:null},_={},Object.keys(x).forEach((function(e){_[e]=x[e]})),_.enumerable=!!_.enumerable,_.configurable=!!_.configurable,("value"in _||_.initializer)&&(_.writable=!0),_=w.slice().reverse().reduce((function(e,t){return t(O,P,e)||e}),_),j&&void 0!==_.initializer&&(_.value=_.initializer?_.initializer.call(j):void 0,_.initializer=void 0),void 0===_.initializer&&(Object.defineProperty(O,P,_),_=null),f=_,p) var O,P,w,x,j,_ -e.default=g})) -define("consul-ui/services/encoder",["exports","@ember/service","@ember/object","@ember/debug","consul-ui/utils/atob","consul-ui/utils/btoa"],(function(e,t,n,l,r,i){function o(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||null===e)return e +e.default=g})),define("consul-ui/services/encoder",["exports","@ember/service","@ember/object","@ember/debug","consul-ui/utils/atob","consul-ui/utils/btoa"],(function(e,t,n,l,r,i){function o(e,t,n){return(t=function(e){var t=function(e,t){if("object"!=typeof e||null===e)return e var n=e[Symbol.toPrimitive] if(void 0!==n){var l=n.call(e,t||"default") if("object"!=typeof l)return l @@ -3444,7 +3450,8 @@ function a(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 let u=(l=(0,n.default)("/:partition/:ns/:dc/nodes"),r=(0,n.default)("/:partition/:ns/:dc/node/:id/:peer"),i=(0,n.default)("/:partition/:ns/:dc/leader"),o=class extends t.default{getModelName(){return"node"}async findAllByDatacenter(){return super.findAllByDatacenter(...arguments)}async findBySlug(){return super.findBySlug(...arguments)}findLeader(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{} return void 0!==t.refresh&&(e.uri=t.uri),this.store.queryLeader(this.getModelName(),e)}},a(o.prototype,"findAllByDatacenter",[l],Object.getOwnPropertyDescriptor(o.prototype,"findAllByDatacenter"),o.prototype),a(o.prototype,"findBySlug",[r],Object.getOwnPropertyDescriptor(o.prototype,"findBySlug"),o.prototype),a(o.prototype,"findLeader",[i],Object.getOwnPropertyDescriptor(o.prototype,"findLeader"),o.prototype),o) -e.default=u})),define("consul-ui/services/repository/nspace",["exports","@ember/service","@ember/debug","consul-ui/services/repository","consul-ui/models/nspace","consul-ui/decorators/data-source","consul-ui/utils/form/builder"],(function(e,t,n,l,r,i,o){var a,u,s,c,d,p,f,m,h,b,y,v,g,O,P +e.default=u})) +define("consul-ui/services/repository/nspace",["exports","@ember/service","@ember/debug","consul-ui/services/repository","consul-ui/models/nspace","consul-ui/decorators/data-source","consul-ui/utils/form/builder"],(function(e,t,n,l,r,i,o){var a,u,s,c,d,p,f,m,h,b,y,v,g,O,P function w(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function x(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 let j=(a=(0,t.inject)("router"),u=(0,t.inject)("container"),s=(0,t.inject)("env"),c=(0,t.inject)("form"),d=(0,t.inject)("settings"),p=(0,t.inject)("repository/permission"),f=(0,i.default)("/:partition/:ns/:dc/namespaces"),m=(0,i.default)("/:partition/:ns/:dc/namespace/:id"),h=class extends l.default{constructor(){super(...arguments),w(this,"router",b,this),w(this,"container",y,this),w(this,"env",v,this),w(this,"form",g,this),w(this,"settings",O,this),w(this,"permissions",P,this)}getPrimaryKey(){return r.PRIMARY_KEY}getSlugKey(){return r.SLUG_KEY}getModelName(){return"nspace"}async findAll(){return this.permissions.can("use nspaces")?super.findAll(...arguments).catch((()=>[])):[]}async findBySlug(e){let t @@ -3465,8 +3472,7 @@ return this.store.logout(this.getModelName(),i)}close(){this.manager.close(b)}fi if(!0===e.message.startsWith("remote was closed"))t=new Error("Remote was closed"),t.statusCode=499 else t=new Error(e.message),t.statusCode=500 this.store.adapterFor(this.getModelName()).error(t)}))}},p=h(d.prototype,"manager",[o],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),f=h(d.prototype,"settings",[a],{configurable:!0,enumerable:!0,writable:!0,initializer:null}),h(d.prototype,"findAllByDatacenter",[u],Object.getOwnPropertyDescriptor(d.prototype,"findAllByDatacenter"),d.prototype),h(d.prototype,"findBySlug",[s],Object.getOwnPropertyDescriptor(d.prototype,"findBySlug"),d.prototype),h(d.prototype,"authorize",[c],Object.getOwnPropertyDescriptor(d.prototype,"authorize"),d.prototype),d) -e.default=y})) -define("consul-ui/services/repository/partition",["exports","@ember/service","@ember/debug","consul-ui/services/repository","consul-ui/models/partition","consul-ui/decorators/data-source","consul-ui/utils/form/builder"],(function(e,t,n,l,r,i,o){var a,u,s,c,d,p,f,m,h +e.default=y})),define("consul-ui/services/repository/partition",["exports","@ember/service","@ember/debug","consul-ui/services/repository","consul-ui/models/partition","consul-ui/decorators/data-source","consul-ui/utils/form/builder"],(function(e,t,n,l,r,i,o){var a,u,s,c,d,p,f,m,h function b(e,t,n,l){n&&Object.defineProperty(e,t,{enumerable:n.enumerable,configurable:n.configurable,writable:n.writable,value:n.initializer?n.initializer.call(l):void 0})}function y(e,t,n,l,r){var i={} return Object.keys(l).forEach((function(e){i[e]=l[e]})),i.enumerable=!!i.enumerable,i.configurable=!!i.configurable,("value"in i||i.initializer)&&(i.writable=!0),i=n.slice().reverse().reduce((function(n,l){return l(e,t,n)||n}),i),r&&void 0!==i.initializer&&(i.value=i.initializer?i.initializer.call(r):void 0,i.initializer=void 0),void 0===i.initializer&&(Object.defineProperty(e,t,i),i=null),i}Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 let v=(a=(0,t.inject)("settings"),u=(0,t.inject)("form"),s=(0,t.inject)("repository/permission"),c=(0,i.default)("/:partition/:ns/:dc/partitions"),d=(0,i.default)("/:partition/:ns/:dc/partition/:id"),p=class extends l.default{constructor(){super(...arguments),b(this,"settings",f,this),b(this,"form",m,this),b(this,"permissions",h,this)}getModelName(){return"partition"}getPrimaryKey(){return r.PRIMARY_KEY}getSlugKey(){return r.SLUG_KEY}async findAll(){return this.permissions.can("use partitions")?super.findAll(...arguments).catch((()=>[])):[]}async findBySlug(e){let t @@ -3711,7 +3717,8 @@ case void 0===e.dc:e.dc=t}return e}),{})}async get(){return this.env.var("CONSUL e.default=d})),define("consul-ui/sort/comparators/auth-method",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 e.default=e=>{let{properties:t}=e return function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"MethodName:asc" -return t(["MethodName","TokenTTL"])(e)}}})),define("consul-ui/sort/comparators/health-check",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +return t(["MethodName","TokenTTL"])(e)}}})) +define("consul-ui/sort/comparators/health-check",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 e.default=e=>{let{properties:t}=e return function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"Status:asc" return e.startsWith("Status:")?function(t,n){const[,l]=e.split(":") @@ -3723,8 +3730,7 @@ case"critical":return"critical"===a?0:-1 case"warning":switch(a){case"passing":return-1 case"critical":return 1 default:return 0}}return 0}:t(["Name","Kind"])(e)}}})),define("consul-ui/sort/comparators/intention",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -e.default=()=>e=>[e]})) -define("consul-ui/sort/comparators/kv",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=()=>e=>[e]})),define("consul-ui/sort/comparators/kv",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 e.default=e=>{let{properties:t}=e return e=>t(["Key","Kind"])(e)}})),define("consul-ui/sort/comparators/node",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 e.default=e=>{let{properties:t}=e @@ -3909,12 +3915,12 @@ e.default=n})),define("consul-ui/templates/dc/acls/auth-methods/show/nspace-rule var n=(0,t.createTemplateFactory)({id:"B9VyTw0K",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n"],[44,[[30,1,["model","item"]]],[[[1," "],[10,0],[14,0,"tab-section"],[12],[1,"\\n"],[41,[28,[37,4],[[30,2,["NamespaceRules","length"]],0],null],[[[1," "],[10,2],[12],[1,"\\n A set of rules that can control which namespace tokens created via this auth method will be created within. Unlike binding rules, the first matching namespace rule wins.\\n "],[13],[1,"\\n "],[8,[39,5],null,[["@items"],[[30,2,["NamespaceRules"]]]],null],[1,"\\n"]],[]],[[[1," "],[8,[39,6],null,null,[["default"],[[[[1,"\\n "],[8,[39,7],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h2"],[12],[1,"\\n "],[1,[28,[35,8],[[28,[37,9],[[30,1,["t"]],"empty.header"],null]],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,7],null,[["@name"],["body"]],[["default"],[[[[1,"\\n "],[1,[28,[35,8],[[28,[37,9],[[30,1,["t"]],"empty.body",[28,[37,10],null,[["htmlSafe"],[true]]]],null]],null]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,7],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n "],[10,"li"],[14,0,"docs-link"],[12],[1,"\\n "],[10,3],[15,6,[29,[[28,[37,11],["CONSUL_DOCS_API_URL"],null],"/acl/auth-methods#namespacerules"]]],[14,"rel","noopener noreferrer"],[14,"target","_blank"],[12],[1,"Read the documentation"],[13],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]]],[1," "],[13],[1,"\\n"]],[2]]]],[1]]]]],[1,"\\n"]],["route","item"],false,["route","routeName","let","if","gt","consul/auth-method/nspace-list","empty-state","block-slot","compute","fn","hash","env"]]',moduleName:"consul-ui/templates/dc/acls/auth-methods/show/nspace-rules.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/dc/acls/index",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"u49Giiy6",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],[[28,[37,3],["replaceWith","dc.acls.tokens"],null]],null]],[1,"\\n"]],[1]]]]],[1,"\\n"]],["route"],false,["route","routeName","did-insert","route-action"]]',moduleName:"consul-ui/templates/dc/acls/index.hbs",isStrictMode:!1}) -e.default=n})),define("consul-ui/templates/dc/acls/policies/-form",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=n})) +define("consul-ui/templates/dc/acls/policies/-form",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"HeHpiPG6",block:'[[[1,"\\n"],[10,"form"],[12],[1,"\\n "],[8,[39,0],null,[["@form","@partition","@nspace","@item"],[[99,1,["@form"]],[99,2,["@partition"]],[99,3,["@nspace"]],[99,4,["@item"]]]],[["default"],[[[[1,"\\n"],[1," "],[8,[39,5],null,[["@name"],["template"]],null],[1,"\\n "]],[]]]]],[1,"\\n"],[41,[28,[37,7],[[33,8]],null],[[[1," "],[8,[39,9],null,[["@src","@onchange"],[[28,[37,10],["/${partition}/${nspace}/${dc}/tokens/for-policy/${id}",[28,[37,11],null,[["partition","nspace","dc","id"],[[33,2],[33,3],[33,12],[28,[37,13],[[33,14],""],null]]]]],null],[28,[37,15],[[30,0],[28,[37,16],[[33,17]],null]],[["value"],["data"]]]]],null],[1,"\\n"],[41,[28,[37,18],[[33,17,["length"]],0],null],[[[1," "],[8,[39,19],null,[["@caption","@items"],["Applied to the following tokens:",[99,17,["@items"]]]],null],[1,"\\n"]],[]],null]],[]],null],[1," "],[10,0],[12],[1,"\\n "],[8,[39,20],null,null,[["default"],[[[[1,"\\n"],[41,[28,[37,21],[[33,8],[28,[37,22],["create tokens"],null]],null],[[[1," "],[8,[39,23],[[16,"disabled",[52,[28,[37,13],[[33,4,["isPristine"]],[33,4,["isInvalid"]],[28,[37,24],[[33,4,["Name"]],""],null]],null],"disabled"]],[24,4,"submit"],[4,[38,25],["click",[28,[37,26],["create",[33,4]],null]],null]],[["@text"],["Save"]],null],[1,"\\n"]],[]],[[[41,[28,[37,22],["write policy"],[["item"],[[33,4]]]],[[[1," "],[8,[39,23],[[16,"disabled",[52,[33,4,["isInvalid"]],"disabled"]],[24,4,"submit"],[4,[38,25],["click",[28,[37,26],["update",[33,4]],null]],null]],[["@text"],["Save"]],null],[1,"\\n"]],[]],null]],[]]],[1," "],[8,[39,23],[[24,4,"reset"],[4,[38,15],[[30,0],"cancel",[33,4]],null]],[["@text","@color"],["Cancel","secondary"]],null],[1,"\\n"],[41,[28,[37,21],[[28,[37,7],[[33,8]],null],[28,[37,22],["delete policy"],[["item"],[[33,4]]]]],null],[[[1," "],[8,[39,27],null,[["@message"],["Are you sure you want to delete this Policy?"]],[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["action"]],[["default"],[[[[1,"\\n "],[8,[39,23],[[4,[38,15],[[30,0],[30,1],"delete",[33,4]],null]],[["@text","@color"],["Delete","critical"]],null],[1,"\\n "]],[1]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["dialog"]],[["default"],[[[[1,"\\n"],[41,[28,[37,18],[[33,17,["length"]],0],null],[[[1," "],[8,[39,28],null,[["@onclose","@open","@aria"],[[28,[37,15],[[30,0],[30,3]],null],true,[28,[37,11],null,[["label"],["Policy in Use"]]]]],[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h2"],[12],[1,"Policy in Use"],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["body"]],[["default"],[[[[1,"\\n "],[10,2],[12],[1,"\\n This Policy is currently in use. If you choose to delete this Policy, it will be removed from the\\n following "],[10,"strong"],[12],[1,[33,17,["length"]]],[1," Tokens"],[13],[1,":\\n "],[13],[1,"\\n "],[8,[39,19],null,[["@items","@target"],[[99,17,["@items"]],"_blank"]],null],[1,"\\n "],[10,2],[12],[1,"\\n This action cannot be undone. "],[1,[30,4]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n "],[8,[39,20],null,null,[["default"],[[[[1,"\\n "],[8,[39,23],[[4,[38,15],[[30,0],[30,2]],null]],[["@text","@color"],["Yes, Delete","critical"]],null],[1,"\\n "],[8,[39,23],[[4,[38,15],[[30,0],[30,5]],null]],[["@text","@color"],["Cancel","secondary"]],null],[1,"\\n "]],[]]]]],[1,"\\n "]],[5]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]],[[[1," "],[8,[39,29],null,[["@message","@execute","@cancel"],[[30,4],[30,2],[30,3]]],null],[1,"\\n"]],[]]],[1," "]],[2,3,4]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]],null],[1," "]],[]]]]],[1,"\\n "],[13],[1,"\\n"],[13],[1,"\\n"]],["confirm","execute","cancel","message","close"],false,["policy-form","form","partition","nspace","item","block-slot","if","not","create","data-source","uri","hash","dc","or","id","action","mut","items","gt","token-list","hds/button-set","and","can","hds/button","eq","on","route-action","confirmation-dialog","modal-dialog","delete-confirmation"]]',moduleName:"consul-ui/templates/dc/acls/policies/-form.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/dc/acls/policies/edit",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"ZeBYu7Wq",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/policy/${id}",[28,[37,4],null,[["partition","nspace","dc","id"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]],[28,[37,5],[[30,1,["params","id"]],""],null]]]]],null]]],[["default"],[[[[1,"\\n\\n "],[8,[39,6],null,[["@name"],["error"]],[["default"],[[[[1,"\\n"],[41,[28,[37,8],[[30,2,["error","status"]],"401"],null],[[[1," "],[8,[39,9],null,null,null],[1,"\\n"]],[]],[[[1," "],[8,[39,10],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n"]],[]]],[1," "]],[]]]]],[1,"\\n\\n "],[8,[39,6],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n"],[44,[[30,1,["params","dc"]],[30,1,["params","partition"]],[30,1,["params","nspace"]],[28,[37,5],[[30,1,["params","id"]],""],null],[30,2,["data"]],[30,2,["data","isNew"]]],[[[1," "],[8,[39,12],null,[["@login"],[[30,1,["model","app","login","open"]]]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["breadcrumbs"]],[["default"],[[[[1,"\\n "],[10,"ol"],[12],[1,"\\n "],[10,"li"],[12],[10,3],[15,6,[28,[37,13],["dc.acls.policies"],null]],[12],[1,"All Policies"],[13],[13],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h1"],[12],[1,"\\n"],[41,[30,8],[[[1," "],[8,[30,1,["Title"]],null,[["@title"],["New Policy"]],null],[1,"\\n"]],[]],[[[41,[28,[37,14],["write policy"],[["item"],[[30,7]]]],[[[1," "],[8,[30,1,["Title"]],null,[["@title"],["Edit Policy"]],null],[1,"\\n"]],[]],[[[1," "],[8,[30,1,["Title"]],null,[["@title"],["View Policy"]],null],[1,"\\n"]],[]]]],[]]],[1," "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["content"]],[["default"],[[[[1,"\\n"],[41,[28,[37,15],[[30,8]],null],[[[1," "],[10,0],[14,0,"definition-table"],[12],[1,"\\n "],[10,"dl"],[12],[1,"\\n "],[10,"dt"],[12],[1,"Policy ID"],[13],[1,"\\n "],[10,"dd"],[12],[1,"\\n "],[8,[39,16],null,[["@value","@name"],[[30,7,["ID"]],"Policy ID"]],null],[1,"\\n "],[13],[1,"\\n "],[13],[1,"\\n "],[13],[1,"\\n"]],[]],null],[41,[28,[37,5],[[28,[37,8],[[28,[37,17],[[30,7]],null],"policy-management"],null],[28,[37,8],[[28,[37,17],[[30,7]],null],"read-only"],null]],null],[[[1," "],[8,[39,18],[[24,0,"mb-3 mt-2"]],[["@type","@icon"],["inline","star-fill"]],[["default"],[[[[1,"\\n "],[8,[30,9,["Title"]],null,null,[["default"],[[[[1,"Built-in policy"]],[]]]]],[1,"\\n "],[8,[30,9,["Description"]],null,null,[["default"],[[[[1,"This policy is built into Consul\'s ACL system. You can use this special policy by adding it to a token. This policy is not editable or removable, but can be ignored by not applying it to any tokens.\\n "]],[]]]]],[1,"\\n "],[8,[30,9,["Link::Standalone"]],null,[["@text","@href","@icon","@iconPosition"],["Learn more",[29,[[28,[37,19],["CONSUL_DOCS_URL"],null],"/guides/acl.html#builtin-policies"]],"docs-link","trailing"]],null],[1,"\\n "]],[9]]]]],[1,"\\n "],[10,0],[14,0,"definition-table"],[12],[1,"\\n "],[10,"dl"],[12],[1,"\\n "],[10,"dt"],[12],[1,"Name"],[13],[1,"\\n "],[10,"dd"],[12],[1,[30,7,["Name"]]],[13],[1,"\\n "],[10,"dt"],[12],[1,"Valid Datacenters"],[13],[1,"\\n "],[10,"dd"],[12],[1,[28,[35,20],[", ",[28,[37,21],[[30,7]],null]],null]],[13],[1,"\\n "],[10,"dt"],[12],[1,"Description"],[13],[1,"\\n "],[10,"dd"],[12],[1,[30,7,["Description"]]],[13],[1,"\\n "],[13],[1,"\\n "],[13],[1,"\\n "],[8,[39,22],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/tokens/for-policy/${id}",[28,[37,4],null,[["partition","nspace","dc","id"],[[30,4],[30,5],[30,3],[30,6]]]]],null]]],[["default"],[[[[1,"\\n"],[41,[28,[37,23],[[30,10,["data","length"]],0],null],[[[1," "],[8,[39,24],null,[["@caption","@items"],["Applied to the following tokens:",[30,10,["data"]]]],null],[1,"\\n"]],[]],null],[1," "]],[10]]]]],[1,"\\n"]],[]],[[[1," "],[19,"dc/acls/policies/form",[1,2,3,4,5,6,7,8]],[1,"\\n"]],[]]],[1," "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[3,4,5,6,7,8]]],[1," "]],[]]]]],[1,"\\n "]],[2]]]]],[1,"\\n"]],[1]]]]]],["route","loader","dc","partition","nspace","id","item","create","A","loader"],true,["route","routeName","data-loader","uri","hash","or","block-slot","if","eq","consul/acl/disabled","app-error","let","app-view","href-to","can","not","copyable-code","policy/typeof","hds/alert","env","join","policy/datacenters","data-source","gt","token-list","partial"]]',moduleName:"consul-ui/templates/dc/acls/policies/edit.hbs",isStrictMode:!1}) -e.default=n})) -define("consul-ui/templates/dc/acls/policies/index",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=n})),define("consul-ui/templates/dc/acls/policies/index",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"fHN/RQtj",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/policies",[28,[37,4],null,[["partition","nspace","dc"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]]]]]],null]]],[["default"],[[[[1,"\\n\\n "],[8,[39,5],null,[["@name"],["error"]],[["default"],[[[[1,"\\n"],[41,[28,[37,7],[[30,2,["error","status"]],"401"],null],[[[1," "],[8,[39,8],null,null,null],[1,"\\n"]],[]],[[[1," "],[8,[39,9],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n"]],[]]],[1," "]],[]]]]],[1,"\\n\\n "],[8,[39,5],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n"],[44,[[28,[37,4],null,[["value","change"],[[28,[37,11],[[33,12],"Name:asc"],null],[28,[37,13],[[30,0],[28,[37,14],[[33,12]],null]],[["value"],["target.selected"]]]]]],[28,[37,4],null,[["kind","datacenter","searchproperty"],[[28,[37,4],null,[["value","change"],[[52,[33,15],[28,[37,16],[[33,15],","],null],[27]],[28,[37,13],[[30,0],[28,[37,14],[[33,15]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change"],[[52,[33,17],[28,[37,16],[[33,17],","],null],[27]],[28,[37,13],[[30,0],[28,[37,14],[[33,17]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change","default"],[[52,[28,[37,18],[[33,19],[27]],null],[28,[37,16],[[33,19],","],null],[33,20]],[28,[37,13],[[30,0],[28,[37,14],[[33,19]],null]],[["value"],["target.selectedItems"]]],[33,20]]]]]]],[30,2,["data"]]],[[[1," "],[8,[39,21],null,[["@login"],[[30,1,["model","app","login","open"]]]],[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h1"],[12],[1,"\\n "],[8,[30,1,["Title"]],null,[["@title"],["Policies"]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n"],[41,[28,[37,22],["create policies"],null],[[[1," "],[8,[39,23],null,[["@text","@route"],["Create","dc.acls.policies.create"]],null],[1,"\\n"]],[]],null],[1," "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["toolbar"]],[["default"],[[[[1,"\\n"],[41,[28,[37,24],[[30,5,["length"]],0],null],[[[1," "],[8,[39,25],null,[["@partition","@search","@onsearch","@sort","@filter"],[[30,1,["params","partition"]],[99,26,["@search"]],[28,[37,13],[[30,0],[28,[37,14],[[33,26]],null]],[["value"],["target.value"]]],[30,3],[30,4]]],null],[1,"\\n"]],[]],null],[1," "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["content"]],[["default"],[[[[1,"\\n "],[8,[39,27],null,[["@type","@sort","@filters","@search","@items"],["policy",[30,3,["value"]],[30,4],[99,26,["@search"]],[30,5]]],[["default"],[[[[1,"\\n "],[8,[30,6,["Collection"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,28],null,[["@items","@ondelete"],[[30,6,["items"]],[28,[37,29],["delete"],null]]],null],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[30,6,["Empty"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,30],null,[["@login"],[[30,1,["model","app","login","open"]]]],[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h2"],[12],[1,"\\n "],[1,[28,[35,31],["routes.dc.acls.policies.index.empty.header"],[["items"],[[30,5,["length"]]]]]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["body"]],[["default"],[[[[1,"\\n "],[1,[28,[35,31],["routes.dc.acls.policies.index.empty.body"],[["items","htmlSafe"],[[30,5,["length"]],true]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,32],null,[["@text","@href","@icon","@iconPosition","@size"],["Documentation on policies",[29,[[28,[37,33],["CONSUL_DOCS_URL"],null],"/commands/acl/policy"]],"docs-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,32],null,[["@text","@href","@icon","@iconPosition","@size"],["Take the tutorial",[29,[[28,[37,33],["CONSUL_LEARN_URL"],null],"/consul/security-networking/managing-acl-policies"]],"learn-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[6]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n\\n"]],[3,4,5]]],[1," "]],[]]]]],[1,"\\n "]],[2]]]]],[1,"\\n"]],[1]]]]]],["route","loader","sort","filters","items","collection"],false,["route","routeName","data-loader","uri","hash","block-slot","if","eq","consul/acl/disabled","app-error","let","or","sortBy","action","mut","kind","split","datacenter","not-eq","searchproperty","searchProperties","app-view","can","hds/button","gt","consul/policy/search-bar","search","data-collection","consul/policy/list","route-action","empty-state","t","hds/link/standalone","env"]]',moduleName:"consul-ui/templates/dc/acls/policies/index.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/dc/acls/roles/-form",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"xSvLYGJe",block:'[[[1,"\\n"],[10,"form"],[12],[1,"\\n "],[8,[39,0],null,[["@form","@item","@dc","@nspace","@partition"],[[99,1,["@form"]],[99,2,["@item"]],[99,3,["@dc"]],[99,4,["@nspace"]],[99,5,["@partition"]]]],null],[1,"\\n"],[41,[28,[37,7],[[33,8]],null],[[[1," "],[8,[39,9],null,[["@src"],[[28,[37,10],["/${partition}/${nspace}/${dc}/tokens/for-role/${id}",[28,[37,11],null,[["partition","nspace","dc","id"],[[33,5],[33,4],[33,3],[28,[37,12],[[33,13],""],null]]]]],null]]],[["default"],[[[[1,"\\n"],[41,[28,[37,14],[[30,1,["data","length"]],0],null],[[[1," "],[10,"h2"],[12],[1,"Where is this role used?"],[13],[1,"\\n "],[10,2],[12],[1,"\\n We\'re only able to show information for the primary datacenter and the current datacenter. This list may not\\n show every case where this role is applied.\\n "],[13],[1,"\\n "],[8,[39,15],null,[["@caption","@items"],["Tokens",[30,1,["data"]]]],null],[1,"\\n"]],[]],null],[1," "]],[1]]]]],[1,"\\n"]],[]],null],[1," "],[10,0],[12],[1,"\\n "],[8,[39,16],null,null,[["default"],[[[[1,"\\n"],[41,[28,[37,17],[[33,8],[28,[37,18],["create roles"],null]],null],[[[1," "],[8,[39,19],[[16,"disabled",[28,[37,12],[[33,2,["isPristine"]],[33,2,["isInvalid"]],[28,[37,20],[[33,2,["Name"]],""],null]],null]],[24,4,"submit"],[4,[38,21],["click",[28,[37,22],["create",[33,2]],null]],null]],[["@text"],["Save"]],null],[1,"\\n"]],[]],[[[41,[28,[37,18],["write role"],[["item"],[[33,2]]]],[[[1," "],[8,[39,19],[[16,"disabled",[33,2,["isInvalid"]]],[24,4,"submit"],[4,[38,21],["click",[28,[37,22],["update",[33,2]],null]],null]],[["@text"],["Save"]],null],[1,"\\n"]],[]],null]],[]]],[1," "],[8,[39,19],[[24,4,"reset"],[4,[38,23],[[30,0],"cancel",[33,2]],null]],[["@text","@color"],["Cancel","secondary"]],null],[1,"\\n\\n"],[41,[28,[37,17],[[28,[37,7],[[33,8]],null],[28,[37,18],["delete role"],[["item"],[[33,2]]]]],null],[[[1," "],[8,[39,24],null,[["@message"],["Are you sure you want to delete this Role?"]],[["default"],[[[[1,"\\n "],[8,[39,25],null,[["@name"],["action"]],[["default"],[[[[1,"\\n "],[8,[39,19],[[4,[38,23],[[30,0],[30,2],"delete",[33,2]],null]],[["@text","@color"],["Delete","critical"]],null],[1,"\\n "]],[2]]]]],[1,"\\n "],[8,[39,25],null,[["@name"],["dialog"]],[["default"],[[[[1,"\\n"],[41,[28,[37,14],[[33,26,["length"]],0],null],[[[1," "],[8,[39,27],null,[["@onclose","@aria"],[[28,[37,23],[[30,0],[30,4]],null],[28,[37,11],null,[["label"],["Role in Use"]]]]],[["default"],[[[[1,"\\n "],[8,[39,25],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h2"],[12],[1,"Role in Use"],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,25],null,[["@name"],["body"]],[["default"],[[[[1,"\\n "],[10,2],[12],[1,"\\n This Role is currently in use. If you choose to delete this Role, it will be removed from the\\n following "],[10,"strong"],[12],[1,[33,26,["length"]]],[1," Tokens"],[13],[1,":\\n "],[13],[1,"\\n "],[8,[39,15],null,[["@items","@target"],[[99,26,["@items"]],"_blank"]],null],[1,"\\n "],[10,2],[12],[1,"\\n This action cannot be undone. "],[1,[30,5]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,25],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n "],[8,[39,16],null,null,[["default"],[[[[1,"\\n "],[8,[39,19],[[4,[38,23],[[30,0],[30,3]],null]],[["@text","@color"],["Yes, Delete","critical"]],null],[1,"\\n "],[8,[39,19],[[4,[38,23],[[30,0],[30,6]],null]],[["@text","@color"],["Cancel","secondary"]],null],[1,"\\n "]],[]]]]],[1,"\\n "]],[6]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]],[[[1," "],[8,[39,28],null,[["@message","@execute","@cancel"],[[30,5],[30,3],[30,4]]],null],[1,"\\n"]],[]]],[1," "]],[3,4,5]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]],null],[1," "]],[]]]]],[1,"\\n "],[13],[1,"\\n"],[13],[1,"\\n"]],["loader","confirm","execute","cancel","message","close"],false,["role-form","form","item","dc","nspace","partition","if","not","create","data-source","uri","hash","or","id","gt","token-list","hds/button-set","and","can","hds/button","eq","on","route-action","action","confirmation-dialog","block-slot","items","modal-dialog","delete-confirmation"]]',moduleName:"consul-ui/templates/dc/acls/roles/-form.hbs",isStrictMode:!1}) @@ -3970,17 +3976,17 @@ e.default=n})),define("consul-ui/templates/dc/peers/show",["exports","@ember/tem var n=(0,t.createTemplateFactory)({id:"AvoaCEAO",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/peer/${name}",[28,[37,4],null,[["partition","nspace","dc","name"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]],[30,1,["params","name"]]]]]],null]]],[["default"],[[[[1,"\\n\\n "],[8,[39,5],null,[["@name"],["error"]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n\\n "],[8,[39,5],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n"],[44,[[30,1,["params","dc"]],[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,2,["data"]]],[[[1," "],[8,[39,8],null,null,[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["breadcrumbs"]],[["default"],[[[[1,"\\n "],[10,"ol"],[12],[1,"\\n "],[10,"li"],[12],[10,3],[15,6,[28,[37,9],["dc.peers"],null]],[12],[1,"All Peers"],[13],[13],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h1"],[12],[1,"\\n "],[8,[30,1,["Title"]],null,[["@title"],[[30,6,["Name"]]]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["content"]],[["default"],[[[[1,"\\n "],[8,[39,10],null,[["@peering"],[[30,6]]],null],[1,"\\n "],[8,[39,11],null,[["@peer"],[[30,6]]],[["default"],[[[[1,"\\n "],[8,[39,12],null,[["@items"],[[30,7,["data","tabs"]]]],null],[1,"\\n\\n "]],[7]]]]],[1,"\\n "],[8,[39,13],null,[["@name","@model"],[[99,1,["@name"]],[28,[37,14],[[28,[37,4],null,[["items","peer"],[[30,6,["PeerServerAddresses"]],[30,6]]]],[30,1,["model"]]],null]]],[["default"],[[[[1,"\\n "],[46,[28,[37,16],null,null],null,null,null],[1,"\\n "]],[8]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[3,4,5,6]]],[1," "]],[]]]]],[1,"\\n "]],[2]]]]],[1,"\\n"]],[1]]]]]],["route","loader","dc","partition","nspace","item","peering","o"],false,["route","routeName","data-loader","uri","hash","block-slot","app-error","let","app-view","href-to","consul/peer/bento-box","peerings/provider","tab-nav","outlet","assign","component","-outlet"]]',moduleName:"consul-ui/templates/dc/peers/show.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/dc/peers/show/addresses",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"3k5sOecZ",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n"],[41,[28,[37,3],[[30,1,["model","items","length"]],0],null],[[[1," "],[8,[39,4],null,[["@items"],[[30,1,["model","items"]]]],null],[1,"\\n"]],[]],[[[1," "],[8,[39,5],null,[["@login"],[[30,1,["model","app","login","open"]]]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h2"],[12],[1,"\\n "],[1,[28,[35,7],["routes.dc.peers.show.addresses.empty.header"],null]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["body"]],[["default"],[[[[1,"\\n "],[1,[28,[35,7],["routes.dc.peers.show.addresses.empty.body"],[["htmlSafe"],[true]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,6],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,8],null,[["@text","@href","@icon","@iconPosition","@size"],["Documentation on Peers",[29,[[28,[37,9],["CONSUL_DOCS_URL"],null],"/connect/cluster-peering"]],"docs-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,8],null,[["@text","@href","@icon","@iconPosition","@size"],["Take the tutorial",[29,[[28,[37,9],["CONSUL_DOCS_URL"],null],"/connect/cluster-peering/create-manage-peering"]],"learn-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]]]],[1]]]]]],["route"],false,["route","routeName","if","gt","consul/peer/address/list","empty-state","block-slot","t","hds/link/standalone","env"]]',moduleName:"consul-ui/templates/dc/peers/show/addresses.hbs",isStrictMode:!1}) -e.default=n})),define("consul-ui/templates/dc/peers/show/exported",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=n})) +define("consul-ui/templates/dc/peers/show/exported",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"Z0gVGZWd",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/exported-services/${name}",[28,[37,4],null,[["partition","nspace","dc","name"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]],[30,1,["model","peer","Name"]]]]]],null]]],[["default"],[[[[1,"\\n"],[44,[[28,[37,6],[[30,1,["params","partition"]],[30,1,["model","user","token","Partition"]],"default"],null],[30,2,["data"]]],[[[1,"\\n "],[8,[39,7],null,[["@name"],["error"]],[["default"],[[[[1,"\\n "],[8,[39,8],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n\\n "],[8,[39,7],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n"],[41,[30,4,["length"]],[[[1," "],[10,0],[14,0,"search-bar"],[12],[1,"\\n "],[10,"form"],[14,0,"filter-bar"],[12],[1,"\\n "],[8,[39,10],[[24,0,"!w-80"]],[["@onsearch","@value","@placeholder"],[[28,[37,11],["target.value",[30,0,["updateSearch"]]],null],[30,0,["search"]],"Search"]],null],[1,"\\n "],[13],[1,"\\n "],[13],[1,"\\n"]],[]],null],[1," "],[8,[39,12],null,[["@items","@search","@searchProperties"],[[30,4],[30,0,["search"]],[28,[37,13],["Name"],null]]],[["default"],[[[[1,"\\n "],[8,[39,14],null,null,[["default"],[[[[1,"\\n"],[41,[30,6,["data","height"]],[[[1," "],[10,0],[15,5,[30,6,["data","fillRemainingHeightStyle"]]],[14,0,"overflow-y-scroll"],[12],[1,"\\n"],[41,[30,5,["data","items","length"]],[[[1," "],[8,[39,15],null,[["@tagName","@estimateHeight","@items"],["ul",[30,6,["data","height"]],[30,5,["data","items"]]]],[["default"],[[[[1,"\\n "],[10,"li"],[14,0,"px-3 h-12 border-bottom-primary"],[12],[1,"\\n "],[10,3],[14,0,"hds-typography-display-300 hds-foreground-strong hds-font-weight-semibold h-full w-full flex items-center"],[15,6,[28,[37,16],["dc.services.show.index",[30,7,["Name"]]],[["params"],[[52,[28,[37,17],[[30,7,["Partition"]],[30,3]],null],[28,[37,4],null,[["partition","nspace","peer"],[[30,7,["Partition"]],[30,7,["Namespace"]],[30,7,["PeerName"]]]]],[28,[37,4],null,[["peer"],[[30,7,["PeerName"]]]]]]]]]],[12],[1,"\\n "],[1,[30,7,["Name"]]],[1,"\\n "],[13],[1,"\\n "],[13],[1,"\\n "]],[7,8]]]]],[1,"\\n"]],[]],[[[1," "],[8,[39,18],null,[["@login"],[[30,1,["model","app","login","open"]]]],[["default"],[[[[1,"\\n "],[8,[39,7],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h2"],[12],[1,"\\n "],[1,[28,[35,19],["routes.dc.peers.show.exported.empty.header"],[["name"],[[30,1,["model","peer","Name"]]]]]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,7],null,[["@name"],["body"]],[["default"],[[[[1,"\\n "],[1,[28,[35,19],["routes.dc.peers.show.exported.empty.body"],[["items","name","htmlSafe"],[[30,4,["length"]],[30,1,["model","peer","Name"]],true]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,7],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,20],null,[["@text","@href","@icon","@iconPosition","@size"],["Documentation on Peers",[29,[[28,[37,21],["CONSUL_DOCS_URL"],null],"/connect/cluster-peering"]],"docs-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,20],null,[["@text","@href","@icon","@iconPosition","@size"],["Take the tutorial",[29,[[28,[37,21],["CONSUL_DOCS_URL"],null],"/connect/cluster-peering/create-manage-peering"]],"learn-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[]]],[1," "],[13],[1,"\\n"]],[]],null],[1," "]],[6]]]]],[1,"\\n\\n "]],[5]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[3,4]]],[1," "]],[2]]]]],[1,"\\n\\n"]],[1]]]]]],["route","api","partition","items","search","p","service","index"],false,["route","routeName","data-loader","uri","hash","let","or","block-slot","app-error","if","freetext-filter","pick","providers/search","array","providers/dimension","vertical-collection","href-to","not-eq","empty-state","t","hds/link/standalone","env"]]',moduleName:"consul-ui/templates/dc/peers/show/exported.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/dc/peers/show/imported",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -var n=(0,t.createTemplateFactory)({id:"WW9UdfAm",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/services/${peer}/${peerId}",[28,[37,4],null,[["partition","nspace","dc","peer","peerId"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]],[30,1,["model","peer","Name"]],[30,1,["model","peer","id"]]]]]],null]]],[["default"],[[[[1,"\\n\\n "],[8,[39,5],null,[["@name"],["error"]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n\\n "],[8,[39,5],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n"],[44,[[28,[37,4],null,[["value","change"],[[28,[37,8],[[33,9],"Status:asc"],null],[28,[37,10],[[30,0],[28,[37,11],[[33,9]],null]],[["value"],["target.selected"]]]]]],[28,[37,4],null,[["status","kind","source","searchproperty"],[[28,[37,4],null,[["value","change"],[[52,[33,13],[28,[37,14],[[33,13],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,13]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change"],[[52,[33,15],[28,[37,14],[[33,15],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,15]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change"],[[52,[33,16],[28,[37,14],[[33,16],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,16]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change","default"],[[52,[28,[37,17],[[33,18],[27]],null],[28,[37,14],[[33,18],","],null],[30,0,["searchProperties"]]],[28,[37,10],[[30,0],[28,[37,11],[[33,18]],null]],[["value"],["target.selectedItems"]]],[30,0,["searchProperties"]]]]]]]],[28,[37,19],["Kind","connect-proxy",[30,2,["data"]]],null],[28,[37,8],[[30,1,["params","partition"]],[30,1,["model","user","token","Partition"]],"default"],null],[28,[37,8],[[30,1,["params","nspace"]],[30,1,["model","user","token","Namespace"]],"default"],null]],[[[1,"\\n"],[41,[28,[37,20],[[30,5,["length"]],0],null],[[[44,[[28,[37,21],[[30,5]],null]],[[[1," "],[8,[39,22],null,[["@sources","@partitions","@partition","@search","@onsearch","@sort","@filter","@peer"],[[28,[37,23],[[30,8],"ExternalSources"],null],[28,[37,23],[[30,8],"Partitions"],null],[30,6],[99,24,["@search"]],[28,[37,10],[[30,0],[28,[37,11],[[33,24]],null]],[["value"],["target.value"]]],[30,3],[30,4],[30,1,["model","peer"]]]],null],[1,"\\n"]],[8]]]],[]],null],[1," "],[8,[39,25],null,[["@type","@sort","@filters","@search","@items"],["service",[30,3,["value"]],[30,4],[99,24,["@search"]],[30,5]]],[["default"],[[[[1,"\\n "],[8,[30,9,["Collection"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,26],null,[["@items","@partition","@isPeerDetail"],[[30,9,["items"]],[30,6],true]],null],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[30,9,["Empty"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,27],null,[["@login"],[[30,1,["model","app","login","open"]]]],[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h2"],[12],[1,"\\n "],[1,[28,[35,28],["routes.dc.peers.show.imported.empty.header"],[["name"],[[30,1,["model","peer","Name"]]]]]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["body"]],[["default"],[[[[1,"\\n "],[1,[28,[35,28],["routes.dc.peers.show.imported.empty.body"],[["items","name","htmlSafe"],[[30,5,["length"]],[30,1,["model","peer","Name"]],true]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n "],[10,"li"],[12],[1,"\\n"],[1," "],[8,[39,29],null,[["@text","@href","@icon","@iconPosition","@size"],["Documentation on Peers",[29,[[28,[37,30],["CONSUL_DOCS_URL"],null],"/connect/cluster-peering"]],"docs-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,29],null,[["@text","@href","@icon","@iconPosition","@size"],["Take the tutorial",[29,[[28,[37,30],["CONSUL_DOCS_URL"],null],"/connect/cluster-peering/create-manage-peering"]],"learn-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[9]]]]],[1,"\\n"]],[3,4,5,6,7]]],[1," "]],[]]]]],[1,"\\n "]],[2]]]]],[1,"\\n"]],[1]]]]]],["route","api","sort","filters","items","partition","nspace","items","collection"],false,["route","routeName","data-loader","uri","hash","block-slot","app-error","let","or","sortBy","action","mut","if","status","split","kind","source","not-eq","searchproperty","reject-by","gt","collection","consul/service/search-bar","get","search","data-collection","consul/service/list","empty-state","t","hds/link/standalone","env"]]',moduleName:"consul-ui/templates/dc/peers/show/imported.hbs",isStrictMode:!1}) -e.default=n})) -define("consul-ui/templates/dc/peers/show/index",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +var n=(0,t.createTemplateFactory)({id:"Ioh7AUof",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/services/${peer}/${peerId}",[28,[37,4],null,[["partition","nspace","dc","peer","peerId"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]],[30,1,["model","peer","Name"]],[30,1,["model","peer","id"]]]]]],null]]],[["default"],[[[[1,"\\n\\n "],[8,[39,5],null,[["@name"],["error"]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n\\n "],[8,[39,5],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n"],[44,[[28,[37,4],null,[["value","change"],[[28,[37,8],[[33,9],"Status:asc"],null],[28,[37,10],[[30,0],[28,[37,11],[[33,9]],null]],[["value"],["target.selected"]]]]]],[28,[37,4],null,[["status","kind","source","searchproperty"],[[28,[37,4],null,[["value","change"],[[52,[33,13],[28,[37,14],[[33,13],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,13]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change"],[[52,[33,15],[28,[37,14],[[33,15],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,15]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change"],[[52,[33,16],[28,[37,14],[[33,16],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,16]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change","default"],[[52,[28,[37,17],[[33,18],[27]],null],[28,[37,14],[[33,18],","],null],[30,0,["searchProperties"]]],[28,[37,10],[[30,0],[28,[37,11],[[33,18]],null]],[["value"],["target.selectedItems"]]],[30,0,["searchProperties"]]]]]]]],[28,[37,19],["Kind","connect-proxy",[30,2,["data"]]],null],[28,[37,8],[[30,1,["params","partition"]],[30,1,["model","user","token","Partition"]],"default"],null],[28,[37,8],[[30,1,["params","nspace"]],[30,1,["model","user","token","Namespace"]],"default"],null]],[[[1,"\\n"],[41,[28,[37,20],[[30,5,["length"]],0],null],[[[44,[[28,[37,21],[[30,5]],null]],[[[1," "],[8,[39,22],null,[["@sources","@partitions","@partition","@search","@onsearch","@sort","@filter","@peer"],[[28,[37,23],[[30,8],"ExternalSources"],null],[28,[37,23],[[30,8],"Partitions"],null],[30,6],[99,24,["@search"]],[28,[37,10],[[30,0],[28,[37,11],[[33,24]],null]],[["value"],["target.value"]]],[30,3],[30,4],[30,1,["model","peer"]]]],null],[1,"\\n"]],[8]]]],[]],null],[1," "],[8,[39,25],null,[["@type","@sort","@filters","@search","@items"],["service",[30,3,["value"]],[30,4],[99,24,["@search"]],[30,5]]],[["default"],[[[[1,"\\n "],[8,[30,9,["Collection"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,26],null,[["@items","@partition","@nspace","@isPeerDetail"],[[30,9,["items"]],[30,6],[30,7],true]],null],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[30,9,["Empty"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,27],null,[["@login"],[[30,1,["model","app","login","open"]]]],[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h2"],[12],[1,"\\n "],[1,[28,[35,28],["routes.dc.peers.show.imported.empty.header"],[["name"],[[30,1,["model","peer","Name"]]]]]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["body"]],[["default"],[[[[1,"\\n "],[1,[28,[35,28],["routes.dc.peers.show.imported.empty.body"],[["items","name","htmlSafe"],[[30,5,["length"]],[30,1,["model","peer","Name"]],true]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n "],[10,"li"],[12],[1,"\\n"],[1," "],[8,[39,29],null,[["@text","@href","@icon","@iconPosition","@size"],["Documentation on Peers",[29,[[28,[37,30],["CONSUL_DOCS_URL"],null],"/connect/cluster-peering"]],"docs-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,29],null,[["@text","@href","@icon","@iconPosition","@size"],["Take the tutorial",[29,[[28,[37,30],["CONSUL_DOCS_URL"],null],"/connect/cluster-peering/create-manage-peering"]],"learn-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[9]]]]],[1,"\\n"]],[3,4,5,6,7]]],[1," "]],[]]]]],[1,"\\n "]],[2]]]]],[1,"\\n"]],[1]]]]]],["route","api","sort","filters","items","partition","nspace","items","collection"],false,["route","routeName","data-loader","uri","hash","block-slot","app-error","let","or","sortBy","action","mut","if","status","split","kind","source","not-eq","searchproperty","reject-by","gt","collection","consul/service/search-bar","get","search","data-collection","consul/service/list","empty-state","t","hds/link/standalone","env"]]',moduleName:"consul-ui/templates/dc/peers/show/imported.hbs",isStrictMode:!1}) +e.default=n})),define("consul-ui/templates/dc/peers/show/index",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"IJMk41B8",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[1,[28,[35,2],[[30,0,["transitionToImported"]]],null]],[1,"\\n"]],[1]]]]]],["route"],false,["route","routeName","did-insert"]]',moduleName:"consul-ui/templates/dc/peers/show/index.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/dc/routing-config",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"ag2giQ2I",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/discovery-chain/${name}",[28,[37,4],null,[["partition","nspace","dc","name"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]],[30,1,["params","name"]]]]]],null]]],[["default"],[[[[1,"\\n\\n "],[8,[39,5],null,[["@name"],["error"]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n\\n "],[8,[39,5],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n"],[44,[[30,2,["data"]]],[[[8,[39,8],null,null,[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["breadcrumbs"]],[["default"],[[[[1,"\\n "],[10,"ol"],[12],[1,"\\n "],[10,"li"],[12],[10,3],[15,6,[28,[37,9],["dc.services"],null]],[12],[1,"All Services"],[13],[13],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h1"],[12],[1,"\\n "],[8,[30,1,["Title"]],null,[["@title"],[[30,3,["Chain","ServiceName"]]]],null],[1,"\\n "],[13],[1,"\\n "],[8,[39,10],null,[["@source","@withInfo"],[[28,[37,11],["routes.dc.routing-config.source"],null],true]],null],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["content"]],[["default"],[[[[1,"\\n "],[10,0],[14,0,"container"],[12],[1,"\\n "],[8,[39,12],null,[["@chain"],[[30,3,["Chain"]]]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n"]],[]]]]],[1,"\\n"]],[3]]],[1," "]],[]]]]],[1,"\\n "]],[2]]]]],[1,"\\n"]],[1]]]]],[1,"\\n"]],["route","loader","item"],false,["route","routeName","data-loader","uri","hash","block-slot","app-error","let","app-view","href-to","consul/source","t","consul/discovery-chain"]]',moduleName:"consul-ui/templates/dc/routing-config.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/dc/services/index",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -var n=(0,t.createTemplateFactory)({id:"9rUU3uSO",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/services",[28,[37,4],null,[["partition","nspace","dc"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]]]]]],null]]],[["default"],[[[[1,"\\n\\n "],[8,[39,5],null,[["@name"],["error"]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n\\n "],[8,[39,5],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n\\n"],[44,[[28,[37,4],null,[["value","change"],[[28,[37,8],[[33,9],"Status:asc"],null],[28,[37,10],[[30,0],[28,[37,11],[[33,9]],null]],[["value"],["target.selected"]]]]]],[28,[37,4],null,[["status","kind","source","searchproperty"],[[28,[37,4],null,[["value","change"],[[52,[33,13],[28,[37,14],[[33,13],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,13]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change"],[[52,[33,15],[28,[37,14],[[33,15],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,15]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change"],[[52,[33,16],[28,[37,14],[[33,16],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,16]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change","default"],[[52,[28,[37,17],[[33,18],[27]],null],[28,[37,14],[[33,18],","],null],[30,0,["_searchProperties"]]],[28,[37,10],[[30,0],[28,[37,11],[[33,18]],null]],[["value"],["target.selectedItems"]]],[30,0,["_searchProperties"]]]]]]]],[28,[37,19],["Kind","connect-proxy",[30,2,["data"]]],null],[28,[37,8],[[30,1,["params","partition"]],[30,1,["model","user","token","Partition"]],"default"],null],[28,[37,8],[[30,1,["params","nspace"]],[30,1,["model","user","token","Namespace"]],"default"],null]],[[[1,"\\n "],[8,[39,20],null,null,[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h1"],[12],[1,"\\n "],[8,[30,1,["Title"]],null,[["@title"],["Services"]],null],[1," "],[10,"em"],[12],[1,[28,[35,21],[[30,5,["length"]]],null]],[1," total"],[13],[1,"\\n "],[13],[1,"\\n "],[10,"label"],[14,"for","toolbar-toggle"],[12],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["toolbar"]],[["default"],[[[[1,"\\n"],[41,[28,[37,22],[[30,5,["length"]],0],null],[[[44,[[28,[37,23],[[30,5]],null]],[[[1," "],[8,[39,24],null,[["@sources","@partitions","@partition","@search","@onsearch","@sort","@filter"],[[28,[37,25],[[30,8],"ExternalSources"],null],[28,[37,25],[[30,8],"Partitions"],null],[30,6],[99,26,["@search"]],[28,[37,10],[[30,0],[28,[37,11],[[33,26]],null]],[["value"],["target.value"]]],[30,3],[30,4]]],null],[1,"\\n"]],[8]]]],[]],null],[1," "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["content"]],[["default"],[[[[1,"\\n "],[8,[39,27],null,[["@type","@sort","@filters","@search","@items"],["service",[30,3,["value"]],[30,4],[99,26,["@search"]],[30,5]]],[["default"],[[[[1,"\\n "],[8,[30,9,["Collection"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,28],null,[["@items","@partition"],[[30,9,["items"]],[30,6]]],[["default"],[[[[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[30,9,["Empty"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,29],null,[["@login"],[[30,1,["model","app","login","open"]]]],[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h2"],[12],[1,"\\n "],[1,[28,[35,30],["routes.dc.services.index.empty.header"],[["items"],[[30,5,["length"]]]]]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["body"]],[["default"],[[[[1,"\\n "],[1,[28,[35,30],["routes.dc.services.index.empty.body"],[["items","canUseACLs","htmlSafe"],[[30,5,["length"]],[28,[37,31],["use acls"],null],true]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,32],null,[["@text","@href","@icon","@iconPosition","@size"],["Documentation on Services",[29,[[28,[37,33],["CONSUL_DOCS_URL"],null],"/commands/services"]],"docs-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,32],null,[["@text","@href","@icon","@iconPosition","@size"],["Take the tutorial",[29,[[28,[37,33],["CONSUL_DOCS_LEARN_URL"],null],"/consul/getting-started/services"]],"learn-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[9]]]]],[1,"\\n "]],[]]]]],[1,"\\n\\n "]],[]]]]],[1,"\\n\\n"]],[3,4,5,6,7]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[2]]]]],[1,"\\n"]],[1]]]]],[1,"\\n"]],["route","api","sort","filters","items","partition","nspace","items","collection"],false,["route","routeName","data-loader","uri","hash","block-slot","app-error","let","or","sortBy","action","mut","if","status","split","kind","source","not-eq","searchproperty","reject-by","app-view","format-number","gt","collection","consul/service/search-bar","get","search","data-collection","consul/service/list","empty-state","t","can","hds/link/standalone","env"]]',moduleName:"consul-ui/templates/dc/services/index.hbs",isStrictMode:!1}) +var n=(0,t.createTemplateFactory)({id:"k/tlhz7S",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/services",[28,[37,4],null,[["partition","nspace","dc"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]]]]]],null]]],[["default"],[[[[1,"\\n\\n "],[8,[39,5],null,[["@name"],["error"]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n\\n "],[8,[39,5],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n\\n"],[44,[[28,[37,4],null,[["value","change"],[[28,[37,8],[[33,9],"Status:asc"],null],[28,[37,10],[[30,0],[28,[37,11],[[33,9]],null]],[["value"],["target.selected"]]]]]],[28,[37,4],null,[["status","kind","source","searchproperty"],[[28,[37,4],null,[["value","change"],[[52,[33,13],[28,[37,14],[[33,13],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,13]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change"],[[52,[33,15],[28,[37,14],[[33,15],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,15]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change"],[[52,[33,16],[28,[37,14],[[33,16],","],null],[27]],[28,[37,10],[[30,0],[28,[37,11],[[33,16]],null]],[["value"],["target.selectedItems"]]]]]],[28,[37,4],null,[["value","change","default"],[[52,[28,[37,17],[[33,18],[27]],null],[28,[37,14],[[33,18],","],null],[30,0,["_searchProperties"]]],[28,[37,10],[[30,0],[28,[37,11],[[33,18]],null]],[["value"],["target.selectedItems"]]],[30,0,["_searchProperties"]]]]]]]],[28,[37,19],["Kind","connect-proxy",[30,2,["data"]]],null],[28,[37,8],[[30,1,["params","partition"]],[30,1,["model","user","token","Partition"]],"default"],null],[28,[37,8],[[30,1,["params","nspace"]],[30,1,["model","user","token","Namespace"]],"default"],null]],[[[1,"\\n "],[8,[39,20],null,null,[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h1"],[12],[1,"\\n "],[8,[30,1,["Title"]],null,[["@title"],["Services"]],null],[1," "],[10,"em"],[12],[1,[28,[35,21],[[30,5,["length"]]],null]],[1," total"],[13],[1,"\\n "],[13],[1,"\\n "],[10,"label"],[14,"for","toolbar-toggle"],[12],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["toolbar"]],[["default"],[[[[1,"\\n"],[41,[28,[37,22],[[30,5,["length"]],0],null],[[[44,[[28,[37,23],[[30,5]],null]],[[[1," "],[8,[39,24],null,[["@sources","@partitions","@partition","@search","@onsearch","@sort","@filter"],[[28,[37,25],[[30,8],"ExternalSources"],null],[28,[37,25],[[30,8],"Partitions"],null],[30,6],[99,26,["@search"]],[28,[37,10],[[30,0],[28,[37,11],[[33,26]],null]],[["value"],["target.value"]]],[30,3],[30,4]]],null],[1,"\\n"]],[8]]]],[]],null],[1," "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["content"]],[["default"],[[[[1,"\\n "],[8,[39,27],null,[["@type","@sort","@filters","@search","@items"],["service",[30,3,["value"]],[30,4],[99,26,["@search"]],[30,5]]],[["default"],[[[[1,"\\n "],[8,[30,9,["Collection"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,28],null,[["@items","@partition","@nspace"],[[30,9,["items"]],[30,6],[30,7]]],[["default"],[[[[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[30,9,["Empty"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,29],null,[["@login"],[[30,1,["model","app","login","open"]]]],[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h2"],[12],[1,"\\n "],[1,[28,[35,30],["routes.dc.services.index.empty.header"],[["items"],[[30,5,["length"]]]]]],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["body"]],[["default"],[[[[1,"\\n "],[1,[28,[35,30],["routes.dc.services.index.empty.body"],[["items","canUseACLs","htmlSafe"],[[30,5,["length"]],[28,[37,31],["use acls"],null],true]]]],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,32],null,[["@text","@href","@icon","@iconPosition","@size"],["Documentation on Services",[29,[[28,[37,33],["CONSUL_DOCS_URL"],null],"/commands/services"]],"docs-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "],[10,"li"],[12],[1,"\\n "],[8,[39,32],null,[["@text","@href","@icon","@iconPosition","@size"],["Take the tutorial",[29,[[28,[37,33],["CONSUL_DOCS_LEARN_URL"],null],"/consul/getting-started/services"]],"learn-link","trailing","small"]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[9]]]]],[1,"\\n "]],[]]]]],[1,"\\n\\n "]],[]]]]],[1,"\\n\\n"]],[3,4,5,6,7]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[2]]]]],[1,"\\n"]],[1]]]]],[1,"\\n"]],["route","api","sort","filters","items","partition","nspace","items","collection"],false,["route","routeName","data-loader","uri","hash","block-slot","app-error","let","or","sortBy","action","mut","if","status","split","kind","source","not-eq","searchproperty","reject-by","app-view","format-number","gt","collection","consul/service/search-bar","get","search","data-collection","consul/service/list","empty-state","t","can","hds/link/standalone","env"]]',moduleName:"consul-ui/templates/dc/services/index.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/dc/services/instance",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"UwadJzgF",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["/${partition}/${nspace}/${dc}/service-instance/${id}/${node}/${name}/${peer}",[28,[37,4],null,[["partition","nspace","dc","id","node","name","peer"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]],[30,1,["params","id"]],[30,1,["params","node"]],[30,1,["params","name"]],[30,1,["params","peer"]]]]]],null]]],[["default"],[[[[1,"\\n\\n "],[8,[39,5],null,[["@name"],["error"]],[["default"],[[[[1,"\\n "],[8,[39,6],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n\\n "],[8,[39,5],null,[["@name"],["disconnected"]],[["default"],[[[[1,"\\n"],[41,[28,[37,8],[[30,2,["error","status"]],"404"],null],[[[1," "],[8,[39,9],[[4,[38,10],null,[["sticky"],[true]]]],[["@color"],["warning"]],[["default"],[[[[1,"\\n "],[8,[30,4,["Title"]],null,null,[["default"],[[[[1,"Warning!"]],[]]]]],[1,"\\n "],[8,[30,4,["Description"]],null,null,[["default"],[[[[1,"\\n This service has been deregistered and no longer exists in the catalog.\\n "]],[]]]]],[1,"\\n "]],[4]]]]],[1,"\\n"]],[]],[[[41,[28,[37,8],[[30,2,["error","status"]],"403"],null],[[[1," "],[8,[39,9],[[4,[38,10],null,[["sticky"],[true]]]],[["@color"],["critical"]],[["default"],[[[[1,"\\n "],[8,[30,5,["Title"]],null,null,[["default"],[[[[1,"Error!"]],[]]]]],[1,"\\n "],[8,[30,5,["Description"]],null,null,[["default"],[[[[1,"\\n You no longer have access to this service.\\n "]],[]]]]],[1,"\\n "]],[5]]]]],[1,"\\n"]],[]],[[[1," "],[8,[39,9],[[4,[38,10],null,[["sticky"],[true]]]],[["@color"],["critical"]],[["default"],[[[[1,"\\n "],[8,[30,6,["Title"]],null,null,[["default"],[[[[1,"Warning!"]],[]]]]],[1,"\\n "],[8,[30,6,["Description"]],null,null,[["default"],[[[[1,"\\n An error was returned whilst loading this data, refresh to try again.\\n "]],[]]]]],[1,"\\n "]],[6]]]]],[1,"\\n "]],[]]]],[]]],[1," "]],[3]]]]],[1,"\\n\\n "],[8,[39,5],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n"],[44,[[30,2,["data"]]],[[[41,[30,7,["IsOrigin"]],[[[1," "],[8,[39,12],null,[["@src","@onchange"],[[28,[37,3],["/${partition}/${nspace}/${dc}/proxy-instance/${id}/${node}/${name}",[28,[37,4],null,[["partition","nspace","dc","id","node","name"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]],[30,1,["params","id"]],[30,1,["params","node"]],[30,1,["params","name"]]]]]],null],[28,[37,13],[[30,0],[28,[37,14],[[33,15]],null]],[["value"],["data"]]]]],[["default"],[[[[1,"\\n"],[41,[30,8,["data","ServiceID"]],[[[1," "],[8,[39,12],null,[["@src","@onchange"],[[28,[37,3],["/${partition}/${nspace}/${dc}/service-instance/${id}/${node}/${name}/${peer}",[28,[37,4],null,[["partition","nspace","dc","id","node","name","peer"],[[30,1,["params","partition"]],[30,1,["params","nspace"]],[30,1,["params","dc"]],[30,8,["data","ServiceID"]],[30,8,["data","NodeName"]],[30,8,["data","ServiceName"]],[30,1,["params","peer"]]]]]],null],[28,[37,13],[[30,0],[28,[37,14],[[33,16]],null]],[["value"],["data"]]]]],null],[1,"\\n"]],[]],null],[1," "]],[8]]]]],[1,"\\n"]],[]],null],[1," "],[8,[39,17],null,null,[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@name"],["breadcrumbs"]],[["default"],[[[[1,"\\n "],[10,"ol"],[12],[1,"\\n "],[10,"li"],[12],[10,3],[15,6,[28,[37,18],["dc.services"],[["params"],[[28,[37,4],null,[["peer"],[[27]]]]]]]],[12],[1,"All Services"],[13],[13],[1,"\\n "],[10,"li"],[12],[11,3],[16,6,[28,[37,18],["dc.services.show"],null]],[4,[38,19],[[28,[37,20],["Service (",[30,7,["Service","Service"]],")"],null]],null],[12],[1,"\\n Service ("],[1,[30,7,["Service","Service"]]],[1,")\\n "],[13],[13],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h1"],[12],[1,"\\n "],[8,[30,1,["Title"]],null,[["@title"],[[30,7,["Service","ID"]]]],null],[1,"\\n "],[13],[1,"\\n "],[8,[39,21],null,[["@item","@withInfo"],[[30,7],true]],null],[1,"\\n "],[8,[39,22],null,[["@item","@withInfo"],[[30,7],true]],null],[1,"\\n"],[41,[28,[37,8],[[33,15,["ServiceProxy","Mode"]],"transparent"],null],[[[1," "],[8,[39,23],null,null,null],[1,"\\n"]],[]],null],[1," "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["nav"]],[["default"],[[[[1,"\\n "],[10,"dl"],[12],[1,"\\n "],[10,"dt"],[12],[1,"Service Name"],[13],[1,"\\n "],[10,"dd"],[12],[10,3],[15,6,[29,[[28,[37,18],["dc.services.show",[30,7,["Service","Service"]]],null]]]],[12],[1,[30,7,["Service","Service"]]],[13],[13],[1,"\\n "],[13],[1,"\\n"],[41,[51,[30,7,["Node","Meta","synthetic-node"]]],[[[1," "],[10,"dl"],[12],[1,"\\n "],[10,"dt"],[12],[1,"Node Name"],[13],[1,"\\n "],[10,"dd"],[12],[10,3],[15,6,[29,[[28,[37,18],["dc.nodes.show",[30,7,["Node","Node"]]],null]]]],[12],[1,[30,7,["Node","Node"]]],[13],[13],[1,"\\n "],[13],[1,"\\n"]],[]],null],[41,[30,7,["Service","PeerName"]],[[[1," "],[10,"dl"],[12],[1,"\\n "],[10,"dt"],[12],[1,"Peer Name"],[13],[1,"\\n "],[10,"dd"],[12],[10,3],[15,6,[28,[37,18],["dc.peers.show",[30,7,["Service","PeerName"]]],[["params"],[[28,[37,4],null,[["peer"],[[27]]]]]]]],[12],[1,[30,7,["Service","PeerName"]]],[13],[13],[1,"\\n "],[13],[1,"\\n"]],[]],null],[1," "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["actions"]],[["default"],[[[[1,"\\n"],[44,[[28,[37,25],[[30,7,["Service","Address"]],[30,7,["Node","Address"]]],null]],[[[1," "],[8,[39,26],null,[["@value","@name"],[[30,9],"Address"]],[["default"],[[[[1,[30,9]]],[]]]]],[1,"\\n"]],[9]]],[1," "]],[]]]]],[1,"\\n "],[8,[39,5],null,[["@name"],["content"]],[["default"],[[[[1,"\\n "],[8,[39,27],null,[["@items"],[[28,[37,28],[[28,[37,29],[[28,[37,4],null,[["label","href","selected"],["Health Checks",[28,[37,18],["dc.services.instance.healthchecks"],null],[28,[37,30],["dc.services.instance.healthchecks"],null]]]],[52,[28,[37,8],[[30,7,["Service","Kind"]],"mesh-gateway"],null],[28,[37,4],null,[["label","href","selected"],["Addresses",[28,[37,18],["dc.services.instance.addresses"],null],[28,[37,30],["dc.services.instance.addresses"],null]]]]],[52,[33,16],[28,[37,4],null,[["label","href","selected"],["Upstreams",[28,[37,18],["dc.services.instance.upstreams"],null],[28,[37,30],["dc.services.instance.upstreams"],null]]]]],[52,[33,16],[28,[37,4],null,[["label","href","selected"],["Exposed Paths",[28,[37,18],["dc.services.instance.exposedpaths"],null],[28,[37,30],["dc.services.instance.exposedpaths"],null]]]]],[28,[37,4],null,[["label","href","selected"],["Tags & Meta",[28,[37,18],["dc.services.instance.metadata"],null],[28,[37,30],["dc.services.instance.metadata"],null]]]]],null]],null]]],null],[1,"\\n "],[8,[39,31],null,[["@name","@model"],[[99,1,["@name"]],[28,[37,32],[[28,[37,4],null,[["proxy","meta","item"],[[33,16],[33,15],[30,7]]]],[30,1,["model"]]],null]]],[["default"],[[[[1,"\\n "],[46,[28,[37,34],null,null],null,null,null],[1,"\\n "]],[10]]]]],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[7]]],[1," "]],[]]]]],[1,"\\n "]],[2]]]]],[1,"\\n"]],[1]]]]]],["route","loader","after","T","T","T","item","meta","address","o"],false,["route","routeName","data-loader","uri","hash","block-slot","app-error","if","eq","hds/toast","notification","let","data-source","action","mut","meta","proxy","app-view","href-to","tooltip","concat","consul/external-source","consul/kind","consul/transparent-proxy","unless","or","consul-copy-button","tab-nav","compact","array","is-href","outlet","assign","component","-outlet"]]',moduleName:"consul-ui/templates/dc/services/instance.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/dc/services/instance/addresses",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 @@ -4031,12 +4037,12 @@ e.default=n})),define("consul-ui/templates/loading",["exports","@ember/template- var n=(0,t.createTemplateFactory)({id:"5kbK/dah",block:'[[[1,"\\n"]],[],false,[]]',moduleName:"consul-ui/templates/loading.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/notfound",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"qt+16XBx",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[8,[39,2],null,[["@login","@error"],[[30,1,["model","app","login","open"]],[28,[37,3],null,[["status","message"],[404,"Unable to find that page"]]]]],null],[1,"\\n"]],[1]]]]],[1,"\\n\\n"]],["route"],false,["route","routeName","app-error","hash"]]',moduleName:"consul-ui/templates/notfound.hbs",isStrictMode:!1}) -e.default=n})),define("consul-ui/templates/oauth-provider-debug",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=n})) +define("consul-ui/templates/oauth-provider-debug",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"Lxy3wDlI",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n"],[10,0],[14,5,"width: 50%;margin: 0 auto;"],[12],[1,"\\n "],[10,"h1"],[12],[8,[30,1,["Title"]],null,[["@title"],["Mock OAuth Provider"]],null],[13],[1,"\\n "],[10,"main"],[12],[1,"\\n "],[10,"form"],[14,"method","GET"],[15,"action",[36,2]],[12],[1,"\\n"],[44,[[28,[37,4],null,[["state","code"],["state-123456789/abcdefghijklmnopqrstuvwxyz","code-abcdefghijklmnopqrstuvwxyz/123456789"]]]],[[[1," "],[8,[39,5],null,[["@name","@label","@item","@help"],["state","State",[30,2],"The OIDC state value that will get passed through to Consul"]],null],[1,"\\n "],[8,[39,5],null,[["@name","@label","@item","@help"],["code","Code",[30,2],"The OIDC code value that will get passed through to Consul"]],null],[1,"\\n"]],[2]]],[1," "],[8,[39,6],null,[["@type"],["submit"]],[["default"],[[[[1,"\\n Login\\n "]],[]]]]],[1,"\\n "],[13],[1,"\\n "],[13],[1,"\\n"],[13],[1,"\\n"]],[1]]]]],[1,"\\n"]],["route","item"],false,["route","routeName","redirect_uri","let","hash","text-input","action"]]',moduleName:"consul-ui/templates/oauth-provider-debug.hbs",isStrictMode:!1}) e.default=n})),define("consul-ui/templates/settings",["exports","@ember/template-factory"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=(0,t.createTemplateFactory)({id:"GXqC0vCH",block:'[[[1,"\\n"],[8,[39,0],null,[["@name"],[[99,1,["@name"]]]],[["default"],[[[[1,"\\n "],[8,[39,2],null,[["@src"],[[28,[37,3],["settings://consul:client"],null]]],[["default"],[[[[1,"\\n\\n "],[8,[39,4],null,[["@name"],["error"]],[["default"],[[[[1,"\\n "],[8,[39,5],null,[["@error","@login"],[[30,2,["error"]],[30,1,["model","app","login","open"]]]],null],[1,"\\n "]],[]]]]],[1,"\\n\\n "],[8,[39,4],null,[["@name"],["loaded"]],[["default"],[[[[1,"\\n"],[44,[[28,[37,7],[[30,2,["data"]],[28,[37,8],null,[["blocking"],[true]]]],null]],[[[1," "],[8,[39,9],null,null,[["default"],[[[[1,"\\n "],[8,[39,4],null,[["@name"],["header"]],[["default"],[[[[1,"\\n "],[10,"h1"],[12],[1,"\\n "],[8,[30,1,["Title"]],null,[["@title"],["Settings"]],null],[1,"\\n "],[13],[1,"\\n "]],[]]]]],[1,"\\n "],[8,[39,4],null,[["@name"],["content"]],[["default"],[[[[1,"\\n "],[8,[39,10],[[24,0,"mb-3 mt-2"]],[["@type"],["inline"]],[["default"],[[[[1,"\\n "],[8,[30,4,["Title"]],null,null,[["default"],[[[[1,"Local Storage"]],[]]]]],[1,"\\n "],[8,[30,4,["Description"]],null,null,[["default"],[[[[1,"These settings are immediately saved to local storage and persisted through browser usage."]],[]]]]],[1,"\\n "]],[4]]]]],[1,"\\n "],[10,"form"],[12],[1,"\\n"],[41,[28,[37,12],[[28,[37,13],["CONSUL_UI_DISABLE_REALTIME"],null]],null],[[[1," "],[8,[39,14],null,null,[["default"],[[[[1,"\\n "],[8,[30,5,["Details"]],null,null,[["default"],[[[[1,"\\n "],[8,[39,15],null,[["@data","@sink","@onchange"],[[30,3],"settings://consul:client",[28,[37,16],[[30,0],[28,[37,17],[[30,5,["close"]]],null]],null]]],null],[1,"\\n "]],[]]]]],[1,"\\n "],[10,"fieldset"],[12],[1,"\\n "],[10,"h2"],[12],[1,"Blocking Queries"],[13],[1,"\\n "],[10,2],[12],[1,"Keep catalog info up-to-date without refreshing the page. Any changes made to services, nodes and intentions would be reflected in real time."],[13],[1,"\\n "],[10,0],[14,0,"type-toggle"],[12],[1,"\\n "],[10,"label"],[12],[1,"\\n "],[11,"input"],[24,3,"client[blocking]"],[16,"checked",[52,[30,3,["blocking"]],"checked"]],[24,4,"checkbox"],[4,[38,18],["change",[28,[37,19],[[28,[37,20],[[30,3],"blocking",[28,[37,12],[[30,3,["blocking"]]],null]],null],[28,[37,17],[[30,5,["open"]]],null]],null]],null],[12],[13],[1,"\\n "],[10,1],[12],[1,[52,[30,3,["blocking"]],"On","Off"]],[13],[1,"\\n "],[13],[1,"\\n "],[13],[1,"\\n "],[13],[1,"\\n "]],[5]]]]],[1,"\\n"]],[]],null],[1," "],[13],[1,"\\n "]],[]]]]],[1,"\\n "]],[]]]]],[1,"\\n"]],[3]]],[1," "]],[]]]]],[1,"\\n"]],[2]]]]],[1,"\\n"]],[1]]]]],[1,"\\n"]],["route","loader","item","A","disclosure"],false,["route","routeName","data-loader","uri","block-slot","app-error","let","or","hash","app-view","hds/alert","if","not","env","disclosure","data-sink","action","fn","on","queue","set"]]',moduleName:"consul-ui/templates/settings.hbs",isStrictMode:!1}) -e.default=n})) -define("consul-ui/transforms/array",["exports","ember-data-model-fragments/transforms/array"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 +e.default=n})),define("consul-ui/transforms/array",["exports","ember-data-model-fragments/transforms/array"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=t.default e.default=n})),define("consul-ui/transforms/boolean",["exports","@ember-data/serializer/-private"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.BooleanTransform}})})),define("consul-ui/transforms/date",["exports","@ember-data/serializer/-private"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),Object.defineProperty(e,"default",{enumerable:!0,get:function(){return t.DateTransform}})})),define("consul-ui/transforms/fragment-array",["exports","ember-data-model-fragments/transforms/fragment-array"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 var n=t.default @@ -4189,7 +4195,8 @@ var r=l e.default=r})),define("consul-ui/utils/dom/get-component-factory",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"-view-registry:main" const n=e.lookup(t) return function(e){const t=e.getAttribute("id") -if(t)return n[t]}}})),define("consul-ui/utils/dom/is-outside",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e,t){let n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:document +if(t)return n[t]}}})) +define("consul-ui/utils/dom/is-outside",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e,t){let n=arguments.length>2&&void 0!==arguments[2]?arguments[2]:document if(e){const l=!t||!n.contains(t),r=e===t||e.contains(t) return!l&&!r}return!1}})),define("consul-ui/utils/dom/normalize-event",["exports"],(function(e){function t(e,t){var n=Object.keys(e) if(Object.getOwnPropertySymbols){var l=Object.getOwnPropertySymbols(e) @@ -4201,8 +4208,7 @@ if("object"!=typeof l)return l throw new TypeError("@@toPrimitive must return a primitive value.")}return("string"===t?String:Number)(e)}(e,"string") return"symbol"==typeof t?t:String(t)}(t))in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e,t){let l=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{} if(void 0!==e.target)return e -return{target:n(n({},l),{name:e,value:t})}}})) -define("consul-ui/utils/dom/qsa-factory",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:document +return{target:n(n({},l),{name:e,value:t})}}})),define("consul-ui/utils/dom/qsa-factory",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:document return function(t){return(arguments.length>1&&void 0!==arguments[1]?arguments[1]:e).querySelectorAll(t)}}})),define("consul-ui/utils/dom/sibling",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e,t){let n=e for(;n=n.nextSibling;)if(1===n.nodeType&&n.nodeName.toLowerCase()===t)return n}})),define("consul-ui/utils/editor/lint",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.createLoader=void 0,e.default=function(e,t){n(e,t,(function(){e.getValue().trim().length&&e.performLint()}))} const t=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:document.getElementsByTagName.bind(document),t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:CodeMirror @@ -4384,13 +4390,13 @@ e.default=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0 const r=new(arguments.length>2&&void 0!==arguments[2]?arguments[2]:n.default),i=e.shift().map((e=>(""===e.ServiceName&&r.set(e.Node,e.CheckID),e))).concat(e.reduce(((e,t)=>void 0===t?e:e.concat(t.reduce(((e,t)=>{if(""===t.ServiceName){if((r.get(t.Node)||[]).includes(t.CheckID))return e r.set(t.Node,t.CheckID)}return e.push(t),e}),[]))),[])) return l&&i.filter((e=>(0,t.get)(e,"Exposable"))).forEach((e=>{(0,t.set)(e,"Exposed",l)})),i}})),define("consul-ui/utils/minimizeModel",["exports","@ember/object"],(function(e,t){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e){if(Array.isArray(e))return e.filter((function(e){return!(0,t.get)(e,"isNew")})).map((function(e){return{ID:(0,t.get)(e,"ID"),Name:(0,t.get)(e,"Name")}}))}})),define("consul-ui/utils/non-empty-set",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e){return function(t){return null==t||""===t?{}:{[e]:t}}}})),define("consul-ui/utils/path/resolve",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 -e.default=(e,t)=>0===t.indexOf("/")?t:t.split("/").reduce(((e,t,n,l)=>("."!==t&&(".."===t?e.pop():""===t&&n!==l.length-1||e.push(t)),e)),e.split("/")).join("/")})),define("consul-ui/utils/promisedTimeout",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:Promise,t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:setTimeout +e.default=(e,t)=>0===t.indexOf("/")?t:t.split("/").reduce(((e,t,n,l)=>("."!==t&&(".."===t?e.pop():""===t&&n!==l.length-1||e.push(t)),e)),e.split("/")).join("/")})) +define("consul-ui/utils/promisedTimeout",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:Promise,t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:setTimeout return function(n){let l=arguments.length>1&&void 0!==arguments[1]?arguments[1]:function(){} return new e(((e,r)=>{l(t((function(){e(n)}),n))}))}}})),define("consul-ui/utils/right-trim",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(){let e=arguments.length>0&&void 0!==arguments[0]?arguments[0]:"",t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"" const n=e.length-t.length if(n>=0)return e.lastIndexOf(t)===n?e.substr(0,n):e -return e}})) -define("consul-ui/utils/routing/redirect-to",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e,t){return function(t,n){const l=this.routeName.split(".").slice(0,-1).join(".") +return e}})),define("consul-ui/utils/routing/redirect-to",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e,t){return function(t,n){const l=this.routeName.split(".").slice(0,-1).join(".") this.replaceWith(`${l}.${e}`,t)}}})),define("consul-ui/utils/routing/transitionable",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=function(e){let l=arguments.length>1&&void 0!==arguments[1]?arguments[1]:{},r=arguments.length>2?arguments[2]:void 0 null===e&&(e=r.lookup("route:application")) let i,o=n(e,l),a=e @@ -4462,4 +4468,4 @@ let l=e.split("."),r=l.pop(),i=l.join("."),u=(0,t.get)(o,i) return u&&u.hasOwnProperty&&u.hasOwnProperty(r)?n:(0,t.get)(a,e)}return o.hasOwnProperty(e)?(0,t.get)(o,e):(0,t.get)(a,e)}} return!n.call(u,o,a)||e(l,r,i,o,a)}}(e)}})),define("consul-ui/validations/token",["exports"],(function(e){Object.defineProperty(e,"__esModule",{value:!0}),e.default=void 0 e.default={}})),define("consul-ui/config/environment",[],(function(){try{var e="consul-ui/config/environment",t=document.querySelector('meta[name="'+e+'"]').getAttribute("content"),n={default:JSON.parse(decodeURIComponent(t))} -return Object.defineProperty(n,"__esModule",{value:!0}),n}catch(l){throw new Error('Could not read config from meta tag with name "'+e+'".')}})),runningTests||require("consul-ui/app").default.create({name:"consul-ui",version:"2.2.0+85171f50"}) +return Object.defineProperty(n,"__esModule",{value:!0}),n}catch(l){throw new Error('Could not read config from meta tag with name "'+e+'".')}})),runningTests||require("consul-ui/app").default.create({name:"consul-ui",version:"2.2.0+f7fad31c"}) diff --git a/agent/uiserver/dist/index.html b/agent/uiserver/dist/index.html index 438fc074ed301..5f9cc4798c2d2 100644 --- a/agent/uiserver/dist/index.html +++ b/agent/uiserver/dist/index.html @@ -13,15 +13,15 @@ - + - - + @@ -89,12 +89,12 @@

JavaScript Required

- + {{ range .ExtraScripts }} {{ end }} - + diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go index b5105bb698b1a..fb92ea5804b6f 100644 --- a/agent/xds/clusters_test.go +++ b/agent/xds/clusters_test.go @@ -6,10 +6,13 @@ package xds import ( "bytes" "path/filepath" + "sort" "testing" "text/template" "time" + "github.com/hashicorp/consul/types" + envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" @@ -19,6 +22,12 @@ import ( "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/agent/xds/proxystateconverter" + "github.com/hashicorp/consul/agent/xds/response" + "github.com/hashicorp/consul/agent/xds/testcommon" + "github.com/hashicorp/consul/agent/xdsv2" + "github.com/hashicorp/consul/envoyextensions/xdscommon" + "github.com/hashicorp/consul/sdk/testutil" ) type mockCfgFetcher struct { @@ -29,6 +38,13 @@ func (s *mockCfgFetcher) AdvertiseAddrLAN() string { return s.addressLan } +type clusterTestCase struct { + name string + create func(t testinf.T) *proxycfg.ConfigSnapshot + overrideGoldenName string + alsoRunTestForV2 bool +} + func uint32ptr(i uint32) *uint32 { return &i } @@ -37,6 +53,1117 @@ func durationPtr(d time.Duration) *time.Duration { return &d } +func makeClusterDiscoChainTests(enterprise bool) []clusterTestCase { + return []clusterTestCase{ + { + name: "custom-upstream-default-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", enterprise, func(ns *structs.NodeService) { + ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] = + customAppClusterJSON(t, customClusterJSONOptions{ + Name: "myservice", + }) + }, nil) + }, + // TODO(proxystate): requires custom cluster work + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-http2", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, func(ns *structs.NodeService) { + ns.Proxy.Upstreams[0].Config["protocol"] = "http2" + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-external-sni", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil) + }, + //TODO(proxystate): this requires terminating gateway work + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-and-overrides", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-and-failover", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, nil, nil) + }, + // TODO(proxystate): requires routes work + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil) + }, + // TODO(proxystate): requires routes work + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", enterprise, nil, nil) + }, + // TODO(proxystate): requires routes work + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", enterprise, nil, nil) + }, + // TODO(proxystate): requires routes work + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", enterprise, nil, nil) + }, + // TODO(proxystate): requires routes work + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-tcp-chain-failover-through-local-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil) + }, + // TODO(proxystate): requires routes work + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", enterprise, nil, nil) + }, + // TODO(proxystate): requires routes work + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", enterprise, nil, nil) + }, + // TODO(proxystate): requires routes work + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", enterprise, nil, nil) + }, + // TODO(proxystate): requires routes work + alsoRunTestForV2: false, + }, + { + name: "splitter-with-resolver-redirect", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-lb-in-resolver", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + } +} + +func TestClustersFromSnapshot(t *testing.T) { + // TODO: we should move all of these to TestAllResourcesFromSnapshot + // eventually to test all of the xDS types at once with the same input, + // just as it would be triggered by our xDS server. + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + tests := []clusterTestCase{ + { + name: "connect-proxy-with-tls-outgoing-min-version-auto", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSVersionAuto, + }, + }, + }, + }, + }, + }) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tls-outgoing-min-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSv1_3, + }, + }, + }, + }, + }, + }) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tls-outgoing-max-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMaxVersion: types.TLSv1_2, + }, + }, + }, + }, + }, + }) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tls-outgoing-cipher-suites", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + }, + }, + }, + }, + }, + }, + }) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-jwt-config-entry-with-local", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "jwt-provider", + Result: &structs.IndexedConfigEntries{ + Kind: "jwt-provider", + Entries: []structs.ConfigEntry{ + &structs.JWTProviderConfigEntry{ + Name: "okta", + JSONWebKeySet: &structs.JSONWebKeySet{ + Local: &structs.LocalJWKS{ + JWKS: "xxx", + }, + }, + }, + }, + }, + }, + }) + }, + // TODO(proxystate): jwt work will come at a later time + alsoRunTestForV2: false, + }, + { + name: "connect-proxy-with-jwt-config-entry-with-remote-jwks", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "jwt-provider", + Result: &structs.IndexedConfigEntries{ + Kind: "jwt-provider", + Entries: []structs.ConfigEntry{ + &structs.JWTProviderConfigEntry{ + Name: "okta", + JSONWebKeySet: &structs.JSONWebKeySet{ + Remote: &structs.RemoteJWKS{ + RequestTimeoutMs: 1000, + FetchAsynchronously: true, + URI: "https://test.test.com", + JWKSCluster: &structs.JWKSCluster{ + DiscoveryType: structs.DiscoveryTypeStatic, + ConnectTimeout: time.Duration(5) * time.Second, + TLSCertificates: &structs.JWKSTLSCertificate{ + TrustedCA: &structs.JWKSTLSCertTrustedCA{ + Filename: "mycert.crt", + }, + }, + }, + }, + }, + }, + }, + }, + }, + }) + }, + // TODO(proxystate): jwt work will come at a later time + alsoRunTestForV2: false, + }, + { + name: "custom-local-app", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["envoy_local_cluster_json"] = + customAppClusterJSON(t, customClusterJSONOptions{ + Name: "mylocal", + }) + }, nil) + }, + // TODO(proxystate): requires custom cluster work + alsoRunTestForV2: false, + }, + { + name: "custom-upstream", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] = + customAppClusterJSON(t, customClusterJSONOptions{ + Name: "myservice", + }) + }, nil) + }, + // TODO(proxystate): requires custom cluster work + alsoRunTestForV2: false, + }, + { + name: "custom-upstream-ignores-tls", + overrideGoldenName: "custom-upstream", // should be the same + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] = + customAppClusterJSON(t, customClusterJSONOptions{ + Name: "myservice", + // Attempt to override the TLS context should be ignored + TLSContext: `"allowRenegotiation": false`, + }) + }, nil) + }, + // TODO(proxystate): requires custom cluster work + alsoRunTestForV2: false, + }, + { + name: "custom-upstream-with-prepared-query", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + for i := range ns.Proxy.Upstreams { + + switch ns.Proxy.Upstreams[i].DestinationName { + case "db": + if ns.Proxy.Upstreams[i].Config == nil { + ns.Proxy.Upstreams[i].Config = map[string]interface{}{} + } + + uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i]) + + // Triggers an override with the presence of the escape hatch listener + ns.Proxy.Upstreams[i].DestinationType = structs.UpstreamDestTypePreparedQuery + + ns.Proxy.Upstreams[i].Config["envoy_cluster_json"] = + customClusterJSON(t, customClusterJSONOptions{ + Name: uid.EnvoyID() + ":custom-upstream", + }) + + // Also test that http2 options are triggered. + // A separate upstream without an override is required to test + case "geo-cache": + if ns.Proxy.Upstreams[i].Config == nil { + ns.Proxy.Upstreams[i].Config = map[string]interface{}{} + } + ns.Proxy.Upstreams[i].Config["protocol"] = "http2" + default: + continue + } + } + }, nil) + }, + // TODO(proxystate): requires custom cluster work + alsoRunTestForV2: false, + }, + { + name: "custom-timeouts", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["local_connect_timeout_ms"] = 1234 + ns.Proxy.Upstreams[0].Config["connect_timeout_ms"] = 2345 + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "custom-passive-healthcheck", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Upstreams[0].Config["passive_health_check"] = map[string]interface{}{ + "enforcing_consecutive_5xx": float64(80), + "max_failures": float64(5), + "interval": float64(10 * time.Second), + "max_ejection_percent": float64(100), + "base_ejection_time": float64(10 * time.Second), + } + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "custom-passive-healthcheck-zero-consecutive_5xx", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Upstreams[0].Config["passive_health_check"] = map[string]interface{}{ + "enforcing_consecutive_5xx": float64(0), + "max_failures": float64(5), + "interval": float64(10 * time.Second), + "max_ejection_percent": float64(100), + "base_ejection_time": float64(10 * time.Second), + } + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "custom-max-inbound-connections", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["max_inbound_connections"] = 3456 + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "custom-limits-max-connections-only", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + for i := range ns.Proxy.Upstreams { + // We check if Config is nil because the prepared_query upstream is + // initialized without a Config map. Use Upstreams[i] syntax to + // modify the actual ConfigSnapshot instead of copying the Upstream + // in the range. + if ns.Proxy.Upstreams[i].Config == nil { + ns.Proxy.Upstreams[i].Config = map[string]interface{}{} + } + + ns.Proxy.Upstreams[i].Config["limits"] = map[string]interface{}{ + "max_connections": 500, + } + } + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "custom-limits-set-to-zero", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + for i := range ns.Proxy.Upstreams { + if ns.Proxy.Upstreams[i].Config == nil { + ns.Proxy.Upstreams[i].Config = map[string]interface{}{} + } + + ns.Proxy.Upstreams[i].Config["limits"] = map[string]interface{}{ + "max_connections": 0, + "max_pending_requests": 0, + "max_concurrent_requests": 0, + } + } + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "custom-limits", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + for i := range ns.Proxy.Upstreams { + if ns.Proxy.Upstreams[i].Config == nil { + ns.Proxy.Upstreams[i].Config = map[string]interface{}{} + } + + ns.Proxy.Upstreams[i].Config["limits"] = map[string]interface{}{ + "max_connections": 500, + "max_pending_requests": 600, + "max_concurrent_requests": 700, + } + } + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "expose-paths-local-app-paths", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotExposeConfig(t, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "downstream-service-with-unix-sockets", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Address = "" + ns.Port = 0 + ns.Proxy.LocalServiceAddress = "" + ns.Proxy.LocalServicePort = 0 + ns.Proxy.LocalServiceSocketPath = "/tmp/downstream_proxy.sock" + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "expose-paths-new-cluster-http2", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotExposeConfig(t, func(ns *structs.NodeService) { + ns.Proxy.Expose.Paths[1] = structs.ExposePath{ + LocalPathPort: 9090, + Path: "/grpc.health.v1.Health/Check", + ListenerPort: 21501, + Protocol: "http2", + } + }) + }, + alsoRunTestForV2: true, + }, + { + name: "expose-checks", + create: proxycfg.TestConfigSnapshotExposeChecks, + alsoRunTestForV2: true, + }, + { + name: "expose-paths-grpc-new-cluster-http1", + create: proxycfg.TestConfigSnapshotGRPCExposeHTTP1, + alsoRunTestForV2: true, + }, + { + name: "mesh-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "default", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-using-federation-states", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-using-federation-control-plane", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-no-services", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-service-subsets", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "service-subsets", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-ignore-extra-resolvers", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "ignore-extra-resolvers", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-service-timeouts", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "service-timeouts", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-non-hash-lb-injected", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "non-hash-lb-injected", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-hash-lb-ignored", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "hash-lb-ignored", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-tcp-keepalives", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "default", func(ns *structs.NodeService) { + ns.Proxy.Config["envoy_gateway_remote_tcp_enable_keepalive"] = true + ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_time"] = 120 + ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_interval"] = 60 + ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_probes"] = 7 + }, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "default", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-gateway-nil-config-entry", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-gateway-with-tls-outgoing-min-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSv1_3, + }, + }, + }, + }, + }, + }) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-gateway-with-tls-outgoing-max-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMaxVersion: types.TLSv1_2, + }, + }, + }, + }, + }, + }) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-gateway-with-tls-outgoing-cipher-suites", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + }, + }, + }, + }, + }, + }, + }) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-gateway-no-services", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp", + "default", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "simple", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-service-max-connections", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "simple", nil, + func(entry *structs.IngressGatewayConfigEntry) { + entry.Listeners[0].Services[0].MaxConnections = 4096 + }, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-defaults-service-max-connections", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "simple", nil, + func(entry *structs.IngressGatewayConfigEntry) { + entry.Defaults = &structs.IngressServiceConfig{ + MaxConnections: 2048, + MaxPendingRequests: 512, + MaxConcurrentRequests: 4096, + } + }, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-overwrite-defaults-service-max-connections", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "simple", nil, + func(entry *structs.IngressGatewayConfigEntry) { + entry.Defaults = &structs.IngressServiceConfig{ + MaxConnections: 2048, + MaxPendingRequests: 512, + } + entry.Listeners[0].Services[0].MaxConnections = 4096 + entry.Listeners[0].Services[0].MaxPendingRequests = 2048 + }, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-service-passive-health-check", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "simple", nil, + func(entry *structs.IngressGatewayConfigEntry) { + entry.Listeners[0].Services[0].MaxConnections = 4096 + entry.Listeners[0].Services[0].PassiveHealthCheck = &structs.PassiveHealthCheck{ + Interval: 5000000000, + MaxFailures: 10, + MaxEjectionPercent: uint32ptr(90), + } + }, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-defaults-passive-health-check", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "simple", nil, + func(entry *structs.IngressGatewayConfigEntry) { + enforcingConsecutive5xx := uint32(80) + entry.Defaults = &structs.IngressServiceConfig{ + MaxConnections: 2048, + MaxPendingRequests: 512, + MaxConcurrentRequests: 4096, + PassiveHealthCheck: &structs.PassiveHealthCheck{ + Interval: 5000000000, + MaxFailures: 10, + EnforcingConsecutive5xx: &enforcingConsecutive5xx, + MaxEjectionPercent: uint32ptr(90), + }, + } + }, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-overwrite-defaults-passive-health-check", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "simple", nil, + func(entry *structs.IngressGatewayConfigEntry) { + defaultEnforcingConsecutive5xx := uint32(80) + entry.Defaults = &structs.IngressServiceConfig{ + MaxConnections: 2048, + MaxPendingRequests: 512, + PassiveHealthCheck: &structs.PassiveHealthCheck{ + Interval: 5000000000, + EnforcingConsecutive5xx: &defaultEnforcingConsecutive5xx, + MaxEjectionPercent: uint32ptr(80), + }, + } + enforcingConsecutive5xx := uint32(50) + entry.Listeners[0].Services[0].MaxConnections = 4096 + entry.Listeners[0].Services[0].MaxPendingRequests = 2048 + entry.Listeners[0].Services[0].PassiveHealthCheck = &structs.PassiveHealthCheck{ + Interval: 8000000000, + EnforcingConsecutive5xx: &enforcingConsecutive5xx, + MaxEjectionPercent: uint32ptr(90), + BaseEjectionTime: durationPtr(12 * time.Second), + } + }, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain-external-sni", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "external-sni", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain-and-failover", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain-and-failover-to-cluster-peer", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-to-cluster-peer", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-failover-through-remote-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-remote-gateway", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-failover-through-remote-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-remote-gateway-triggered", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-double-failover-through-remote-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-double-remote-gateway", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-double-remote-gateway-triggered", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-failover-through-local-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-local-gateway", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-failover-through-local-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-local-gateway-triggered", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-double-failover-through-local-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-double-local-gateway", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-double-failover-through-local-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-double-local-gateway-triggered", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-splitter-with-resolver-redirect", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", + "splitter-with-resolver-redirect-multidc", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-lb-in-resolver", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", + "lb-resolver", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil) + }, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-no-services", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, false, nil, nil) + }, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-service-subsets", + create: proxycfg.TestConfigSnapshotTerminatingGatewayServiceSubsetsWebAndCache, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-hostname-service-subsets", + create: proxycfg.TestConfigSnapshotTerminatingGatewayHostnameSubsets, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-sni", + create: proxycfg.TestConfigSnapshotTerminatingGatewaySNI, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-http2-upstream", + create: proxycfg.TestConfigSnapshotTerminatingGatewayHTTP2, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-http2-upstream-subsets", + create: proxycfg.TestConfigSnapshotTerminatingGatewaySubsetsHTTP2, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-ignore-extra-resolvers", + create: proxycfg.TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-lb-config", + create: proxycfg.TestConfigSnapshotTerminatingGatewayLBConfigNoHashPolicies, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-tcp-keepalives", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, func(ns *structs.NodeService) { + if ns.Proxy.Config == nil { + ns.Proxy.Config = map[string]interface{}{} + } + ns.Proxy.Config["envoy_gateway_remote_tcp_enable_keepalive"] = true + ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_time"] = 133 + ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_interval"] = 27 + ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_probes"] = 5 + }, nil) + }, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-multiple-listeners-duplicate-service", + create: proxycfg.TestConfigSnapshotIngress_MultipleListenersDuplicateService, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "transparent-proxy-catalog-destinations-only", + create: proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly, + alsoRunTestForV2: true, + }, + { + name: "transparent-proxy-dial-instances-directly", + create: proxycfg.TestConfigSnapshotTransparentProxyDialDirectly, + alsoRunTestForV2: true, + }, + } + + tests = append(tests, makeClusterDiscoChainTests(false)...) + + latestEnvoyVersion := xdscommon.EnvoyVersions[0] + for _, envoyVersion := range xdscommon.EnvoyVersions { + sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion) + require.NoError(t, err) + t.Run("envoy-"+envoyVersion, func(t *testing.T) { + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Sanity check default with no overrides first + snap := tt.create(t) + + // We need to replace the TLS certs with deterministic ones to make golden + // files workable. Note we don't update these otherwise they'd change + // golder files for every test case and so not be any use! + testcommon.SetupTLSRootsAndLeaf(t, snap) + + // Need server just for logger dependency + g := NewResourceGenerator(testutil.Logger(t), nil, false) + g.ProxyFeatures = sf + + clusters, err := g.clustersFromSnapshot(snap) + require.NoError(t, err) + + sort.Slice(clusters, func(i, j int) bool { + return clusters[i].(*envoy_cluster_v3.Cluster).Name < clusters[j].(*envoy_cluster_v3.Cluster).Name + }) + + r, err := response.CreateResponse(xdscommon.ClusterType, "00000001", "00000001", clusters) + require.NoError(t, err) + + t.Run("current-xdsv1", func(t *testing.T) { + gotJSON := protoToJSON(t, r) + + gName := tt.name + if tt.overrideGoldenName != "" { + gName = tt.overrideGoldenName + } + + require.JSONEq(t, goldenEnvoy(t, filepath.Join("clusters", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON) + }) + + if tt.alsoRunTestForV2 { + generator := xdsv2.NewResourceGenerator(testutil.Logger(t)) + + converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "10.10.10.10"}) + proxyState, err := converter.ProxyStateFromSnapshot(snap) + require.NoError(t, err) + + res, err := generator.AllResourcesFromIR(proxyState) + require.NoError(t, err) + + clusters = res[xdscommon.ClusterType] + + // The order of clusters returned via CDS isn't relevant, so it's safe + // to sort these for the purposes of test comparisons. + sort.Slice(clusters, func(i, j int) bool { + return clusters[i].(*envoy_cluster_v3.Cluster).Name < clusters[j].(*envoy_cluster_v3.Cluster).Name + }) + + r, err := response.CreateResponse(xdscommon.ClusterType, "00000001", "00000001", clusters) + require.NoError(t, err) + + t.Run("current-xdsv2", func(t *testing.T) { + gotJSON := protoToJSON(t, r) + + gName := tt.name + if tt.overrideGoldenName != "" { + gName = tt.overrideGoldenName + } + + expectedJSON := goldenEnvoy(t, filepath.Join("clusters", gName), envoyVersion, latestEnvoyVersion, gotJSON) + require.JSONEq(t, expectedJSON, gotJSON) + }) + } + }) + } + }) + } +} + type customClusterJSONOptions struct { Name string TLSContext string diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go index 4a4cff89d0506..9daf5b31f55b3 100644 --- a/agent/xds/endpoints_test.go +++ b/agent/xds/endpoints_test.go @@ -4,15 +4,23 @@ package xds import ( + "path/filepath" + "sort" "testing" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/agent/xds/proxystateconverter" "github.com/hashicorp/consul/agent/xds/response" + "github.com/hashicorp/consul/agent/xds/testcommon" + "github.com/hashicorp/consul/agent/xdsv2" + "github.com/hashicorp/consul/envoyextensions/xdscommon" + "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/go-hclog" "github.com/mitchellh/copystructure" + testinf "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/require" ) @@ -229,3 +237,450 @@ func Test_makeLoadAssignment(t *testing.T) { }) } } + +type endpointTestCase struct { + name string + create func(t testinf.T) *proxycfg.ConfigSnapshot + overrideGoldenName string + alsoRunTestForV2 bool +} + +func makeEndpointDiscoChainTests(enterprise bool) []endpointTestCase { + return []endpointTestCase{ + { + name: "connect-proxy-with-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-external-sni", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-and-overrides", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-and-failover", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain-failover-through-local-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-default-chain-and-custom-cluster", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", enterprise, func(ns *structs.NodeService) { + ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] = + customAppClusterJSON(t, customClusterJSONOptions{ + Name: "myservice", + }) + }, nil) + }, + // TODO(proxystate): requires custom cluster work + alsoRunTestForV2: false, + }, + { + name: "splitter-with-resolver-redirect", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + } +} + +func TestEndpointsFromSnapshot(t *testing.T) { + // TODO: we should move all of these to TestAllResourcesFromSnapshot + // eventually to test all of the xDS types at once with the same input, + // just as it would be triggered by our xDS server. + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + tests := []endpointTestCase{ + { + name: "mesh-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "default", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-using-federation-states", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-newer-information-in-federation-states", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "newer-info-in-federation-states", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-using-federation-control-plane", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-older-information-in-federation-states", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "older-info-in-federation-states", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-no-services", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-service-subsets", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "service-subsets2", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "mesh-gateway-default-service-subset", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "default-service-subsets2", nil, nil) + }, + // TODO(proxystate): mesh gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "default", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-gateway-nil-config-entry", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-gateway-no-services", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp", + "default", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "simple", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain-external-sni", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "external-sni", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain-and-failover", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain-and-failover-to-cluster-peer", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-to-cluster-peer", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-failover-through-remote-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-remote-gateway", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-failover-through-remote-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-remote-gateway-triggered", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-double-failover-through-remote-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-double-remote-gateway", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-double-remote-gateway-triggered", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-failover-through-local-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-local-gateway", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-failover-through-local-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-local-gateway-triggered", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-double-failover-through-local-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-double-local-gateway", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-tcp-chain-double-failover-through-local-gateway-triggered", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-double-local-gateway-triggered", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-splitter-with-resolver-redirect", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", + "splitter-with-resolver-redirect-multidc", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil) + }, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-no-services", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, false, nil, nil) + }, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-service-subsets", + create: proxycfg.TestConfigSnapshotTerminatingGatewayServiceSubsets, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-default-service-subset", + create: proxycfg.TestConfigSnapshotTerminatingGatewayDefaultServiceSubset, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-multiple-listeners-duplicate-service", + create: proxycfg.TestConfigSnapshotIngress_MultipleListenersDuplicateService, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + } + + tests = append(tests, makeEndpointDiscoChainTests(false)...) + + latestEnvoyVersion := xdscommon.EnvoyVersions[0] + for _, envoyVersion := range xdscommon.EnvoyVersions { + sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion) + require.NoError(t, err) + t.Run("envoy-"+envoyVersion, func(t *testing.T) { + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Sanity check default with no overrides first + snap := tt.create(t) + + // We need to replace the TLS certs with deterministic ones to make golden + // files workable. Note we don't update these otherwise they'd change + // golden files for every test case and so not be any use! + testcommon.SetupTLSRootsAndLeaf(t, snap) + + // Need server just for logger dependency + g := NewResourceGenerator(testutil.Logger(t), nil, false) + g.ProxyFeatures = sf + + endpoints, err := g.endpointsFromSnapshot(snap) + require.NoError(t, err) + + sort.Slice(endpoints, func(i, j int) bool { + return endpoints[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < endpoints[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName + }) + r, err := response.CreateResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints) + require.NoError(t, err) + + t.Run("current-xdsv1", func(t *testing.T) { + gotJSON := protoToJSON(t, r) + + gName := tt.name + if tt.overrideGoldenName != "" { + gName = tt.overrideGoldenName + } + + require.JSONEq(t, goldenEnvoy(t, filepath.Join("endpoints", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON) + }) + + if tt.alsoRunTestForV2 { + generator := xdsv2.NewResourceGenerator(testutil.Logger(t)) + + converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "10.10.10.10"}) + proxyState, err := converter.ProxyStateFromSnapshot(snap) + require.NoError(t, err) + + res, err := generator.AllResourcesFromIR(proxyState) + require.NoError(t, err) + + endpoints = res[xdscommon.EndpointType] + // The order of listeners returned via LDS isn't relevant, so it's safe + // to sort these for the purposes of test comparisons. + sort.Slice(endpoints, func(i, j int) bool { + return endpoints[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < endpoints[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName + }) + + r, err := response.CreateResponse(xdscommon.EndpointType, "00000001", "00000001", endpoints) + require.NoError(t, err) + + t.Run("current-xdsv2", func(t *testing.T) { + gotJSON := protoToJSON(t, r) + + gName := tt.name + if tt.overrideGoldenName != "" { + gName = tt.overrideGoldenName + } + + expectedJSON := goldenEnvoy(t, filepath.Join("endpoints", gName), envoyVersion, latestEnvoyVersion, gotJSON) + require.JSONEq(t, expectedJSON, gotJSON) + }) + } + }) + } + }) + } +} diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go index cec681a9adeb9..1a91ee77b74d1 100644 --- a/agent/xds/listeners_test.go +++ b/agent/xds/listeners_test.go @@ -5,18 +5,1426 @@ package xds import ( "bytes" + "path/filepath" + "sort" "testing" "text/template" - testinf "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/assert" + "google.golang.org/protobuf/proto" + + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + testinf "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/require" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/xds/configfetcher" + "github.com/hashicorp/consul/agent/xds/proxystateconverter" + "github.com/hashicorp/consul/agent/xds/response" + "github.com/hashicorp/consul/agent/xds/testcommon" + "github.com/hashicorp/consul/agent/xdsv2" + "github.com/hashicorp/consul/envoyextensions/xdscommon" + "github.com/hashicorp/consul/proto/private/pbpeering" + "github.com/hashicorp/consul/sdk/testutil" + "github.com/hashicorp/consul/types" ) +type listenerTestCase struct { + name string + create func(t testinf.T) *proxycfg.ConfigSnapshot + // Setup is called before the test starts. It is passed the snapshot from + // TestConfigSnapshot and is allowed to modify it in any way to setup the + // test input. + overrideGoldenName string + generatorSetup func(*ResourceGenerator) + alsoRunTestForV2 bool +} + +func makeListenerDiscoChainTests(enterprise bool) []listenerTestCase { + return []listenerTestCase{ + { + name: "custom-upstream-ignored-with-disco-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, func(ns *structs.NodeService) { + for i := range ns.Proxy.Upstreams { + if ns.Proxy.Upstreams[i].DestinationName != "db" { + continue // only tweak the db upstream + } + if ns.Proxy.Upstreams[i].Config == nil { + ns.Proxy.Upstreams[i].Config = map[string]interface{}{} + } + + uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i]) + + ns.Proxy.Upstreams[i].Config["envoy_listener_json"] = + customListenerJSON(t, customListenerJSONOptions{ + Name: uid.EnvoyID() + ":custom-upstream", + }) + } + }, nil) + }, + }, + { + name: "splitter-with-resolver-redirect", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-http-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil, + &structs.ProxyConfigEntry{ + Kind: structs.ProxyDefaults, + Name: structs.ProxyConfigGlobal, + Protocol: "http", + Config: map[string]interface{}{ + "protocol": "http", + }, + }, + ) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-http2-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil, + &structs.ProxyConfigEntry{ + Kind: structs.ProxyDefaults, + Name: structs.ProxyConfigGlobal, + Protocol: "http2", + Config: map[string]interface{}{ + "protocol": "http2", + }, + }, + ) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-grpc-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil, + &structs.ProxyConfigEntry{ + Kind: structs.ProxyDefaults, + Name: structs.ProxyConfigGlobal, + Protocol: "grpc", + Config: map[string]interface{}{ + "protocol": "grpc", + }, + }, + ) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-external-sni", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-and-overrides", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tcp-chain-failover-through-local-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-jwt-config-entry-with-local", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, func(ns *structs.NodeService) { + ns.Proxy.Config["protocol"] = "http" + }, + []proxycfg.UpdateEvent{ + { + CorrelationID: "jwt-provider", + Result: &structs.IndexedConfigEntries{ + Kind: "jwt-provider", + Entries: []structs.ConfigEntry{ + &structs.JWTProviderConfigEntry{ + Name: "okta", + JSONWebKeySet: &structs.JSONWebKeySet{ + Local: &structs.LocalJWKS{ + JWKS: "aGVsbG8gd29ybGQK", + }, + }, + Locations: []*structs.JWTLocation{ + { + QueryParam: &structs.JWTLocationQueryParam{ + Name: "token", + }, + }, + { + Cookie: &structs.JWTLocationCookie{ + Name: "token", + }, + }, + }, + }, + }, + }, + }, + { + CorrelationID: "intentions", + Result: structs.SimplifiedIntentions{ + { + SourceName: "*", + DestinationName: "db", + Permissions: []*structs.IntentionPermission{ + { + JWT: &structs.IntentionJWTRequirement{ + Providers: []*structs.IntentionJWTProvider{ + { + Name: "okta", + }, + }, + }, + }, + }, + }, + }, + }, + }, + ) + }, + }, + } +} + +func TestListenersFromSnapshot(t *testing.T) { + // TODO: we should move all of these to TestAllResourcesFromSnapshot + // eventually to test all of the xDS types at once with the same input, + // just as it would be triggered by our xDS server. + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + tests := []listenerTestCase{ + { + name: "connect-proxy-with-tls-outgoing-min-version-auto", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Outgoing: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSVersionAuto, + }, + }, + }, + }, + }, + }) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tls-incoming-min-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSv1_3, + }, + }, + }, + }, + }, + }) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tls-incoming-max-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + TLSMaxVersion: types.TLSv1_2, + }, + }, + }, + }, + }, + }) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-tls-incoming-cipher-suites", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + }, + }, + }, + }, + }, + }, + }) + }, + alsoRunTestForV2: true, + }, + { + name: "grpc-public-listener", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["protocol"] = "grpc" + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "listener-bind-address", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["bind_address"] = "127.0.0.2" + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "listener-bind-port", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["bind_port"] = 8888 + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "listener-bind-address-port", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["bind_address"] = "127.0.0.2" + ns.Proxy.Config["bind_port"] = 8888 + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "listener-unix-domain-socket", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Upstreams[0].LocalBindAddress = "" + ns.Proxy.Upstreams[0].LocalBindPort = 0 + ns.Proxy.Upstreams[0].LocalBindSocketPath = "/tmp/service-mesh/client-1/grpc-employee-server" + ns.Proxy.Upstreams[0].LocalBindSocketMode = "0640" + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "listener-max-inbound-connections", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["max_inbound_connections"] = 222 + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "http2-public-listener", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["protocol"] = "http2" + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "listener-balance-inbound-connections", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["balance_inbound_connections"] = "exact_balance" + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "listener-balance-outbound-connections-bind-port", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Upstreams[0].Config["balance_outbound_connections"] = "exact_balance" + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "http-public-listener", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["protocol"] = "http" + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "http-public-listener-no-xfcc", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, + func(ns *structs.NodeService) { + ns.Proxy.Config["protocol"] = "http" + }, + []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + HTTP: &structs.MeshHTTPConfig{ + SanitizeXForwardedClientCert: true, + }, + }, + }, + }, + }) + }, + alsoRunTestForV2: true, + }, + { + name: "http-listener-with-timeouts", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["protocol"] = "http" + ns.Proxy.Config["local_connect_timeout_ms"] = 1234 + ns.Proxy.Config["local_request_timeout_ms"] = 2345 + ns.Proxy.Config["local_idle_timeout_ms"] = 3456 + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "http-upstream", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Upstreams[0].Config["protocol"] = "http" + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "custom-public-listener", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["envoy_public_listener_json"] = + customListenerJSON(t, customListenerJSONOptions{ + Name: "custom-public-listen", + }) + }, nil) + }, + }, + { + name: "custom-public-listener-http", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["protocol"] = "http" + ns.Proxy.Config["envoy_public_listener_json"] = + customHTTPListenerJSON(t, customHTTPListenerJSONOptions{ + Name: "custom-public-listen", + }) + }, nil) + }, + }, + { + name: "custom-public-listener-http-2", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["protocol"] = "http" + ns.Proxy.Config["envoy_public_listener_json"] = + customHTTPListenerJSON(t, customHTTPListenerJSONOptions{ + Name: "custom-public-listen", + HTTPConnectionManagerName: httpConnectionManagerNewName, + }) + }, nil) + }, + }, + { + name: "custom-public-listener-http-missing", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["protocol"] = "http" + ns.Proxy.Config["envoy_public_listener_json"] = + customListenerJSON(t, customListenerJSONOptions{ + Name: "custom-public-listen", + }) + }, nil) + }, + }, + { + name: "custom-public-listener-ignores-tls", + overrideGoldenName: "custom-public-listener", // should be the same + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["envoy_public_listener_json"] = + customListenerJSON(t, customListenerJSONOptions{ + Name: "custom-public-listen", + // Attempt to override the TLS context should be ignored + TLSContext: `"allowRenegotiation": false`, + }) + }, nil) + }, + }, + { + name: "custom-upstream", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + for i := range ns.Proxy.Upstreams { + if ns.Proxy.Upstreams[i].DestinationName != "db" { + continue // only tweak the db upstream + } + if ns.Proxy.Upstreams[i].Config == nil { + ns.Proxy.Upstreams[i].Config = map[string]interface{}{} + } + + uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i]) + + ns.Proxy.Upstreams[i].Config["envoy_listener_json"] = + customListenerJSON(t, customListenerJSONOptions{ + Name: uid.EnvoyID() + ":custom-upstream", + }) + } + }, nil) + }, + }, + { + name: "custom-upstream-with-prepared-query", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + for i := range ns.Proxy.Upstreams { + if ns.Proxy.Upstreams[i].DestinationName != "db" { + continue // only tweak the db upstream + } + if ns.Proxy.Upstreams[i].Config == nil { + ns.Proxy.Upstreams[i].Config = map[string]interface{}{} + } + + uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i]) + + // Triggers an override with the presence of the escape hatch listener + ns.Proxy.Upstreams[i].DestinationType = structs.UpstreamDestTypePreparedQuery + + ns.Proxy.Upstreams[i].Config["envoy_listener_json"] = + customListenerJSON(t, customListenerJSONOptions{ + Name: uid.EnvoyID() + ":custom-upstream", + }) + } + }, nil) + }, + }, + { + name: "connect-proxy-upstream-defaults", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + for _, v := range ns.Proxy.Upstreams { + // Prepared queries do not get centrally configured upstream defaults merged into them. + if v.DestinationType == structs.UpstreamDestTypePreparedQuery { + continue + } + // Represent upstream config as if it came from centrally configured upstream defaults. + // The name/namespace must not make it onto the cluster name attached to the outbound listener. + v.CentrallyConfigured = true + v.DestinationNamespace = structs.WildcardSpecifier + v.DestinationName = structs.WildcardSpecifier + } + }, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "expose-paths-local-app-paths", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotExposeConfig(t, nil) + }, + }, + { + name: "expose-paths-new-cluster-http2", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotExposeConfig(t, func(ns *structs.NodeService) { + ns.Proxy.Expose.Paths[1] = structs.ExposePath{ + LocalPathPort: 9090, + Path: "/grpc.health.v1.Health/Check", + ListenerPort: 21501, + Protocol: "http2", + } + }) + }, + }, + { + // NOTE: if IPv6 is not supported in the kernel per + // platform.SupportsIPv6() then this test will fail because the golden + // files were generated assuming ipv6 support was present + name: "expose-checks-http", + create: proxycfg.TestConfigSnapshotExposeChecks, + generatorSetup: func(s *ResourceGenerator) { + s.CfgFetcher = configFetcherFunc(func() string { + return "192.0.2.1" + }) + }, + }, + { + // NOTE: if IPv6 is not supported in the kernel per + // platform.SupportsIPv6() then this test will fail because the golden + // files were generated assuming ipv6 support was present + name: "expose-checks-http-with-bind-override", + create: proxycfg.TestConfigSnapshotExposeChecksWithBindOverride, + generatorSetup: func(s *ResourceGenerator) { + s.CfgFetcher = configFetcherFunc(func() string { + return "192.0.2.1" + }) + }, + }, + { + // NOTE: if IPv6 is not supported in the kernel per + // platform.SupportsIPv6() then this test will fail because the golden + // files were generated assuming ipv6 support was present + name: "expose-checks-grpc", + create: proxycfg.TestConfigSnapshotExposeChecksGRPC, + generatorSetup: func(s *ResourceGenerator) { + s.CfgFetcher = configFetcherFunc(func() string { + return "192.0.2.1" + }) + }, + }, + { + name: "mesh-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "default", nil, nil) + }, + }, + { + name: "mesh-gateway-using-federation-states", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil) + }, + }, + { + name: "mesh-gateway-using-federation-control-plane", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil) + }, + }, + { + name: "mesh-gateway-no-services", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil) + }, + }, + { + name: "mesh-gateway-tagged-addresses", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "default", func(ns *structs.NodeService) { + ns.Proxy.Config = map[string]interface{}{ + "envoy_mesh_gateway_no_default_bind": true, + "envoy_mesh_gateway_bind_tagged_addresses": true, + } + }, nil) + }, + }, + { + name: "mesh-gateway-custom-addresses", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotMeshGateway(t, "default", func(ns *structs.NodeService) { + ns.Proxy.Config = map[string]interface{}{ + "envoy_mesh_gateway_bind_addresses": map[string]structs.ServiceAddress{ + "foo": { + Address: "198.17.2.3", + Port: 8080, + }, + "bar": { + Address: "2001:db8::ff", + Port: 9999, + }, + "baz": { + Address: "127.0.0.1", + Port: 8765, + }, + }, + } + }, nil) + }, + }, + { + name: "api-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, nil, nil, nil, nil) + }, + }, + { + name: "api-gateway-nil-config-entry", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotAPIGateway_NilConfigEntry(t) + }, + }, + { + name: "api-gateway-tcp-listener", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { + entry.Listeners = []structs.APIGatewayListener{ + { + Name: "listener", + Protocol: structs.ListenerProtocolTCP, + Port: 8080, + }, + } + bound.Listeners = []structs.BoundAPIGatewayListener{ + { + Name: "listener", + }, + } + }, nil, nil, nil) + }, + }, + { + name: "api-gateway-tcp-listener-with-tcp-route", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { + entry.Listeners = []structs.APIGatewayListener{ + { + Name: "listener", + Protocol: structs.ListenerProtocolTCP, + Port: 8080, + }, + } + bound.Listeners = []structs.BoundAPIGatewayListener{ + { + Name: "listener", + Routes: []structs.ResourceReference{ + { + Name: "tcp-route", + Kind: structs.TCPRoute, + }, + }, + }, + } + + }, []structs.BoundRoute{ + &structs.TCPRouteConfigEntry{ + Name: "tcp-route", + Kind: structs.TCPRoute, + Parents: []structs.ResourceReference{ + { + Kind: structs.APIGateway, + Name: "api-gateway", + }, + }, + Services: []structs.TCPService{ + {Name: "tcp-service"}, + }, + }, + }, nil, nil) + }, + }, + { + name: "api-gateway-http-listener", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { + entry.Listeners = []structs.APIGatewayListener{ + { + Name: "listener", + Protocol: structs.ListenerProtocolHTTP, + Port: 8080, + }, + } + bound.Listeners = []structs.BoundAPIGatewayListener{ + { + Name: "listener", + Routes: []structs.ResourceReference{}, + }, + } + }, nil, nil, nil) + }, + }, + { + name: "api-gateway-http-listener-with-http-route", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { + entry.Listeners = []structs.APIGatewayListener{ + { + Name: "listener", + Protocol: structs.ListenerProtocolHTTP, + Port: 8080, + }, + } + bound.Listeners = []structs.BoundAPIGatewayListener{ + { + Name: "listener", + Routes: []structs.ResourceReference{ + { + Name: "http-route", + Kind: structs.HTTPRoute, + }, + }, + }, + } + }, []structs.BoundRoute{ + &structs.HTTPRouteConfigEntry{ + Name: "http-route", + Kind: structs.HTTPRoute, + Parents: []structs.ResourceReference{ + { + Kind: structs.APIGateway, + Name: "api-gateway", + }, + }, + Rules: []structs.HTTPRouteRule{ + { + Services: []structs.HTTPService{ + {Name: "http-service"}, + }, + }, + }, + }, + }, nil, nil) + }, + }, + { + name: "api-gateway-tcp-listener-with-tcp-and-http-route", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { + entry.Listeners = []structs.APIGatewayListener{ + { + Name: "listener-tcp", + Protocol: structs.ListenerProtocolTCP, + Port: 8080, + }, + { + Name: "listener-http", + Protocol: structs.ListenerProtocolHTTP, + Port: 8081, + }, + } + bound.Listeners = []structs.BoundAPIGatewayListener{ + { + Name: "listener-tcp", + Routes: []structs.ResourceReference{ + { + Name: "tcp-route", + Kind: structs.TCPRoute, + }, + }, + }, + { + Name: "listener-http", + Routes: []structs.ResourceReference{ + { + Name: "http-route", + Kind: structs.HTTPRoute, + }, + }, + }, + } + }, []structs.BoundRoute{ + &structs.TCPRouteConfigEntry{ + Name: "tcp-route", + Kind: structs.TCPRoute, + Parents: []structs.ResourceReference{ + { + Kind: structs.APIGateway, + Name: "api-gateway", + }, + }, + Services: []structs.TCPService{ + {Name: "tcp-service"}, + }, + }, + &structs.HTTPRouteConfigEntry{ + Name: "http-route", + Kind: structs.HTTPRoute, + Parents: []structs.ResourceReference{ + { + Kind: structs.APIGateway, + Name: "api-gateway", + }, + }, + Rules: []structs.HTTPRouteRule{ + { + Services: []structs.HTTPService{ + {Name: "http-service"}, + }, + }, + }, + }, + }, nil, nil) + }, + }, + { + name: "ingress-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, nil) + }, + }, + { + name: "ingress-gateway-nil-config-entry", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t) + }, + }, + { + name: "ingress-gateway-bind-addrs", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", func(ns *structs.NodeService) { + // + ns.TaggedAddresses = map[string]structs.ServiceAddress{ + "lan": {Address: "10.0.0.1"}, + "wan": {Address: "172.16.0.1"}, + } + ns.Proxy.Config = map[string]interface{}{ + "envoy_gateway_no_default_bind": true, + "envoy_gateway_bind_tagged_addresses": true, + "envoy_gateway_bind_addresses": map[string]structs.ServiceAddress{ + "foo": {Address: "8.8.8.8"}, + }, + } + }, nil, nil) + }, + }, + { + name: "ingress-gateway-no-services", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp", + "default", nil, nil, nil) + }, + }, + { + name: "ingress-with-chain-external-sni", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "external-sni", nil, nil, nil) + }, + }, + { + name: "ingress-with-tcp-chain-failover-through-remote-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-remote-gateway", nil, nil, nil) + }, + }, + { + name: "ingress-with-tcp-chain-failover-through-local-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "failover-through-local-gateway", nil, nil, nil) + }, + }, + { + name: "ingress-splitter-with-resolver-redirect", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", + "splitter-with-resolver-redirect-multidc", nil, nil, nil) + }, + }, + { + name: "terminating-gateway", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil) + }, + }, + { + name: "terminating-gateway-custom-trace-listener", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, func(ns *structs.NodeService) { + ns.Proxy.Config = map[string]interface{}{} + ns.Proxy.Config["protocol"] = "http" + ns.Proxy.Config["envoy_listener_tracing_json"] = customTraceJSON(t) + }, nil) + }, + }, + { + name: "terminating-gateway-with-tls-incoming-min-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + TLSMinVersion: types.TLSv1_3, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "terminating-gateway-with-tls-incoming-max-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + TLSMaxVersion: types.TLSv1_2, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "terminating-gateway-with-tls-incoming-cipher-suites", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "mesh", + Result: &structs.ConfigEntryResponse{ + Entry: &structs.MeshConfigEntry{ + TLS: &structs.MeshTLSConfig{ + Incoming: &structs.MeshDirectionalTLSConfig{ + CipherSuites: []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + }, + }, + }, + }, + }, + }, + }) + }, + }, + { + name: "terminating-gateway-no-services", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, false, nil, nil) + }, + }, + { + name: "terminating-gateway-custom-and-tagged-addresses", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, func(ns *structs.NodeService) { + ns.Proxy.Config = map[string]interface{}{ + "envoy_gateway_no_default_bind": true, + "envoy_gateway_bind_tagged_addresses": true, + "envoy_gateway_bind_addresses": map[string]structs.ServiceAddress{ + // This bind address should not get a listener due to deduplication and it sorts to the end + "z-duplicate-of-tagged-wan-addr": { + Address: "198.18.0.1", + Port: 443, + }, + "foo": { + Address: "198.17.2.3", + Port: 8080, + }, + }, + } + }, nil) + }, + }, + { + name: "terminating-gateway-service-subsets", + create: proxycfg.TestConfigSnapshotTerminatingGatewayServiceSubsets, + }, + { + name: "ingress-http-multiple-services", + create: proxycfg.TestConfigSnapshotIngress_HTTPMultipleServices, + }, + { + name: "ingress-grpc-multiple-services", + create: proxycfg.TestConfigSnapshotIngress_GRPCMultipleServices, + }, + { + name: "terminating-gateway-no-api-cert", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + api := structs.NewServiceName("api", nil) + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "service-leaf:" + api.String(), // serviceLeafIDPrefix + Result: nil, // tombstone this + }, + }) + }, + }, + { + name: "terminating-gateway-with-peer-trust-bundle", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + roots, _ := proxycfg.TestCerts(t) + return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{ + { + CorrelationID: "peer-trust-bundle:web", + Result: &pbpeering.TrustBundleListByServiceResponse{ + Bundles: []*pbpeering.PeeringTrustBundle{ + { + TrustDomain: "foo.bar.gov", + PeerName: "dc2", + Partition: "default", + RootPEMs: []string{ + roots.Roots[0].RootCert, + }, + ExportedPartition: "default", + CreateIndex: 0, + ModifyIndex: 0, + }, + }, + }, + }, + { + CorrelationID: "service-intentions:web", + Result: structs.SimplifiedIntentions{ + { + SourceName: "source", + SourcePeer: "dc2", + DestinationName: "web", + DestinationPartition: "default", + Action: structs.IntentionActionAllow, + }, + }, + }, + }) + }, + }, + { + name: "ingress-with-tls-listener", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, + func(entry *structs.IngressGatewayConfigEntry) { + entry.TLS.Enabled = true + }, nil) + }, + }, + { + name: "ingress-with-tls-listener-min-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, + func(entry *structs.IngressGatewayConfigEntry) { + entry.TLS.Enabled = true + entry.TLS.TLSMinVersion = types.TLSv1_3 + }, nil) + }, + }, + { + name: "ingress-with-tls-listener-max-version", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, + func(entry *structs.IngressGatewayConfigEntry) { + entry.TLS.Enabled = true + entry.TLS.TLSMaxVersion = types.TLSv1_2 + }, nil) + }, + }, + { + name: "ingress-with-tls-listener-cipher-suites", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, + func(entry *structs.IngressGatewayConfigEntry) { + entry.TLS.Enabled = true + entry.TLS.CipherSuites = []types.TLSCipherSuite{ + types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + } + }, nil) + }, + }, + { + name: "ingress-with-tls-mixed-listeners", + create: proxycfg.TestConfigSnapshotIngressGateway_MixedListeners, + }, + { + name: "ingress-with-tls-min-version-listeners-gateway-defaults", + create: proxycfg.TestConfigSnapshotIngressGateway_TLSMinVersionListenersGatewayDefaults, + }, + { + name: "ingress-with-single-tls-listener", + create: proxycfg.TestConfigSnapshotIngressGateway_SingleTLSListener, + }, + { + name: "ingress-with-tls-mixed-min-version-listeners", + create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners, + }, + { + name: "ingress-with-tls-mixed-max-version-listeners", + create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedMaxVersionListeners, + }, + { + name: "ingress-with-tls-mixed-cipher-suites-listeners", + create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedCipherVersionListeners, + }, + { + name: "ingress-with-sds-listener-gw-level", + create: proxycfg.TestConfigSnapshotIngressGatewaySDS_GatewayLevel, + }, + { + name: "ingress-with-sds-listener-listener-level", + create: proxycfg.TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel, + }, + { + name: "ingress-with-sds-listener-gw-level-http", + create: proxycfg.TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel_HTTP, + }, + { + name: "ingress-with-sds-listener-gw-level-mixed-tls", + create: proxycfg.TestConfigSnapshotIngressGatewaySDS_GatewayLevel_MixedTLS, + }, + { + name: "ingress-with-sds-service-level", + create: proxycfg.TestConfigSnapshotIngressGatewaySDS_ServiceLevel, + }, + { + name: "ingress-with-sds-listener+service-level", + create: proxycfg.TestConfigSnapshotIngressGatewaySDS_ListenerAndServiceLevel, + }, + { + name: "ingress-with-sds-service-level-mixed-no-tls", + create: proxycfg.TestConfigSnapshotIngressGatewaySDS_MixedNoTLS, + }, + { + name: "ingress-with-grpc-single-tls-listener", + create: proxycfg.TestConfigSnapshotIngressGateway_SingleTLSListener_GRPC, + }, + { + name: "ingress-with-http2-single-tls-listener", + create: proxycfg.TestConfigSnapshotIngressGateway_SingleTLSListener_HTTP2, + }, + { + name: "ingress-with-http2-and-grpc-multiple-tls-listener", + create: proxycfg.TestConfigSnapshotIngressGateway_MultiTLSListener_MixedHTTP2gRPC, + }, + { + name: "ingress-with-http2-and-grpc-multiple-tls-listener", + create: proxycfg.TestConfigSnapshotIngressGateway_GWTLSListener_MixedHTTP2gRPC, + }, + { + name: "transparent-proxy-http-upstream", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotTransparentProxyHTTPUpstream(t) + }, + alsoRunTestForV2: true, + }, + { + name: "transparent-proxy-with-resolver-redirect-upstream", + create: proxycfg.TestConfigSnapshotTransparentProxyResolverRedirectUpstream, + alsoRunTestForV2: true, + }, + { + name: "transparent-proxy-catalog-destinations-only", + create: proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly, + alsoRunTestForV2: true, + }, + { + name: "transparent-proxy-dial-instances-directly", + create: proxycfg.TestConfigSnapshotTransparentProxyDialDirectly, + alsoRunTestForV2: true, + }, + { + name: "transparent-proxy-terminating-gateway", + create: proxycfg.TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly, + alsoRunTestForV2: true, + }, + { + name: "custom-trace-listener", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.Config["protocol"] = "http" + ns.Proxy.Config["envoy_listener_tracing_json"] = customTraceJSON(t) + }, nil) + }, + }, + { + name: "access-logs-defaults", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + // This should be passed into the snapshot through proxy-defaults + ns.Proxy.AccessLogs = structs.AccessLogsConfig{ + Enabled: true, + } + }, + nil) + }, + }, + { + name: "access-logs-json-file", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + // This should be passed into the snapshot through proxy-defaults + ns.Proxy.AccessLogs = structs.AccessLogsConfig{ + Enabled: true, + Type: structs.FileLogSinkType, + Path: "/tmp/accesslog.txt", + JSONFormat: "{ \"custom_start_time\": \"%START_TIME%\" }", + } + }, + nil) + }, + }, + { + name: "access-logs-text-stderr-disablelistenerlogs", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + // This should be passed into the snapshot through proxy-defaults + ns.Proxy.AccessLogs = structs.AccessLogsConfig{ + Enabled: true, + DisableListenerLogs: true, + Type: structs.StdErrLogSinkType, + TextFormat: "CUSTOM FORMAT %START_TIME%", + } + }, + nil) + }, + }, + { + name: "connect-proxy-with-tproxy-and-permissive-mtls", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.MutualTLSMode = structs.MutualTLSModePermissive + ns.Proxy.Mode = structs.ProxyModeTransparent + ns.Proxy.TransparentProxy.OutboundListenerPort = 1234 + }, + nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-without-tproxy-and-permissive-mtls", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { + ns.Proxy.MutualTLSMode = structs.MutualTLSModePermissive + }, + nil) + }, + alsoRunTestForV2: true, + }, + } + + tests = append(tests, makeListenerDiscoChainTests(false)...) + + latestEnvoyVersion := xdscommon.EnvoyVersions[0] + for _, envoyVersion := range xdscommon.EnvoyVersions { + sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion) + require.NoError(t, err) + t.Run("envoy-"+envoyVersion, func(t *testing.T) { + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + + // Sanity check default with no overrides first + snap := tt.create(t) + + // TODO: it would be nice to be able to ensure these snapshots are always valid before we use them in a test. + // require.True(t, snap.Valid()) + + // We need to replace the TLS certs with deterministic ones to make golden + // files workable. Note we don't update these otherwise they'd change + // golder files for every test case and so not be any use! + testcommon.SetupTLSRootsAndLeaf(t, snap) + + var listeners []proto.Message + + // Need server just for logger dependency + g := NewResourceGenerator(testutil.Logger(t), nil, false) + g.ProxyFeatures = sf + if tt.generatorSetup != nil { + tt.generatorSetup(g) + } + listeners, err = g.listenersFromSnapshot(snap) + require.NoError(t, err) + // The order of listeners returned via LDS isn't relevant, so it's safe + // to sort these for the purposes of test comparisons. + sort.Slice(listeners, func(i, j int) bool { + return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name + }) + + r, err := response.CreateResponse(xdscommon.ListenerType, "00000001", "00000001", listeners) + require.NoError(t, err) + + t.Run("current-xdsv1", func(t *testing.T) { + gotJSON := protoToJSON(t, r) + + gName := tt.name + if tt.overrideGoldenName != "" { + gName = tt.overrideGoldenName + } + + expectedJSON := goldenEnvoy(t, filepath.Join("listeners", gName), envoyVersion, latestEnvoyVersion, gotJSON) + require.JSONEq(t, expectedJSON, gotJSON) + }) + + if tt.alsoRunTestForV2 { + generator := xdsv2.NewResourceGenerator(testutil.Logger(t)) + converter := proxystateconverter.NewConverter(testutil.Logger(t), nil) + proxyState, err := converter.ProxyStateFromSnapshot(snap) + require.NoError(t, err) + + res, err := generator.AllResourcesFromIR(proxyState) + require.NoError(t, err) + + listeners = res[xdscommon.ListenerType] + // The order of listeners returned via LDS isn't relevant, so it's safe + // to sort these for the purposes of test comparisons. + sort.Slice(listeners, func(i, j int) bool { + return listeners[i].(*envoy_listener_v3.Listener).Name < listeners[j].(*envoy_listener_v3.Listener).Name + }) + + r, err := response.CreateResponse(xdscommon.ListenerType, "00000001", "00000001", listeners) + require.NoError(t, err) + + t.Run("current-xdsv2", func(t *testing.T) { + gotJSON := protoToJSON(t, r) + + gName := tt.name + if tt.overrideGoldenName != "" { + gName = tt.overrideGoldenName + } + + expectedJSON := goldenEnvoy(t, filepath.Join("listeners", gName), envoyVersion, latestEnvoyVersion, gotJSON) + require.JSONEq(t, expectedJSON, gotJSON) + }) + } + + }) + } + }) + } +} + type customListenerJSONOptions struct { Name string TLSContext string diff --git a/agent/xds/proxystateconverter/clusters.go b/agent/xds/proxystateconverter/clusters.go index febe29cf3152b..b8857bee29c59 100644 --- a/agent/xds/proxystateconverter/clusters.go +++ b/agent/xds/proxystateconverter/clusters.go @@ -725,6 +725,13 @@ func (s *Converter) createOutboundMeshMTLS(cfgSnap *proxycfg.ConfigSnapshot, spi return nil, fmt.Errorf("cannot inject peering trust bundles for kind %q", cfgSnap.Kind) } + cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config) + if err != nil { + // Don't hard fail on a config typo, just warn. The parse func returns + // default config if there is an error so it's safe to continue. + s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err) + } + // Add all trust bundle peer names, including local. trustBundlePeerNames := []string{"local"} for _, tb := range cfgSnap.PeeringTrustBundles() { @@ -754,6 +761,7 @@ func (s *Converter) createOutboundMeshMTLS(cfgSnap *proxycfg.ConfigSnapshot, spi Key: cfgSnap.Leaf().PrivateKeyPEM, } ts.TlsParameters = makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()) + ts.AlpnProtocols = getAlpnProtocols(cfg.Protocol) return ts, nil } @@ -856,7 +864,6 @@ func (s *Converter) makeUpstreamClustersForDiscoveryChain( failoverGroup = &pbproxystate.FailoverGroup{ Config: &pbproxystate.FailoverGroupConfig{ ConnectTimeout: durationpb.New(node.Resolver.ConnectTimeout), - UseAltStatName: true, }, } } @@ -920,7 +927,6 @@ func (s *Converter) makeUpstreamClustersForDiscoveryChain( Group: &pbproxystate.EndpointGroup_Dynamic{ Dynamic: dynamic, }, - Name: groupedTarget.ClusterName, } endpointGroups = append(endpointGroups, eg) } else { @@ -934,7 +940,6 @@ func (s *Converter) makeUpstreamClustersForDiscoveryChain( }, }, }, - Name: mappedTargets.baseClusterName, } out[mappedTargets.baseClusterName] = cluster diff --git a/agent/xds/proxystateconverter/failover_policy.go b/agent/xds/proxystateconverter/failover_policy.go index 2b0c0617c6bf2..ae1565458fa82 100644 --- a/agent/xds/proxystateconverter/failover_policy.go +++ b/agent/xds/proxystateconverter/failover_policy.go @@ -124,6 +124,22 @@ func (s *Converter) mapDiscoChainTargets(cfgSnap *proxycfg.ConfigSnapshot, chain Service: target.Service, }.URI().String()} } + //commonTLSContext := makeCommonTLSContext( + // cfgSnap.Leaf(), + // rootPEMs, + // makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSOutgoing()), + //) + // + //err := injectSANMatcher(commonTLSContext, spiffeIDs...) + //if err != nil { + // return failoverTargets, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", sni, err) + //} + + //tlsContext := &envoy_tls_v3.UpstreamTlsContext{ + // CommonTlsContext: commonTLSContext, + // Sni: sni, + //} + //ti.TLSContext = tlsContext failoverTargets.targets = append(failoverTargets.targets, ti) } diff --git a/agent/xds/proxystateconverter/listeners.go b/agent/xds/proxystateconverter/listeners.go index 1e15ecb97c90e..266e96383c7a6 100644 --- a/agent/xds/proxystateconverter/listeners.go +++ b/agent/xds/proxystateconverter/listeners.go @@ -829,6 +829,19 @@ func (s *Converter) injectConnectTLSForPublicListener(cfgSnap *proxycfg.ConfigSn return nil } +func getAlpnProtocols(protocol string) []string { + var alpnProtocols []string + + switch protocol { + case "grpc", "http2": + alpnProtocols = append(alpnProtocols, "h2", "http/1.1") + case "http": + alpnProtocols = append(alpnProtocols, "http/1.1") + } + + return alpnProtocols +} + func (s *Converter) createInboundMeshMTLS(cfgSnap *proxycfg.ConfigSnapshot) (*pbproxystate.TransportSocket, error) { switch cfgSnap.Kind { case structs.ServiceKindConnectProxy: @@ -837,6 +850,13 @@ func (s *Converter) createInboundMeshMTLS(cfgSnap *proxycfg.ConfigSnapshot) (*pb return nil, fmt.Errorf("cannot inject peering trust bundles for kind %q", cfgSnap.Kind) } + cfg, err := config.ParseProxyConfig(cfgSnap.Proxy.Config) + if err != nil { + // Don't hard fail on a config typo, just warn. The parse func returns + // default config if there is an error so it's safe to continue. + s.Logger.Warn("failed to parse Connect.Proxy.Config", "error", err) + } + // Add all trust bundle peer names, including local. trustBundlePeerNames := []string{"local"} for _, tb := range cfgSnap.PeeringTrustBundles() { @@ -862,6 +882,7 @@ func (s *Converter) createInboundMeshMTLS(cfgSnap *proxycfg.ConfigSnapshot) (*pb Key: cfgSnap.Leaf().PrivateKeyPEM, } ts.TlsParameters = makeTLSParametersFromProxyTLSConfig(cfgSnap.MeshConfigTLSIncoming()) + ts.AlpnProtocols = getAlpnProtocols(cfg.Protocol) return ts, nil } diff --git a/agent/xds/proxystateconverter/routes.go b/agent/xds/proxystateconverter/routes.go index 0df72314f3041..9cdd24fe12b05 100644 --- a/agent/xds/proxystateconverter/routes.go +++ b/agent/xds/proxystateconverter/routes.go @@ -53,11 +53,6 @@ func (s *Converter) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapshot) erro continue } - // route already exists, don't clobber it. - if _, ok := s.proxyState.Routes[uid.EnvoyID()]; ok { - continue - } - virtualHost, err := s.makeUpstreamHostForDiscoveryChain(cfgSnap, uid, chain, []string{"*"}, false) if err != nil { return err diff --git a/agent/xds/resources_test.go b/agent/xds/resources_test.go index ed6fc6b91683d..b47edcbac3684 100644 --- a/agent/xds/resources_test.go +++ b/agent/xds/resources_test.go @@ -4,17 +4,11 @@ package xds import ( - "fmt" "path/filepath" "sort" "testing" "time" - "github.com/hashicorp/consul/agent/xds/proxystateconverter" - "github.com/hashicorp/consul/agent/xdsv2" - "github.com/hashicorp/consul/proto/private/pbpeering" - "google.golang.org/protobuf/proto" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" @@ -52,7 +46,6 @@ type goldenTestCase struct { setup func(snap *proxycfg.ConfigSnapshot) overrideGoldenName string generatorSetup func(*ResourceGenerator) - alsoRunTestForV2 bool } func TestAllResourcesFromSnapshot(t *testing.T) { @@ -84,33 +77,6 @@ func TestAllResourcesFromSnapshot(t *testing.T) { tt.setup(snap) } - typeUrls := []string{ - xdscommon.ListenerType, - xdscommon.RouteType, - xdscommon.ClusterType, - xdscommon.EndpointType, - xdscommon.SecretType, - } - - resourceSortingFunc := func(items []proto.Message, typeURL string) func(i, j int) bool { - return func(i, j int) bool { - switch typeURL { - case xdscommon.ListenerType: - return items[i].(*envoy_listener_v3.Listener).Name < items[j].(*envoy_listener_v3.Listener).Name - case xdscommon.RouteType: - return items[i].(*envoy_route_v3.RouteConfiguration).Name < items[j].(*envoy_route_v3.RouteConfiguration).Name - case xdscommon.ClusterType: - return items[i].(*envoy_cluster_v3.Cluster).Name < items[j].(*envoy_cluster_v3.Cluster).Name - case xdscommon.EndpointType: - return items[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < items[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName - case xdscommon.SecretType: - return items[i].(*envoy_tls_v3.Secret).Name < items[j].(*envoy_tls_v3.Secret).Name - default: - panic("not possible") - } - } - } - // Need server just for logger dependency g := NewResourceGenerator(testutil.Logger(t), nil, false) g.ProxyFeatures = sf @@ -121,15 +87,37 @@ func TestAllResourcesFromSnapshot(t *testing.T) { resources, err := g.AllResourcesFromSnapshot(snap) require.NoError(t, err) + typeUrls := []string{ + xdscommon.ListenerType, + xdscommon.RouteType, + xdscommon.ClusterType, + xdscommon.EndpointType, + xdscommon.SecretType, + } require.Len(t, resources, len(typeUrls)) for _, typeUrl := range typeUrls { prettyName := testTypeUrlToPrettyName[typeUrl] - t.Run(fmt.Sprintf("xdsv1-%s", prettyName), func(t *testing.T) { + t.Run(prettyName, func(t *testing.T) { items, ok := resources[typeUrl] require.True(t, ok) - sort.Slice(items, resourceSortingFunc(items, typeUrl)) + sort.Slice(items, func(i, j int) bool { + switch typeUrl { + case xdscommon.ListenerType: + return items[i].(*envoy_listener_v3.Listener).Name < items[j].(*envoy_listener_v3.Listener).Name + case xdscommon.RouteType: + return items[i].(*envoy_route_v3.RouteConfiguration).Name < items[j].(*envoy_route_v3.RouteConfiguration).Name + case xdscommon.ClusterType: + return items[i].(*envoy_cluster_v3.Cluster).Name < items[j].(*envoy_cluster_v3.Cluster).Name + case xdscommon.EndpointType: + return items[i].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName < items[j].(*envoy_endpoint_v3.ClusterLoadAssignment).ClusterName + case xdscommon.SecretType: + return items[i].(*envoy_tls_v3.Secret).Name < items[j].(*envoy_tls_v3.Secret).Name + default: + panic("not possible") + } + }) r, err := response.CreateResponse(typeUrl, "00000001", "00000001", items) require.NoError(t, err) @@ -145,43 +133,6 @@ func TestAllResourcesFromSnapshot(t *testing.T) { require.JSONEq(t, expectedJSON, gotJSON) }) } - - if tt.alsoRunTestForV2 { - generator := xdsv2.NewResourceGenerator(testutil.Logger(t)) - - converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "192.0.2.1"}) - proxyState, err := converter.ProxyStateFromSnapshot(snap) - require.NoError(t, err) - - v2Resources, err := generator.AllResourcesFromIR(proxyState) - require.NoError(t, err) - require.Len(t, v2Resources, len(typeUrls)-1) // secrets are not currently implemented in V2. - for _, typeUrl := range typeUrls { - prettyName := testTypeUrlToPrettyName[typeUrl] - t.Run(fmt.Sprintf("xdsv2-%s", prettyName), func(t *testing.T) { - if typeUrl == xdscommon.SecretType { - t.Skip("skipping. secrets are not yet implemented in xdsv2") - } - items, ok := v2Resources[typeUrl] - require.True(t, ok) - - sort.Slice(items, resourceSortingFunc(items, typeUrl)) - - r, err := response.CreateResponse(typeUrl, "00000001", "00000001", items) - require.NoError(t, err) - - gotJSON := protoToJSON(t, r) - - gName := tt.name - if tt.overrideGoldenName != "" { - gName = tt.overrideGoldenName - } - - expectedJSON := goldenEnvoy(t, filepath.Join(prettyName, gName), envoyVersion, latestEnvoyVersion, gotJSON) - require.JSONEq(t, expectedJSON, gotJSON) - }) - } - } } tests := []testcase{ @@ -190,185 +141,58 @@ func TestAllResourcesFromSnapshot(t *testing.T) { create: func(t testinf.T) *proxycfg.ConfigSnapshot { return proxycfg.TestConfigSnapshot(t, nil, nil) }, - alsoRunTestForV2: true, - }, - { - name: "telemetry-collector", - create: proxycfg.TestConfigSnapshotTelemetryCollector, - alsoRunTestForV2: false, - }, - { - name: "grpc-public-listener", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["protocol"] = "grpc" - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "listener-bind-address", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["bind_address"] = "127.0.0.2" - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "listener-bind-port", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["bind_port"] = 8888 - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "listener-bind-address-port", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["bind_address"] = "127.0.0.2" - ns.Proxy.Config["bind_port"] = 8888 - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "listener-unix-domain-socket", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].LocalBindAddress = "" - ns.Proxy.Upstreams[0].LocalBindPort = 0 - ns.Proxy.Upstreams[0].LocalBindSocketPath = "/tmp/service-mesh/client-1/grpc-employee-server" - ns.Proxy.Upstreams[0].LocalBindSocketMode = "0640" - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "listener-max-inbound-connections", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["max_inbound_connections"] = 222 - }, nil) - }, - alsoRunTestForV2: true, }, { - name: "http2-public-listener", + name: "connect-proxy-exported-to-peers", create: func(t testinf.T) *proxycfg.ConfigSnapshot { return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["protocol"] = "http2" - }, nil) + // This test is only concerned about the SPIFFE cert validator config in the public listener + // so we empty out the upstreams to avoid generating unnecessary upstream listeners. + ns.Proxy.Upstreams = structs.Upstreams{} + }, []proxycfg.UpdateEvent{ + { + CorrelationID: "peering-trust-bundles", + Result: proxycfg.TestPeerTrustBundles(t), + }, + }) }, - alsoRunTestForV2: true, }, { - name: "listener-balance-inbound-connections", + name: "transparent-proxy", create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["balance_inbound_connections"] = "exact_balance" - }, nil) + return proxycfg.TestConfigSnapshotTransparentProxy(t) }, - alsoRunTestForV2: true, }, { - name: "listener-balance-outbound-connections-bind-port", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["balance_outbound_connections"] = "exact_balance" - }, nil) - }, - alsoRunTestForV2: true, + name: "connect-proxy-with-peered-upstreams", + create: proxycfg.TestConfigSnapshotPeering, }, { - name: "http-public-listener", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["protocol"] = "http" - }, nil) - }, - alsoRunTestForV2: true, + name: "connect-proxy-with-peered-upstreams-escape-overrides", + create: proxycfg.TestConfigSnapshotPeeringWithEscapeOverrides, }, { - name: "http-public-listener-no-xfcc", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, - func(ns *structs.NodeService) { - ns.Proxy.Config["protocol"] = "http" - }, - []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - HTTP: &structs.MeshHTTPConfig{ - SanitizeXForwardedClientCert: true, - }, - }, - }, - }, - }) - }, - alsoRunTestForV2: true, + name: "connect-proxy-with-peered-upstreams-http2", + create: proxycfg.TestConfigSnapshotPeeringWithHTTP2, }, { - name: "http-listener-with-timeouts", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["protocol"] = "http" - ns.Proxy.Config["local_connect_timeout_ms"] = 1234 - ns.Proxy.Config["local_request_timeout_ms"] = 2345 - ns.Proxy.Config["local_idle_timeout_ms"] = 3456 - }, nil) - }, - alsoRunTestForV2: true, + name: "transparent-proxy-with-peered-upstreams", + create: proxycfg.TestConfigSnapshotPeeringTProxy, }, { - name: "http-upstream", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["protocol"] = "http" - }, nil) - }, - alsoRunTestForV2: true, + name: "local-mesh-gateway-with-peered-upstreams", + create: proxycfg.TestConfigSnapshotPeeringLocalMeshGateway, }, { - name: "connect-proxy-upstream-defaults", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - for _, v := range ns.Proxy.Upstreams { - // Prepared queries do not get centrally configured upstream defaults merged into them. - if v.DestinationType == structs.UpstreamDestTypePreparedQuery { - continue - } - // Represent upstream config as if it came from centrally configured upstream defaults. - // The name/namespace must not make it onto the cluster name attached to the outbound listener. - v.CentrallyConfigured = true - v.DestinationNamespace = structs.WildcardSpecifier - v.DestinationName = structs.WildcardSpecifier - } - }, nil) - }, - alsoRunTestForV2: true, + name: "telemetry-collector", + create: proxycfg.TestConfigSnapshotTelemetryCollector, }, } - tests = append(tests, getConnectProxyDiscoChainTests(false)...) tests = append(tests, getConnectProxyTransparentProxyGoldenTestCases()...) - tests = append(tests, getMeshGatewayGoldenTestCases()...) tests = append(tests, getMeshGatewayPeeringGoldenTestCases()...) tests = append(tests, getTrafficControlPeeringGoldenTestCases(false)...) tests = append(tests, getEnterpriseGoldenTestCases(t)...) tests = append(tests, getAPIGatewayGoldenTestCases(t)...) - tests = append(tests, getExposePathGoldenTestCases()...) - tests = append(tests, getCustomConfigurationGoldenTestCases(false)...) - tests = append(tests, getConnectProxyJWTProviderGoldenTestCases()...) - tests = append(tests, getTerminatingGatewayPeeringGoldenTestCases()...) - tests = append(tests, getIngressGatewayGoldenTestCases()...) - tests = append(tests, getAccessLogsGoldenTestCases()...) - tests = append(tests, getTLSGoldenTestCases()...) - tests = append(tests, getPeeredGoldenTestCases()...) latestEnvoyVersion := xdscommon.EnvoyVersions[0] for _, envoyVersion := range xdscommon.EnvoyVersions { @@ -386,585 +210,85 @@ func TestAllResourcesFromSnapshot(t *testing.T) { func getConnectProxyTransparentProxyGoldenTestCases() []goldenTestCase { return []goldenTestCase{ - { - name: "transparent-proxy", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTransparentProxy(t) - }, - alsoRunTestForV2: true, - }, - { - name: "transparent-proxy-catalog-destinations-only", - create: proxycfg.TestConfigSnapshotTransparentProxyCatalogDestinationsOnly, - alsoRunTestForV2: true, - }, - { - name: "transparent-proxy-dial-instances-directly", - create: proxycfg.TestConfigSnapshotTransparentProxyDialDirectly, - alsoRunTestForV2: true, - }, - { - name: "transparent-proxy-http-upstream", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTransparentProxyHTTPUpstream(t) - }, - alsoRunTestForV2: true, - }, - { - name: "transparent-proxy-with-resolver-redirect-upstream", - create: proxycfg.TestConfigSnapshotTransparentProxyResolverRedirectUpstream, - alsoRunTestForV2: true, - }, - { - name: "transparent-proxy-terminating-gateway", - create: proxycfg.TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly, - alsoRunTestForV2: true, - }, { name: "transparent-proxy-destination", create: proxycfg.TestConfigSnapshotTransparentProxyDestination, - // TODO(proxystate): currently failing. should work. possible issue in converter. - alsoRunTestForV2: false, }, { name: "transparent-proxy-destination-http", create: func(t testinf.T) *proxycfg.ConfigSnapshot { return proxycfg.TestConfigSnapshotTransparentProxyDestinationHTTP(t, nil) }, - // TODO(proxystate): currently failing. should work. possible issue in converter. - alsoRunTestForV2: false, }, { name: "transparent-proxy-terminating-gateway-destinations-only", create: func(t testinf.T) *proxycfg.ConfigSnapshot { return proxycfg.TestConfigSnapshotTerminatingGatewayDestinations(t, true, nil) }, - // TODO(proxystate): terminating gateways will come at a later date. - alsoRunTestForV2: false, }, } } -func getConnectProxyDiscoChainTests(enterprise bool) []goldenTestCase { +func getMeshGatewayPeeringGoldenTestCases() []goldenTestCase { return []goldenTestCase{ { - name: "connect-proxy-with-chain", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", false, nil, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-chain-external-sni", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", false, nil, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-chain-and-failover", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", false, nil, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-exported-to-peers", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - // This test is only concerned about the SPIFFE cert validator config in the public listener - // so we empty out the upstreams to avoid generating unnecessary upstream listeners. - ns.Proxy.Upstreams = structs.Upstreams{} - }, []proxycfg.UpdateEvent{ - { - CorrelationID: "peering-trust-bundles", - Result: proxycfg.TestPeerTrustBundles(t), - }, - }) - }, - alsoRunTestForV2: true, - }, - { - name: "custom-upstream-default-chain", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", enterprise, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] = - customAppClusterJSON(t, customClusterJSONOptions{ - Name: "myservice", - }) - }, nil) - }, - // TODO(proxystate): requires custom cluster work - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-chain-http2", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["protocol"] = "http2" - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-chain-and-overrides", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-chain-and-failover", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, nil, nil) - }, - // TODO(proxystate): requires routes work - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway", enterprise, nil, nil) - }, - // TODO(proxystate): requires routes work - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-remote-gateway-triggered", enterprise, nil, nil) - }, - // TODO(proxystate): requires routes work - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway", enterprise, nil, nil) - }, - // TODO(proxystate): requires routes work - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-remote-gateway-triggered", enterprise, nil, nil) - }, - // TODO(proxystate): requires routes work - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-tcp-chain-failover-through-local-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway", enterprise, nil, nil) - }, - // TODO(proxystate): requires routes work - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-local-gateway-triggered", enterprise, nil, nil) - }, - // TODO(proxystate): requires routes work - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway", + name: "mesh-gateway-with-exported-peered-services", create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway", enterprise, nil, nil) + return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "default-services-tcp", nil, nil) }, - // TODO(proxystate): requires routes work - alsoRunTestForV2: false, }, { - name: "connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered", + name: "mesh-gateway-with-exported-peered-services-http", create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-through-double-local-gateway-triggered", enterprise, nil, nil) + return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "default-services-http", nil, nil) }, - // TODO(proxystate): requires routes work - alsoRunTestForV2: false, }, { - name: "splitter-with-resolver-redirect", + name: "mesh-gateway-with-exported-peered-services-http-with-router", create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil) + return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "chain-and-l7-stuff", nil, nil) }, - alsoRunTestForV2: true, }, { - name: "connect-proxy-lb-in-resolver", + name: "mesh-gateway-peering-control-plane", create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil) + return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "control-plane", nil, nil) }, - alsoRunTestForV2: true, }, { - name: "connect-proxy-with-default-chain-and-custom-cluster", + name: "mesh-gateway-with-imported-peered-services", create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", enterprise, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] = - customAppClusterJSON(t, customClusterJSONOptions{ - Name: "myservice", - }) + return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "imported-services", func(ns *structs.NodeService) { + ns.Proxy.Config = map[string]interface{}{ + "envoy_dns_discovery_type": "STRICT_DNS", + } }, nil) }, - // TODO(proxystate): requires custom cluster work - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-splitter-overweight", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-overweight", enterprise, nil, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-chain-and-splitter", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-splitter", enterprise, nil, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-grpc-router", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "grpc-router", enterprise, nil, nil) - }, - alsoRunTestForV2: true, }, { - name: "connect-proxy-with-chain-and-router", + name: "mesh-gateway-with-peer-through-mesh-gateway-enabled", create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-router", enterprise, nil, nil) + return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "peer-through-mesh-gateway", nil, nil) }, - alsoRunTestForV2: true, }, + } +} + +func getTrafficControlPeeringGoldenTestCases(enterprise bool) []goldenTestCase { + cases := []goldenTestCase{ { - name: "connect-proxy-route-to-lb-resolver", + name: "connect-proxy-with-chain-and-failover-to-cluster-peer", create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-lb-node", enterprise, nil, nil) + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-to-cluster-peer", enterprise, nil, nil) }, - alsoRunTestForV2: true, }, { - name: "connect-proxy-resolver-with-lb", + name: "connect-proxy-with-chain-and-redirect-to-cluster-peer", create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "resolver-with-lb", enterprise, nil, nil) + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-cluster-peer", enterprise, nil, nil) }, - alsoRunTestForV2: true, }, - { - name: "custom-upstream-ignored-with-disco-chain", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover", enterprise, func(ns *structs.NodeService) { - for i := range ns.Proxy.Upstreams { - if ns.Proxy.Upstreams[i].DestinationName != "db" { - continue // only tweak the db upstream - } - if ns.Proxy.Upstreams[i].Config == nil { - ns.Proxy.Upstreams[i].Config = map[string]interface{}{} - } - - uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i]) - - ns.Proxy.Upstreams[i].Config["envoy_listener_json"] = - customListenerJSON(t, customListenerJSONOptions{ - Name: uid.EnvoyID() + ":custom-upstream", - }) - } - }, nil) - }, - }, - { - name: "connect-proxy-with-tcp-chain", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-http-chain", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil, - &structs.ProxyConfigEntry{ - Kind: structs.ProxyDefaults, - Name: structs.ProxyConfigGlobal, - Protocol: "http", - Config: map[string]interface{}{ - "protocol": "http", - }, - }, - ) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-http2-chain", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil, - &structs.ProxyConfigEntry{ - Kind: structs.ProxyDefaults, - Name: structs.ProxyConfigGlobal, - Protocol: "http2", - Config: map[string]interface{}{ - "protocol": "http2", - }, - }, - ) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-grpc-chain", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil, - &structs.ProxyConfigEntry{ - Kind: structs.ProxyDefaults, - Name: structs.ProxyConfigGlobal, - Protocol: "grpc", - Config: map[string]interface{}{ - "protocol": "grpc", - }, - }, - ) - }, - alsoRunTestForV2: true, - }, - } -} - -func getMeshGatewayGoldenTestCases() []goldenTestCase { - return []goldenTestCase{ - { - name: "mesh-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "default", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-using-federation-states", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "federation-states", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-using-federation-control-plane", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "mesh-gateway-federation", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-newer-information-in-federation-states", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "newer-info-in-federation-states", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-older-information-in-federation-states", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "older-info-in-federation-states", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-no-services", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "no-services", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-service-subsets", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "service-subsets", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-service-subsets2", // TODO: make this merge with 'service-subsets' - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "service-subsets2", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-default-service-subset", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "default-service-subsets2", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-ignore-extra-resolvers", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "ignore-extra-resolvers", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-service-timeouts", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "service-timeouts", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-non-hash-lb-injected", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "non-hash-lb-injected", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-hash-lb-ignored", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "hash-lb-ignored", nil, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-tcp-keepalives", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "default", func(ns *structs.NodeService) { - ns.Proxy.Config["envoy_gateway_remote_tcp_enable_keepalive"] = true - ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_time"] = 120 - ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_interval"] = 60 - ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_probes"] = 7 - }, nil) - }, - // TODO(proxystate): mesh gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-tagged-addresses", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "default", func(ns *structs.NodeService) { - ns.Proxy.Config = map[string]interface{}{ - "envoy_mesh_gateway_no_default_bind": true, - "envoy_mesh_gateway_bind_tagged_addresses": true, - } - }, nil) - }, - }, - { - name: "mesh-gateway-custom-addresses", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotMeshGateway(t, "default", func(ns *structs.NodeService) { - ns.Proxy.Config = map[string]interface{}{ - "envoy_mesh_gateway_bind_addresses": map[string]structs.ServiceAddress{ - "foo": { - Address: "198.17.2.3", - Port: 8080, - }, - "bar": { - Address: "2001:db8::ff", - Port: 9999, - }, - "baz": { - Address: "127.0.0.1", - Port: 8765, - }, - }, - } - }, nil) - }, - }, - } -} -func getMeshGatewayPeeringGoldenTestCases() []goldenTestCase { - return []goldenTestCase{ - { - name: "mesh-gateway-with-exported-peered-services", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "default-services-tcp", nil, nil) - }, - // TODO(proxystate): mesh gateways will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-with-exported-peered-services-http", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "default-services-http", nil, nil) - }, - // TODO(proxystate): mesh gateways will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-with-exported-peered-services-http-with-router", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "chain-and-l7-stuff", nil, nil) - }, - // TODO(proxystate): mesh gateways will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-peering-control-plane", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "control-plane", nil, nil) - }, - // TODO(proxystate): mesh gateways will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-with-imported-peered-services", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "imported-services", func(ns *structs.NodeService) { - ns.Proxy.Config = map[string]interface{}{ - "envoy_dns_discovery_type": "STRICT_DNS", - } - }, nil) - }, - // TODO(proxystate): mesh gateways will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "mesh-gateway-with-peer-through-mesh-gateway-enabled", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotPeeredMeshGateway(t, "peer-through-mesh-gateway", nil, nil) - }, - // TODO(proxystate): mesh gateways will come at a later date. - alsoRunTestForV2: false, - }, - } -} - -func getTrafficControlPeeringGoldenTestCases(enterprise bool) []goldenTestCase { - cases := []goldenTestCase{ - { - name: "connect-proxy-with-chain-and-failover-to-cluster-peer", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "failover-to-cluster-peer", enterprise, nil, nil) - }, - // TODO(proxystate): peering will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-chain-and-redirect-to-cluster-peer", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-cluster-peer", enterprise, nil, nil) - }, - // TODO(proxystate): peering will come at a later date. - alsoRunTestForV2: false, - }, - } + } if enterprise { for i := range cases { @@ -1129,8 +453,6 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase { Certificate: gatewayTestCertificate, }}, nil) }, - // TODO(proxystate): api gateways will come at a later date. - alsoRunTestForV2: false, }, { name: "api-gateway-with-multiple-inline-certificates", @@ -1204,8 +526,6 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase { }, }, nil) }, - // TODO(proxystate): api gateways will come at a later date. - alsoRunTestForV2: false, }, { name: "api-gateway-with-http-route", @@ -1287,8 +607,6 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase { }, }}) }, - // TODO(proxystate): api gateways will come at a later date. - alsoRunTestForV2: false, }, { name: "api-gateway-with-http-route-timeoutfilter-one-set", @@ -1363,1827 +681,6 @@ func getAPIGatewayGoldenTestCases(t *testing.T) []goldenTestCase { }, }}) }, - // TODO(proxystate): api gateways will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "api-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, nil, nil, nil, nil) - }, - }, - { - name: "api-gateway-nil-config-entry", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotAPIGateway_NilConfigEntry(t) - }, - }, - { - name: "api-gateway-tcp-listener", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { - entry.Listeners = []structs.APIGatewayListener{ - { - Name: "listener", - Protocol: structs.ListenerProtocolTCP, - Port: 8080, - }, - } - bound.Listeners = []structs.BoundAPIGatewayListener{ - { - Name: "listener", - }, - } - }, nil, nil, nil) - }, - }, - { - name: "api-gateway-tcp-listener-with-tcp-route", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { - entry.Listeners = []structs.APIGatewayListener{ - { - Name: "listener", - Protocol: structs.ListenerProtocolTCP, - Port: 8080, - }, - } - bound.Listeners = []structs.BoundAPIGatewayListener{ - { - Name: "listener", - Routes: []structs.ResourceReference{ - { - Name: "tcp-route", - Kind: structs.TCPRoute, - }, - }, - }, - } - - }, []structs.BoundRoute{ - &structs.TCPRouteConfigEntry{ - Name: "tcp-route", - Kind: structs.TCPRoute, - Parents: []structs.ResourceReference{ - { - Kind: structs.APIGateway, - Name: "api-gateway", - }, - }, - Services: []structs.TCPService{ - {Name: "tcp-service"}, - }, - }, - }, nil, nil) - }, - }, - { - name: "api-gateway-http-listener", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { - entry.Listeners = []structs.APIGatewayListener{ - { - Name: "listener", - Protocol: structs.ListenerProtocolHTTP, - Port: 8080, - }, - } - bound.Listeners = []structs.BoundAPIGatewayListener{ - { - Name: "listener", - Routes: []structs.ResourceReference{}, - }, - } - }, nil, nil, nil) - }, - }, - { - name: "api-gateway-http-listener-with-http-route", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { - entry.Listeners = []structs.APIGatewayListener{ - { - Name: "listener", - Protocol: structs.ListenerProtocolHTTP, - Port: 8080, - }, - } - bound.Listeners = []structs.BoundAPIGatewayListener{ - { - Name: "listener", - Routes: []structs.ResourceReference{ - { - Name: "http-route", - Kind: structs.HTTPRoute, - }, - }, - }, - } - }, []structs.BoundRoute{ - &structs.HTTPRouteConfigEntry{ - Name: "http-route", - Kind: structs.HTTPRoute, - Parents: []structs.ResourceReference{ - { - Kind: structs.APIGateway, - Name: "api-gateway", - }, - }, - Rules: []structs.HTTPRouteRule{ - { - Services: []structs.HTTPService{ - {Name: "http-service"}, - }, - }, - }, - }, - }, nil, nil) - }, - }, - { - name: "api-gateway-tcp-listener-with-tcp-and-http-route", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { - entry.Listeners = []structs.APIGatewayListener{ - { - Name: "listener-tcp", - Protocol: structs.ListenerProtocolTCP, - Port: 8080, - }, - { - Name: "listener-http", - Protocol: structs.ListenerProtocolHTTP, - Port: 8081, - }, - } - bound.Listeners = []structs.BoundAPIGatewayListener{ - { - Name: "listener-tcp", - Routes: []structs.ResourceReference{ - { - Name: "tcp-route", - Kind: structs.TCPRoute, - }, - }, - }, - { - Name: "listener-http", - Routes: []structs.ResourceReference{ - { - Name: "http-route", - Kind: structs.HTTPRoute, - }, - }, - }, - } - }, []structs.BoundRoute{ - &structs.TCPRouteConfigEntry{ - Name: "tcp-route", - Kind: structs.TCPRoute, - Parents: []structs.ResourceReference{ - { - Kind: structs.APIGateway, - Name: "api-gateway", - }, - }, - Services: []structs.TCPService{ - {Name: "tcp-service"}, - }, - }, - &structs.HTTPRouteConfigEntry{ - Name: "http-route", - Kind: structs.HTTPRoute, - Parents: []structs.ResourceReference{ - { - Kind: structs.APIGateway, - Name: "api-gateway", - }, - }, - Rules: []structs.HTTPRouteRule{ - { - Services: []structs.HTTPService{ - {Name: "http-service"}, - }, - }, - }, - }, - }, nil, nil) - }, - }, - { - name: "api-gateway-with-multiple-hostnames", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { - entry.Listeners = []structs.APIGatewayListener{ - { - Name: "http", - Protocol: structs.ListenerProtocolHTTP, - Port: 8080, - Hostname: "*.example.com", - }, - } - bound.Listeners = []structs.BoundAPIGatewayListener{ - { - Name: "http", - Routes: []structs.ResourceReference{ - {Kind: structs.HTTPRoute, Name: "backend-route"}, - {Kind: structs.HTTPRoute, Name: "frontend-route"}, - {Kind: structs.HTTPRoute, Name: "generic-route"}, - }}, - } - }, - []structs.BoundRoute{ - &structs.HTTPRouteConfigEntry{ - Kind: structs.HTTPRoute, - Name: "backend-route", - Hostnames: []string{"backend.example.com"}, - Parents: []structs.ResourceReference{{Kind: structs.APIGateway, Name: "api-gateway"}}, - Rules: []structs.HTTPRouteRule{ - {Services: []structs.HTTPService{{Name: "backend"}}}, - }, - }, - &structs.HTTPRouteConfigEntry{ - Kind: structs.HTTPRoute, - Name: "frontend-route", - Hostnames: []string{"frontend.example.com"}, - Parents: []structs.ResourceReference{{Kind: structs.APIGateway, Name: "api-gateway"}}, - Rules: []structs.HTTPRouteRule{ - {Services: []structs.HTTPService{{Name: "frontend"}}}, - }, - }, - &structs.HTTPRouteConfigEntry{ - Kind: structs.HTTPRoute, - Name: "generic-route", - Parents: []structs.ResourceReference{{Kind: structs.APIGateway, Name: "api-gateway"}}, - Rules: []structs.HTTPRouteRule{ - { - Matches: []structs.HTTPMatch{{Path: structs.HTTPPathMatch{Match: structs.HTTPPathMatchPrefix, Value: "/frontend"}}}, - Services: []structs.HTTPService{{Name: "frontend"}}, - }, - { - Matches: []structs.HTTPMatch{{Path: structs.HTTPPathMatch{Match: structs.HTTPPathMatchPrefix, Value: "/backend"}}}, - Services: []structs.HTTPService{{Name: "backend"}}, - }, - }, - }, - }, nil, nil) - }, - }, - } -} - -func getExposePathGoldenTestCases() []goldenTestCase { - return []goldenTestCase{ - { - name: "expose-paths-local-app-paths", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotExposeConfig(t, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "downstream-service-with-unix-sockets", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Address = "" - ns.Port = 0 - ns.Proxy.LocalServiceAddress = "" - ns.Proxy.LocalServicePort = 0 - ns.Proxy.LocalServiceSocketPath = "/tmp/downstream_proxy.sock" - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "expose-paths-new-cluster-http2", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotExposeConfig(t, func(ns *structs.NodeService) { - ns.Proxy.Expose.Paths[1] = structs.ExposePath{ - LocalPathPort: 9090, - Path: "/grpc.health.v1.Health/Check", - ListenerPort: 21501, - Protocol: "http2", - } - }) - }, - alsoRunTestForV2: true, - }, - { - name: "expose-checks", - create: proxycfg.TestConfigSnapshotExposeChecks, - generatorSetup: func(s *ResourceGenerator) { - s.CfgFetcher = configFetcherFunc(func() string { - return "192.0.2.1" - }) - }, - alsoRunTestForV2: true, - }, - { - name: "expose-paths-grpc-new-cluster-http1", - create: proxycfg.TestConfigSnapshotGRPCExposeHTTP1, - alsoRunTestForV2: true, - }, - { - // NOTE: if IPv6 is not supported in the kernel per - // platform.SupportsIPv6() then this test will fail because the golden - // files were generated assuming ipv6 support was present - name: "expose-checks-http", - create: proxycfg.TestConfigSnapshotExposeChecks, - generatorSetup: func(s *ResourceGenerator) { - s.CfgFetcher = configFetcherFunc(func() string { - return "192.0.2.1" - }) - }, - }, - { - // NOTE: if IPv6 is not supported in the kernel per - // platform.SupportsIPv6() then this test will fail because the golden - // files were generated assuming ipv6 support was present - name: "expose-checks-http-with-bind-override", - create: proxycfg.TestConfigSnapshotExposeChecksWithBindOverride, - generatorSetup: func(s *ResourceGenerator) { - s.CfgFetcher = configFetcherFunc(func() string { - return "192.0.2.1" - }) - }, - }, - { - // NOTE: if IPv6 is not supported in the kernel per - // platform.SupportsIPv6() then this test will fail because the golden - // files were generated assuming ipv6 support was present - name: "expose-checks-grpc", - create: proxycfg.TestConfigSnapshotExposeChecksGRPC, - generatorSetup: func(s *ResourceGenerator) { - s.CfgFetcher = configFetcherFunc(func() string { - return "192.0.2.1" - }) - }, - }, - } -} - -func getCustomConfigurationGoldenTestCases(enterprise bool) []goldenTestCase { - return []goldenTestCase{ - { - name: "custom-upstream-default-chain", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", enterprise, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] = - customAppClusterJSON(t, customClusterJSONOptions{ - Name: "myservice", - }) - }, nil) - }, - // TODO(proxystate): requires custom cluster work - alsoRunTestForV2: false, - }, - { - name: "custom-local-app", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["envoy_local_cluster_json"] = - customAppClusterJSON(t, customClusterJSONOptions{ - Name: "mylocal", - }) - }, nil) - }, - // TODO(proxystate): requires custom cluster work - alsoRunTestForV2: false, - }, - { - name: "custom-upstream", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] = - customAppClusterJSON(t, customClusterJSONOptions{ - Name: "myservice", - }) - }, nil) - }, - // TODO(proxystate): requires custom cluster work - alsoRunTestForV2: false, - }, - { - name: "custom-upstream-ignores-tls", - overrideGoldenName: "custom-upstream", // should be the same - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] = - customAppClusterJSON(t, customClusterJSONOptions{ - Name: "myservice", - // Attempt to override the TLS context should be ignored - TLSContext: `"allowRenegotiation": false`, - }) - }, nil) - }, - // TODO(proxystate): requires custom cluster work - alsoRunTestForV2: false, - }, - { - name: "custom-upstream-with-prepared-query", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - for i := range ns.Proxy.Upstreams { - - switch ns.Proxy.Upstreams[i].DestinationName { - case "db": - if ns.Proxy.Upstreams[i].Config == nil { - ns.Proxy.Upstreams[i].Config = map[string]interface{}{} - } - - uid := proxycfg.NewUpstreamID(&ns.Proxy.Upstreams[i]) - - // Triggers an override with the presence of the escape hatch listener - ns.Proxy.Upstreams[i].DestinationType = structs.UpstreamDestTypePreparedQuery - - ns.Proxy.Upstreams[i].Config["envoy_cluster_json"] = - customClusterJSON(t, customClusterJSONOptions{ - Name: uid.EnvoyID() + ":custom-upstream", - }) - - // Also test that http2 options are triggered. - // A separate upstream without an override is required to test - case "geo-cache": - if ns.Proxy.Upstreams[i].Config == nil { - ns.Proxy.Upstreams[i].Config = map[string]interface{}{} - } - ns.Proxy.Upstreams[i].Config["protocol"] = "http2" - default: - continue - } - } - }, nil) - }, - // TODO(proxystate): requires custom cluster work - alsoRunTestForV2: false, - }, - { - name: "custom-timeouts", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["local_connect_timeout_ms"] = 1234 - ns.Proxy.Upstreams[0].Config["connect_timeout_ms"] = 2345 - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "custom-passive-healthcheck", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["passive_health_check"] = map[string]interface{}{ - "enforcing_consecutive_5xx": float64(80), - "max_failures": float64(5), - "interval": float64(10 * time.Second), - "max_ejection_percent": float64(100), - "base_ejection_time": float64(10 * time.Second), - } - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "custom-passive-healthcheck-zero-consecutive_5xx", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["passive_health_check"] = map[string]interface{}{ - "enforcing_consecutive_5xx": float64(0), - "max_failures": float64(5), - "interval": float64(10 * time.Second), - "max_ejection_percent": float64(100), - "base_ejection_time": float64(10 * time.Second), - } - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "custom-max-inbound-connections", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["max_inbound_connections"] = 3456 - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "custom-limits-max-connections-only", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - for i := range ns.Proxy.Upstreams { - // We check if Config is nil because the prepared_query upstream is - // initialized without a Config map. Use Upstreams[i] syntax to - // modify the actual ConfigSnapshot instead of copying the Upstream - // in the range. - if ns.Proxy.Upstreams[i].Config == nil { - ns.Proxy.Upstreams[i].Config = map[string]interface{}{} - } - - ns.Proxy.Upstreams[i].Config["limits"] = map[string]interface{}{ - "max_connections": 500, - } - } - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "custom-limits-set-to-zero", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - for i := range ns.Proxy.Upstreams { - if ns.Proxy.Upstreams[i].Config == nil { - ns.Proxy.Upstreams[i].Config = map[string]interface{}{} - } - - ns.Proxy.Upstreams[i].Config["limits"] = map[string]interface{}{ - "max_connections": 0, - "max_pending_requests": 0, - "max_concurrent_requests": 0, - } - } - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "custom-limits", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - for i := range ns.Proxy.Upstreams { - if ns.Proxy.Upstreams[i].Config == nil { - ns.Proxy.Upstreams[i].Config = map[string]interface{}{} - } - - ns.Proxy.Upstreams[i].Config["limits"] = map[string]interface{}{ - "max_connections": 500, - "max_pending_requests": 600, - "max_concurrent_requests": 700, - } - } - }, nil) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-default-chain-and-custom-cluster", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotDiscoveryChain(t, "default", enterprise, func(ns *structs.NodeService) { - ns.Proxy.Upstreams[0].Config["envoy_cluster_json"] = - customAppClusterJSON(t, customClusterJSONOptions{ - Name: "myservice", - }) - }, nil) - }, - // TODO(proxystate): requires custom cluster work - alsoRunTestForV2: false, - }, - { - name: "custom-public-listener", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["envoy_public_listener_json"] = - customListenerJSON(t, customListenerJSONOptions{ - Name: "custom-public-listen", - }) - }, nil) - }, - }, - { - name: "custom-public-listener-http", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["protocol"] = "http" - ns.Proxy.Config["envoy_public_listener_json"] = - customHTTPListenerJSON(t, customHTTPListenerJSONOptions{ - Name: "custom-public-listen", - }) - }, nil) - }, - }, - { - name: "custom-public-listener-http-2", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["protocol"] = "http" - ns.Proxy.Config["envoy_public_listener_json"] = - customHTTPListenerJSON(t, customHTTPListenerJSONOptions{ - Name: "custom-public-listen", - HTTPConnectionManagerName: httpConnectionManagerNewName, - }) - }, nil) - }, - }, - { - name: "custom-public-listener-http-missing", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["protocol"] = "http" - ns.Proxy.Config["envoy_public_listener_json"] = - customListenerJSON(t, customListenerJSONOptions{ - Name: "custom-public-listen", - }) - }, nil) - }, - }, - { - name: "custom-public-listener-ignores-tls", - overrideGoldenName: "custom-public-listener", // should be the same - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["envoy_public_listener_json"] = - customListenerJSON(t, customListenerJSONOptions{ - Name: "custom-public-listen", - // Attempt to override the TLS context should be ignored - TLSContext: `"allowRenegotiation": false`, - }) - }, nil) - }, - }, - { - name: "custom-trace-listener", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.Config["protocol"] = "http" - ns.Proxy.Config["envoy_listener_tracing_json"] = customTraceJSON(t) - }, nil) - }, - }, - } -} - -func getConnectProxyJWTProviderGoldenTestCases() []goldenTestCase { - return []goldenTestCase{ - { - name: "connect-proxy-with-jwt-config-entry-with-local", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "jwt-provider", - Result: &structs.IndexedConfigEntries{ - Kind: "jwt-provider", - Entries: []structs.ConfigEntry{ - &structs.JWTProviderConfigEntry{ - Name: "okta", - JSONWebKeySet: &structs.JSONWebKeySet{ - Local: &structs.LocalJWKS{ - JWKS: "xxx", - }, - }, - }, - }, - }, - }, - }) - }, - // TODO(proxystate): jwt work will come at a later time - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-jwt-config-entry-with-remote-jwks", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "jwt-provider", - Result: &structs.IndexedConfigEntries{ - Kind: "jwt-provider", - Entries: []structs.ConfigEntry{ - &structs.JWTProviderConfigEntry{ - Name: "okta", - JSONWebKeySet: &structs.JSONWebKeySet{ - Remote: &structs.RemoteJWKS{ - RequestTimeoutMs: 1000, - FetchAsynchronously: true, - URI: "https://test.test.com", - JWKSCluster: &structs.JWKSCluster{ - DiscoveryType: structs.DiscoveryTypeStatic, - ConnectTimeout: time.Duration(5) * time.Second, - TLSCertificates: &structs.JWKSTLSCertificate{ - TrustedCA: &structs.JWKSTLSCertTrustedCA{ - Filename: "mycert.crt", - }, - }, - }, - }, - }, - }, - }, - }, - }, - }) - }, - // TODO(proxystate): jwt work will come at a later time - alsoRunTestForV2: false, - }, - } -} - -func getTerminatingGatewayPeeringGoldenTestCases() []goldenTestCase { - return []goldenTestCase{ - { - name: "terminating-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, nil) - }, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-no-services", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTerminatingGateway(t, false, nil, nil) - }, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-service-subsets", - create: proxycfg.TestConfigSnapshotTerminatingGatewayServiceSubsetsWebAndCache, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-hostname-service-subsets", - create: proxycfg.TestConfigSnapshotTerminatingGatewayHostnameSubsets, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-sni", - create: proxycfg.TestConfigSnapshotTerminatingGatewaySNI, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-http2-upstream", - create: proxycfg.TestConfigSnapshotTerminatingGatewayHTTP2, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-http2-upstream-subsets", - create: proxycfg.TestConfigSnapshotTerminatingGatewaySubsetsHTTP2, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-ignore-extra-resolvers", - create: proxycfg.TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-lb-config", - create: proxycfg.TestConfigSnapshotTerminatingGatewayLBConfig, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-lb-config-no-hash-policies", - create: proxycfg.TestConfigSnapshotTerminatingGatewayLBConfigNoHashPolicies, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-tcp-keepalives", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, func(ns *structs.NodeService) { - if ns.Proxy.Config == nil { - ns.Proxy.Config = map[string]interface{}{} - } - ns.Proxy.Config["envoy_gateway_remote_tcp_enable_keepalive"] = true - ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_time"] = 133 - ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_interval"] = 27 - ns.Proxy.Config["envoy_gateway_remote_tcp_keepalive_probes"] = 5 - }, nil) - }, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-custom-trace-listener", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, func(ns *structs.NodeService) { - ns.Proxy.Config = map[string]interface{}{} - ns.Proxy.Config["protocol"] = "http" - ns.Proxy.Config["envoy_listener_tracing_json"] = customTraceJSON(t) - }, nil) - }, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-with-tls-incoming-min-version", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Incoming: &structs.MeshDirectionalTLSConfig{ - TLSMinVersion: types.TLSv1_3, - }, - }, - }, - }, - }, - }) - }, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-with-tls-incoming-max-version", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Incoming: &structs.MeshDirectionalTLSConfig{ - TLSMaxVersion: types.TLSv1_2, - }, - }, - }, - }, - }, - }) - }, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-with-tls-incoming-cipher-suites", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Incoming: &structs.MeshDirectionalTLSConfig{ - CipherSuites: []types.TLSCipherSuite{ - types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - }, - }, - }, - }, - }, - }, - }) - }, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-custom-and-tagged-addresses", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, func(ns *structs.NodeService) { - ns.Proxy.Config = map[string]interface{}{ - "envoy_gateway_no_default_bind": true, - "envoy_gateway_bind_tagged_addresses": true, - "envoy_gateway_bind_addresses": map[string]structs.ServiceAddress{ - // This bind address should not get a listener due to deduplication and it sorts to the end - "z-duplicate-of-tagged-wan-addr": { - Address: "198.18.0.1", - Port: 443, - }, - "foo": { - Address: "198.17.2.3", - Port: 8080, - }, - }, - } - }, nil) - }, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-no-api-cert", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - api := structs.NewServiceName("api", nil) - return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "service-leaf:" + api.String(), // serviceLeafIDPrefix - Result: nil, // tombstone this - }, - }) - }, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-with-peer-trust-bundle", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - roots, _ := proxycfg.TestCerts(t) - return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "peer-trust-bundle:web", - Result: &pbpeering.TrustBundleListByServiceResponse{ - Bundles: []*pbpeering.PeeringTrustBundle{ - { - TrustDomain: "foo.bar.gov", - PeerName: "dc2", - Partition: "default", - RootPEMs: []string{ - roots.Roots[0].RootCert, - }, - ExportedPartition: "default", - CreateIndex: 0, - ModifyIndex: 0, - }, - }, - }, - }, - { - CorrelationID: "service-intentions:web", - Result: structs.SimplifiedIntentions{ - { - SourceName: "source", - SourcePeer: "dc2", - DestinationName: "web", - DestinationPartition: "default", - Action: structs.IntentionActionAllow, - }, - }, - }, - }) - }, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "terminating-gateway-default-service-subset", - create: proxycfg.TestConfigSnapshotTerminatingGatewayDefaultServiceSubset, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - } -} - -func getIngressGatewayGoldenTestCases() []goldenTestCase { - return []goldenTestCase{ - { - name: "ingress-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "default", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-gateway-nil-config-entry", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-gateway-with-tls-outgoing-min-version", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Outgoing: &structs.MeshDirectionalTLSConfig{ - TLSMinVersion: types.TLSv1_3, - }, - }, - }, - }, - }, - }) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-gateway-with-tls-outgoing-max-version", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Outgoing: &structs.MeshDirectionalTLSConfig{ - TLSMaxVersion: types.TLSv1_2, - }, - }, - }, - }, - }, - }) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-gateway-with-tls-outgoing-cipher-suites", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Outgoing: &structs.MeshDirectionalTLSConfig{ - CipherSuites: []types.TLSCipherSuite{ - types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - }, - }, - }, - }, - }, - }, - }) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-gateway-no-services", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp", - "default", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-chain", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "simple", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-service-max-connections", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "simple", nil, - func(entry *structs.IngressGatewayConfigEntry) { - entry.Listeners[0].Services[0].MaxConnections = 4096 - }, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-defaults-service-max-connections", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "simple", nil, - func(entry *structs.IngressGatewayConfigEntry) { - entry.Defaults = &structs.IngressServiceConfig{ - MaxConnections: 2048, - MaxPendingRequests: 512, - MaxConcurrentRequests: 4096, - } - }, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-overwrite-defaults-service-max-connections", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "simple", nil, - func(entry *structs.IngressGatewayConfigEntry) { - entry.Defaults = &structs.IngressServiceConfig{ - MaxConnections: 2048, - MaxPendingRequests: 512, - } - entry.Listeners[0].Services[0].MaxConnections = 4096 - entry.Listeners[0].Services[0].MaxPendingRequests = 2048 - }, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-service-passive-health-check", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "simple", nil, - func(entry *structs.IngressGatewayConfigEntry) { - entry.Listeners[0].Services[0].MaxConnections = 4096 - entry.Listeners[0].Services[0].PassiveHealthCheck = &structs.PassiveHealthCheck{ - Interval: 5000000000, - MaxFailures: 10, - MaxEjectionPercent: uint32ptr(90), - } - }, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-defaults-passive-health-check", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "simple", nil, - func(entry *structs.IngressGatewayConfigEntry) { - enforcingConsecutive5xx := uint32(80) - entry.Defaults = &structs.IngressServiceConfig{ - MaxConnections: 2048, - MaxPendingRequests: 512, - MaxConcurrentRequests: 4096, - PassiveHealthCheck: &structs.PassiveHealthCheck{ - Interval: 5000000000, - MaxFailures: 10, - EnforcingConsecutive5xx: &enforcingConsecutive5xx, - MaxEjectionPercent: uint32ptr(90), - }, - } - }, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-overwrite-defaults-passive-health-check", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "simple", nil, - func(entry *structs.IngressGatewayConfigEntry) { - defaultEnforcingConsecutive5xx := uint32(80) - entry.Defaults = &structs.IngressServiceConfig{ - MaxConnections: 2048, - MaxPendingRequests: 512, - PassiveHealthCheck: &structs.PassiveHealthCheck{ - Interval: 5000000000, - EnforcingConsecutive5xx: &defaultEnforcingConsecutive5xx, - MaxEjectionPercent: uint32ptr(80), - }, - } - enforcingConsecutive5xx := uint32(50) - entry.Listeners[0].Services[0].MaxConnections = 4096 - entry.Listeners[0].Services[0].MaxPendingRequests = 2048 - entry.Listeners[0].Services[0].PassiveHealthCheck = &structs.PassiveHealthCheck{ - Interval: 8000000000, - EnforcingConsecutive5xx: &enforcingConsecutive5xx, - MaxEjectionPercent: uint32ptr(90), - BaseEjectionTime: durationPtr(12 * time.Second), - } - }, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-chain-external-sni", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "external-sni", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-chain-and-failover", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "failover", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-chain-and-failover-to-cluster-peer", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "failover-to-cluster-peer", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tcp-chain-failover-through-remote-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "failover-through-remote-gateway", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tcp-chain-failover-through-remote-gateway-triggered", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "failover-through-remote-gateway-triggered", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tcp-chain-double-failover-through-remote-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "failover-through-double-remote-gateway", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "failover-through-double-remote-gateway-triggered", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tcp-chain-failover-through-local-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "failover-through-local-gateway", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tcp-chain-failover-through-local-gateway-triggered", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "failover-through-local-gateway-triggered", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tcp-chain-double-failover-through-local-gateway", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "failover-through-double-local-gateway", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tcp-chain-double-failover-through-local-gateway-triggered", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", - "failover-through-double-local-gateway-triggered", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-splitter-with-resolver-redirect", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", - "splitter-with-resolver-redirect-multidc", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-lb-in-resolver", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", - "lb-resolver", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-multiple-listeners-duplicate-service", - create: proxycfg.TestConfigSnapshotIngress_MultipleListenersDuplicateService, - // TODO(proxystate): terminating gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-config-entry-nil", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-defaults-no-chain", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp", - "default", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-chain-and-splitter", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", - "chain-and-splitter", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-grpc-router", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", - "grpc-router", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-chain-and-router", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", - "chain-and-router", nil, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-http-multiple-services", - create: proxycfg.TestConfigSnapshotIngress_HTTPMultipleServices, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-grpc-multiple-services", - create: proxycfg.TestConfigSnapshotIngress_GRPCMultipleServices, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-chain-and-router-header-manip", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "router-header-manip", nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-sds-listener-level", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-listener-level", nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-sds-listener-level-wildcard", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-listener-level-wildcard", nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tls-listener", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, - func(entry *structs.IngressGatewayConfigEntry) { - entry.TLS.Enabled = true - }, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tls-listener-min-version", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, - func(entry *structs.IngressGatewayConfigEntry) { - entry.TLS.Enabled = true - entry.TLS.TLSMinVersion = types.TLSv1_3 - }, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tls-listener-max-version", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, - func(entry *structs.IngressGatewayConfigEntry) { - entry.TLS.Enabled = true - entry.TLS.TLSMaxVersion = types.TLSv1_2 - }, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tls-listener-cipher-suites", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, - func(entry *structs.IngressGatewayConfigEntry) { - entry.TLS.Enabled = true - entry.TLS.CipherSuites = []types.TLSCipherSuite{ - types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - } - }, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tls-mixed-listeners", - create: proxycfg.TestConfigSnapshotIngressGateway_MixedListeners, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tls-min-version-listeners-gateway-defaults", - create: proxycfg.TestConfigSnapshotIngressGateway_TLSMinVersionListenersGatewayDefaults, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-single-tls-listener", - create: proxycfg.TestConfigSnapshotIngressGateway_SingleTLSListener, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tls-mixed-min-version-listeners", - create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tls-mixed-max-version-listeners", - create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedMaxVersionListeners, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-tls-mixed-cipher-suites-listeners", - create: proxycfg.TestConfigSnapshotIngressGateway_TLSMixedCipherVersionListeners, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-sds-listener-gw-level", - create: proxycfg.TestConfigSnapshotIngressGatewaySDS_GatewayLevel, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-sds-listener-listener-level", - create: proxycfg.TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-sds-listener-gw-level-http", - create: proxycfg.TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel_HTTP, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-sds-listener-gw-level-mixed-tls", - create: proxycfg.TestConfigSnapshotIngressGatewaySDS_GatewayLevel_MixedTLS, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - // TODO: cross reference with ingress-with-sds-service-level and figure out which should stay - { - name: "ingress-with-sds-service-level-2", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-service-level", nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-sds-service-level-mixed-tls", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-service-level-mixed-tls", nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-sds-service-level", - create: proxycfg.TestConfigSnapshotIngressGatewaySDS_ServiceLevel, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-sds-listener+service-level", - create: proxycfg.TestConfigSnapshotIngressGatewaySDS_ListenerAndServiceLevel, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-sds-service-level-mixed-no-tls", - create: proxycfg.TestConfigSnapshotIngressGatewaySDS_MixedNoTLS, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-grpc-single-tls-listener", - create: proxycfg.TestConfigSnapshotIngressGateway_SingleTLSListener_GRPC, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-http2-single-tls-listener", - create: proxycfg.TestConfigSnapshotIngressGateway_SingleTLSListener_HTTP2, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-with-http2-and-grpc-multiple-tls-listener", - create: proxycfg.TestConfigSnapshotIngressGateway_GWTLSListener_MixedHTTP2gRPC, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - { - name: "ingress-gateway-bind-addrs", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", func(ns *structs.NodeService) { - // - ns.TaggedAddresses = map[string]structs.ServiceAddress{ - "lan": {Address: "10.0.0.1"}, - "wan": {Address: "172.16.0.1"}, - } - ns.Proxy.Config = map[string]interface{}{ - "envoy_gateway_no_default_bind": true, - "envoy_gateway_bind_tagged_addresses": true, - "envoy_gateway_bind_addresses": map[string]structs.ServiceAddress{ - "foo": {Address: "8.8.8.8"}, - }, - } - }, nil, nil) - }, - // TODO(proxystate): ingress gateway will come at a later time - alsoRunTestForV2: false, - }, - } -} - -func getAccessLogsGoldenTestCases() []goldenTestCase { - return []goldenTestCase{ - { - name: "access-logs-defaults", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - // This should be passed into the snapshot through proxy-defaults - ns.Proxy.AccessLogs = structs.AccessLogsConfig{ - Enabled: true, - } - }, - nil) - }, - }, - { - name: "access-logs-json-file", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - // This should be passed into the snapshot through proxy-defaults - ns.Proxy.AccessLogs = structs.AccessLogsConfig{ - Enabled: true, - Type: structs.FileLogSinkType, - Path: "/tmp/accesslog.txt", - JSONFormat: "{ \"custom_start_time\": \"%START_TIME%\" }", - } - }, - nil) - }, - }, - { - name: "access-logs-text-stderr-disablelistenerlogs", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - // This should be passed into the snapshot through proxy-defaults - ns.Proxy.AccessLogs = structs.AccessLogsConfig{ - Enabled: true, - DisableListenerLogs: true, - Type: structs.StdErrLogSinkType, - TextFormat: "CUSTOM FORMAT %START_TIME%", - } - }, - nil) - }, - }, - } -} - -func getTLSGoldenTestCases() []goldenTestCase { - return []goldenTestCase{ - { - name: "connect-proxy-with-tls-outgoing-min-version-auto", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Outgoing: &structs.MeshDirectionalTLSConfig{ - TLSMinVersion: types.TLSVersionAuto, - }, - }, - }, - }, - }, - }) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-tls-outgoing-min-version", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Outgoing: &structs.MeshDirectionalTLSConfig{ - TLSMinVersion: types.TLSv1_3, - }, - }, - }, - }, - }, - }) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-tls-outgoing-max-version", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Outgoing: &structs.MeshDirectionalTLSConfig{ - TLSMaxVersion: types.TLSv1_2, - }, - }, - }, - }, - }, - }) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-tls-outgoing-cipher-suites", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Outgoing: &structs.MeshDirectionalTLSConfig{ - CipherSuites: []types.TLSCipherSuite{ - types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - }, - }, - }, - }, - }, - }, - }) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-tls-incoming-min-version", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Incoming: &structs.MeshDirectionalTLSConfig{ - TLSMinVersion: types.TLSv1_3, - }, - }, - }, - }, - }, - }) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-tls-incoming-max-version", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Incoming: &structs.MeshDirectionalTLSConfig{ - TLSMaxVersion: types.TLSv1_2, - }, - }, - }, - }, - }, - }) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-tls-incoming-cipher-suites", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, nil, []proxycfg.UpdateEvent{ - { - CorrelationID: "mesh", - Result: &structs.ConfigEntryResponse{ - Entry: &structs.MeshConfigEntry{ - TLS: &structs.MeshTLSConfig{ - Incoming: &structs.MeshDirectionalTLSConfig{ - CipherSuites: []types.TLSCipherSuite{ - types.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - types.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, - }, - }, - }, - }, - }, - }, - }) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-with-tproxy-and-permissive-mtls", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.MutualTLSMode = structs.MutualTLSModePermissive - ns.Proxy.Mode = structs.ProxyModeTransparent - ns.Proxy.TransparentProxy.OutboundListenerPort = 1234 - }, - nil) - }, - alsoRunTestForV2: true, - }, - { - name: "connect-proxy-without-tproxy-and-permissive-mtls", - create: func(t testinf.T) *proxycfg.ConfigSnapshot { - return proxycfg.TestConfigSnapshot(t, func(ns *structs.NodeService) { - ns.Proxy.MutualTLSMode = structs.MutualTLSModePermissive - }, - nil) - }, - alsoRunTestForV2: true, - }, - } -} - -func getPeeredGoldenTestCases() []goldenTestCase { - return []goldenTestCase{ - { - name: "connect-proxy-with-peered-upstreams", - create: proxycfg.TestConfigSnapshotPeering, - // TODO(proxystate): peering will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-peered-upstreams-escape-overrides", - create: proxycfg.TestConfigSnapshotPeeringWithEscapeOverrides, - // TODO(proxystate): peering will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "connect-proxy-with-peered-upstreams-http2", - create: proxycfg.TestConfigSnapshotPeeringWithHTTP2, - // TODO(proxystate): peering will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "transparent-proxy-with-peered-upstreams", - create: proxycfg.TestConfigSnapshotPeeringTProxy, - // TODO(proxystate): peering will come at a later date. - alsoRunTestForV2: false, - }, - { - name: "local-mesh-gateway-with-peered-upstreams", - create: proxycfg.TestConfigSnapshotPeeringLocalMeshGateway, - // TODO(proxystate): mesh gateways and peering will come at a later date. - alsoRunTestForV2: false, }, } } diff --git a/agent/xds/routes.go b/agent/xds/routes.go index d4e289e033785..6ef5b470905c7 100644 --- a/agent/xds/routes.go +++ b/agent/xds/routes.go @@ -61,11 +61,6 @@ func (s *ResourceGenerator) routesForConnectProxy(cfgSnap *proxycfg.ConfigSnapsh continue } - if !structs.IsProtocolHTTPLike(chain.Protocol) { - // Routes can only be defined for HTTP services - continue - } - virtualHost, err := s.makeUpstreamRouteForDiscoveryChain(cfgSnap, uid, chain, []string{"*"}, false, perRouteFilterBuilder{}) if err != nil { return nil, err @@ -445,6 +440,8 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot readyListeners := getReadyListeners(cfgSnap) listenerNames := maps.Keys(readyListeners) sort.Strings(listenerNames) + + // Iterate over all listeners that are ready and configure their routes. for _, listenerName := range listenerNames { readyListener, ok := readyListeners[listenerName] if !ok { @@ -486,6 +483,7 @@ func (s *ResourceGenerator) routesForAPIGateway(cfgSnap *proxycfg.ConfigSnapshot continue } + consolidatedRoute := consolidatedRoute // Reassignment to avoid closure issues with the loop variable. domains := generateUpstreamAPIsDomains(readyListener.listenerKey, upstream, consolidatedRoute.Hostnames) filterBuilder := perRouteFilterBuilder{providerMap: cfgSnap.JWTProviders, listener: &readyListener.listenerCfg, route: &consolidatedRoute} diff --git a/agent/xds/routes_test.go b/agent/xds/routes_test.go index eff0e32ad1b89..eda10f2234667 100644 --- a/agent/xds/routes_test.go +++ b/agent/xds/routes_test.go @@ -4,16 +4,403 @@ package xds import ( + "path/filepath" + "sort" "testing" "time" envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + testinf "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/require" "google.golang.org/protobuf/types/known/durationpb" + "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/agent/xds/proxystateconverter" + "github.com/hashicorp/consul/agent/xds/response" + "github.com/hashicorp/consul/agent/xds/testcommon" + "github.com/hashicorp/consul/agent/xdsv2" + "github.com/hashicorp/consul/envoyextensions/xdscommon" + "github.com/hashicorp/consul/sdk/testutil" ) +type routeTestCase struct { + name string + create func(t testinf.T) *proxycfg.ConfigSnapshot + overrideGoldenName string + alsoRunTestForV2 bool +} + +func makeRouteDiscoChainTests(enterprise bool) []routeTestCase { + return []routeTestCase{ + { + name: "connect-proxy-with-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-external-sni", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "external-sni", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-splitter-overweight", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-overweight", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-and-overrides", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "simple-with-overrides", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "splitter-with-resolver-redirect", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "splitter-with-resolver-redirect-multidc", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-and-splitter", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-splitter", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-grpc-router", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "grpc-router", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-with-chain-and-router", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "chain-and-router", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-lb-in-resolver", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "lb-resolver", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-route-to-lb-resolver", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "redirect-to-lb-node", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + { + name: "connect-proxy-resolver-with-lb", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotDiscoveryChain(t, "resolver-with-lb", enterprise, nil, nil) + }, + alsoRunTestForV2: true, + }, + } +} + +func TestRoutesFromSnapshot(t *testing.T) { + // TODO: we should move all of these to TestAllResourcesFromSnapshot + // eventually to test all of the xDS types at once with the same input, + // just as it would be triggered by our xDS server. + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + tests := []routeTestCase{ + // TODO(rb): test match stanza skipped for grpc + // Start ingress gateway test cases + { + name: "ingress-config-entry-nil", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-defaults-no-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, false, "tcp", + "default", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "simple", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain-external-sni", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", + "external-sni", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-splitter-with-resolver-redirect", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", + "splitter-with-resolver-redirect-multidc", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain-and-splitter", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", + "chain-and-splitter", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-grpc-router", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", + "grpc-router", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain-and-router", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", + "chain-and-router", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-lb-in-resolver", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway(t, true, "http", + "lb-resolver", nil, nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-http-multiple-services", + create: proxycfg.TestConfigSnapshotIngress_HTTPMultipleServices, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-grpc-multiple-services", + create: proxycfg.TestConfigSnapshotIngress_GRPCMultipleServices, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-chain-and-router-header-manip", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "router-header-manip", nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-sds-listener-level", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-listener-level", nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-sds-listener-level-wildcard", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-listener-level-wildcard", nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-sds-service-level", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-service-level", nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "ingress-with-sds-service-level-mixed-tls", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGatewayWithChain(t, "sds-service-level-mixed-tls", nil, nil) + }, + // TODO(proxystate): ingress gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "terminating-gateway-lb-config", + create: proxycfg.TestConfigSnapshotTerminatingGatewayLBConfig, + // TODO(proxystate): terminating gateway will come at a later time + alsoRunTestForV2: false, + }, + { + name: "api-gateway-with-multiple-hostnames", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotAPIGateway(t, "default", nil, func(entry *structs.APIGatewayConfigEntry, bound *structs.BoundAPIGatewayConfigEntry) { + entry.Listeners = []structs.APIGatewayListener{ + { + Name: "http", + Protocol: structs.ListenerProtocolHTTP, + Port: 8080, + Hostname: "*.example.com", + }, + } + bound.Listeners = []structs.BoundAPIGatewayListener{ + { + Name: "http", + Routes: []structs.ResourceReference{ + {Kind: structs.HTTPRoute, Name: "backend-route"}, + {Kind: structs.HTTPRoute, Name: "frontend-route"}, + {Kind: structs.HTTPRoute, Name: "generic-route"}, + }}, + } + }, + []structs.BoundRoute{ + &structs.HTTPRouteConfigEntry{ + Kind: structs.HTTPRoute, + Name: "backend-route", + Hostnames: []string{"backend.example.com"}, + Parents: []structs.ResourceReference{{Kind: structs.APIGateway, Name: "api-gateway"}}, + Rules: []structs.HTTPRouteRule{ + {Services: []structs.HTTPService{{Name: "backend"}}}, + }, + }, + &structs.HTTPRouteConfigEntry{ + Kind: structs.HTTPRoute, + Name: "frontend-route", + Hostnames: []string{"frontend.example.com"}, + Parents: []structs.ResourceReference{{Kind: structs.APIGateway, Name: "api-gateway"}}, + Rules: []structs.HTTPRouteRule{ + {Services: []structs.HTTPService{{Name: "frontend"}}}, + }, + }, + &structs.HTTPRouteConfigEntry{ + Kind: structs.HTTPRoute, + Name: "generic-route", + Parents: []structs.ResourceReference{{Kind: structs.APIGateway, Name: "api-gateway"}}, + Rules: []structs.HTTPRouteRule{ + { + Matches: []structs.HTTPMatch{{Path: structs.HTTPPathMatch{Match: structs.HTTPPathMatchPrefix, Value: "/frontend"}}}, + Services: []structs.HTTPService{{Name: "frontend"}}, + }, + { + Matches: []structs.HTTPMatch{{Path: structs.HTTPPathMatch{Match: structs.HTTPPathMatchPrefix, Value: "/backend"}}}, + Services: []structs.HTTPService{{Name: "backend"}}, + }, + }, + }, + }, nil, nil) + }, + }, + } + + tests = append(tests, makeRouteDiscoChainTests(false)...) + + latestEnvoyVersion := xdscommon.EnvoyVersions[0] + for _, envoyVersion := range xdscommon.EnvoyVersions { + sf, err := xdscommon.DetermineSupportedProxyFeaturesFromString(envoyVersion) + require.NoError(t, err) + t.Run("envoy-"+envoyVersion, func(t *testing.T) { + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Sanity check default with no overrides first + snap := tt.create(t) + + // We need to replace the TLS certs with deterministic ones to make golden + // files workable. Note we don't update these otherwise they'd change + // golden files for every test case and so not be any use! + testcommon.SetupTLSRootsAndLeaf(t, snap) + + g := NewResourceGenerator(testutil.Logger(t), nil, false) + g.ProxyFeatures = sf + + routes, err := g.routesFromSnapshot(snap) + require.NoError(t, err) + + sort.Slice(routes, func(i, j int) bool { + return routes[i].(*envoy_route_v3.RouteConfiguration).Name < routes[j].(*envoy_route_v3.RouteConfiguration).Name + }) + r, err := response.CreateResponse(xdscommon.RouteType, "00000001", "00000001", routes) + require.NoError(t, err) + + t.Run("current-xdsv1", func(t *testing.T) { + gotJSON := protoToJSON(t, r) + + gName := tt.name + if tt.overrideGoldenName != "" { + gName = tt.overrideGoldenName + } + + require.JSONEq(t, goldenEnvoy(t, filepath.Join("routes", gName), envoyVersion, latestEnvoyVersion, gotJSON), gotJSON) + }) + + if tt.alsoRunTestForV2 { + generator := xdsv2.NewResourceGenerator(testutil.Logger(t)) + + converter := proxystateconverter.NewConverter(testutil.Logger(t), &mockCfgFetcher{addressLan: "10.10.10.10"}) + proxyState, err := converter.ProxyStateFromSnapshot(snap) + require.NoError(t, err) + + res, err := generator.AllResourcesFromIR(proxyState) + require.NoError(t, err) + + routes = res[xdscommon.RouteType] + // The order of routes returned via RDS isn't relevant, so it's safe + // to sort these for the purposes of test comparisons. + sort.Slice(routes, func(i, j int) bool { + return routes[i].(*envoy_route_v3.Route).Name < routes[j].(*envoy_route_v3.Route).Name + }) + + r, err := response.CreateResponse(xdscommon.RouteType, "00000001", "00000001", routes) + require.NoError(t, err) + + t.Run("current-xdsv2", func(t *testing.T) { + gotJSON := protoToJSON(t, r) + + gName := tt.name + if tt.overrideGoldenName != "" { + gName = tt.overrideGoldenName + } + + expectedJSON := goldenEnvoy(t, filepath.Join("routes", gName), envoyVersion, latestEnvoyVersion, gotJSON) + require.JSONEq(t, expectedJSON, gotJSON) + }) + } + }) + } + }) + } +} + func TestEnvoyLBConfig_InjectToRouteAction(t *testing.T) { var tests = []struct { name string diff --git a/agent/xds/testdata/builtin_extension/routes/propertyoverride-patch-specific-upstream-service-failover.latest.golden b/agent/xds/testdata/builtin_extension/routes/propertyoverride-patch-specific-upstream-service-failover.latest.golden index 8b919343d21a9..63ede4b9ebe1e 100644 --- a/agent/xds/testdata/builtin_extension/routes/propertyoverride-patch-specific-upstream-service-failover.latest.golden +++ b/agent/xds/testdata/builtin_extension/routes/propertyoverride-patch-specific-upstream-service-failover.latest.golden @@ -1,5 +1,32 @@ { "nonce": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "mostSpecificHeaderMutationsWins": true, + "name": "db", + "validateClusters": true, + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "db", + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "33s" + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "versionInfo": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/clusters/access-logs-defaults.latest.golden b/agent/xds/testdata/clusters/access-logs-defaults.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/access-logs-defaults.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/access-logs-json-file.latest.golden b/agent/xds/testdata/clusters/access-logs-json-file.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/access-logs-json-file.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/access-logs-text-stderr-disablelistenerlogs.latest.golden b/agent/xds/testdata/clusters/access-logs-text-stderr-disablelistenerlogs.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/access-logs-text-stderr-disablelistenerlogs.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/api-gateway-http-listener-with-http-route.latest.golden b/agent/xds/testdata/clusters/api-gateway-http-listener-with-http-route.latest.golden deleted file mode 100644 index a03e0e29fc3ab..0000000000000 --- a/agent/xds/testdata/clusters/api-gateway-http-listener-with-http-route.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "http-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "http-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/http-service" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "http-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/api-gateway-http-listener.latest.golden b/agent/xds/testdata/clusters/api-gateway-http-listener.latest.golden deleted file mode 100644 index 04106b67f20ad..0000000000000 --- a/agent/xds/testdata/clusters/api-gateway-http-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/api-gateway-nil-config-entry.latest.golden b/agent/xds/testdata/clusters/api-gateway-nil-config-entry.latest.golden deleted file mode 100644 index 04106b67f20ad..0000000000000 --- a/agent/xds/testdata/clusters/api-gateway-nil-config-entry.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden b/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden deleted file mode 100644 index 83c3cae4e875a..0000000000000 --- a/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "http-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "http-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/http-service" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "http-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/tcp-service" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-route.latest.golden b/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-route.latest.golden deleted file mode 100644 index c1a9d880f9144..0000000000000 --- a/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-route.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/tcp-service" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "tcp-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/api-gateway-tcp-listener.latest.golden b/agent/xds/testdata/clusters/api-gateway-tcp-listener.latest.golden deleted file mode 100644 index 04106b67f20ad..0000000000000 --- a/agent/xds/testdata/clusters/api-gateway-tcp-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/api-gateway-with-multiple-hostnames.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-multiple-hostnames.latest.golden deleted file mode 100644 index 216574da828df..0000000000000 --- a/agent/xds/testdata/clusters/api-gateway-with-multiple-hostnames.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "backend.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "backend.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/backend" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "backend.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "frontend.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "frontend.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/frontend" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "frontend.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/api-gateway.latest.golden b/agent/xds/testdata/clusters/api-gateway.latest.golden deleted file mode 100644 index 04106b67f20ad..0000000000000 --- a/agent/xds/testdata/clusters/api-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-resolver-with-lb.latest.golden b/agent/xds/testdata/clusters/connect-proxy-resolver-with-lb.latest.golden deleted file mode 100644 index ff832d784bcb0..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-resolver-with-lb.latest.golden +++ /dev/null @@ -1,132 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "lbPolicy": "RING_HASH", - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "ringHashLbConfig": { - "maximumRingSize": "30", - "minimumRingSize": "20" - }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-route-to-lb-resolver.latest.golden b/agent/xds/testdata/clusters/connect-proxy-route-to-lb-resolver.latest.golden deleted file mode 100644 index 4235b653fabfe..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-route-to-lb-resolver.latest.golden +++ /dev/null @@ -1,180 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "lbPolicy": "RING_HASH", - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "ringHashLbConfig": { - "maximumRingSize": "30", - "minimumRingSize": "20" - }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-splitter-overweight.latest.golden b/agent/xds/testdata/clusters/connect-proxy-splitter-overweight.latest.golden deleted file mode 100644 index 4f4e0d2144af1..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-splitter-overweight.latest.golden +++ /dev/null @@ -1,223 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-upstream-defaults.latest.golden b/agent/xds/testdata/clusters/connect-proxy-upstream-defaults.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-upstream-defaults.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-router.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-router.latest.golden deleted file mode 100644 index 013e86137f282..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-router.latest.golden +++ /dev/null @@ -1,1519 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-splitter.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-splitter.latest.golden deleted file mode 100644 index 4f4e0d2144af1..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-splitter.latest.golden +++ /dev/null @@ -1,223 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-default-chain-and-custom-cluster.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-default-chain-and-custom-cluster.latest.golden deleted file mode 100644 index 8ec7314419f19..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-default-chain-and-custom-cluster.latest.golden +++ /dev/null @@ -1,133 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "15s", - "loadAssignment": { - "clusterName": "myservice", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "myservice", - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-grpc-chain.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-grpc-chain.latest.golden deleted file mode 100644 index f03d8c0ffcc9a..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-grpc-chain.latest.golden +++ /dev/null @@ -1,135 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-grpc-router.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-grpc-router.latest.golden deleted file mode 100644 index a594d0b7cee3f..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-grpc-router.latest.golden +++ /dev/null @@ -1,191 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-http-chain.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-http-chain.latest.golden deleted file mode 100644 index 69904e61ca163..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-http-chain.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-http2-chain.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-http2-chain.latest.golden deleted file mode 100644 index f03d8c0ffcc9a..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-http2-chain.latest.golden +++ /dev/null @@ -1,135 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain.latest.golden deleted file mode 100644 index 69904e61ca163..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-cipher-suites.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-cipher-suites.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-cipher-suites.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-max-version.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-max-version.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-max-version.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-min-version.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-min-version.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-min-version.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden deleted file mode 100644 index c8d1eb2d356d3..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden +++ /dev/null @@ -1,134 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "lbPolicy": "CLUSTER_PROVIDED", - "name": "original-destination", - "type": "ORIGINAL_DST" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/clusters/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/custom-public-listener-http-2.latest.golden b/agent/xds/testdata/clusters/custom-public-listener-http-2.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/custom-public-listener-http-2.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/custom-public-listener-http-missing.latest.golden b/agent/xds/testdata/clusters/custom-public-listener-http-missing.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/custom-public-listener-http-missing.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/custom-public-listener-http.latest.golden b/agent/xds/testdata/clusters/custom-public-listener-http.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/custom-public-listener-http.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/custom-public-listener.latest.golden b/agent/xds/testdata/clusters/custom-public-listener.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/custom-public-listener.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/custom-trace-listener.latest.golden b/agent/xds/testdata/clusters/custom-trace-listener.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/custom-trace-listener.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/custom-upstream-ignored-with-disco-chain.latest.golden b/agent/xds/testdata/clusters/custom-upstream-ignored-with-disco-chain.latest.golden deleted file mode 100644 index a6c7b69749e67..0000000000000 --- a/agent/xds/testdata/clusters/custom-upstream-ignored-with-disco-chain.latest.golden +++ /dev/null @@ -1,192 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "clusterType": { - "name": "envoy.clusters.aggregate", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.clusters.aggregate.v3.ClusterConfig", - "clusters": [ - "failover-target~0~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "failover-target~1~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - } - }, - "connectTimeout": "33s", - "lbPolicy": "CLUSTER_PROVIDED", - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "failover-target~0~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "failover-target~0~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "failover-target~1~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "failover-target~1~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "fail.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/expose-checks-grpc.latest.golden b/agent/xds/testdata/clusters/expose-checks-grpc.latest.golden deleted file mode 100644 index 0c94321dbb68b..0000000000000 --- a/agent/xds/testdata/clusters/expose-checks-grpc.latest.golden +++ /dev/null @@ -1,65 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "exposed_cluster_9090", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9090 - } - } - } - } - ] - } - ] - }, - "name": "exposed_cluster_9090", - "type": "STATIC", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/expose-checks-http-with-bind-override.latest.golden b/agent/xds/testdata/clusters/expose-checks-http-with-bind-override.latest.golden deleted file mode 100644 index 59d8b46b80e29..0000000000000 --- a/agent/xds/testdata/clusters/expose-checks-http-with-bind-override.latest.golden +++ /dev/null @@ -1,57 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "exposed_cluster_8181", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8181 - } - } - } - } - ] - } - ] - }, - "name": "exposed_cluster_8181", - "type": "STATIC" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/expose-checks-http.latest.golden b/agent/xds/testdata/clusters/expose-checks-http.latest.golden deleted file mode 100644 index 59d8b46b80e29..0000000000000 --- a/agent/xds/testdata/clusters/expose-checks-http.latest.golden +++ /dev/null @@ -1,57 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "exposed_cluster_8181", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8181 - } - } - } - } - ] - } - ] - }, - "name": "exposed_cluster_8181", - "type": "STATIC" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/grpc-public-listener.latest.golden b/agent/xds/testdata/clusters/grpc-public-listener.latest.golden deleted file mode 100644 index a5bb1cfdea55f..0000000000000 --- a/agent/xds/testdata/clusters/grpc-public-listener.latest.golden +++ /dev/null @@ -1,136 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "useDownstreamProtocolConfig": { - "http2ProtocolOptions": {}, - "httpProtocolOptions": {} - } - } - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/http-listener-with-timeouts.latest.golden b/agent/xds/testdata/clusters/http-listener-with-timeouts.latest.golden deleted file mode 100644 index 688adfb4c5698..0000000000000 --- a/agent/xds/testdata/clusters/http-listener-with-timeouts.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "1.234s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/http-public-listener-no-xfcc.latest.golden b/agent/xds/testdata/clusters/http-public-listener-no-xfcc.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/http-public-listener-no-xfcc.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/http-public-listener.latest.golden b/agent/xds/testdata/clusters/http-public-listener.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/http-public-listener.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/http-upstream.latest.golden b/agent/xds/testdata/clusters/http-upstream.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/http-upstream.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/http2-public-listener.latest.golden b/agent/xds/testdata/clusters/http2-public-listener.latest.golden deleted file mode 100644 index a5bb1cfdea55f..0000000000000 --- a/agent/xds/testdata/clusters/http2-public-listener.latest.golden +++ /dev/null @@ -1,136 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "useDownstreamProtocolConfig": { - "http2ProtocolOptions": {}, - "httpProtocolOptions": {} - } - } - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-config-entry-nil.latest.golden b/agent/xds/testdata/clusters/ingress-config-entry-nil.latest.golden deleted file mode 100644 index 04106b67f20ad..0000000000000 --- a/agent/xds/testdata/clusters/ingress-config-entry-nil.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-defaults-no-chain.latest.golden b/agent/xds/testdata/clusters/ingress-defaults-no-chain.latest.golden deleted file mode 100644 index 04106b67f20ad..0000000000000 --- a/agent/xds/testdata/clusters/ingress-defaults-no-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-gateway-bind-addrs.latest.golden b/agent/xds/testdata/clusters/ingress-gateway-bind-addrs.latest.golden deleted file mode 100644 index 699ed14e9cc25..0000000000000 --- a/agent/xds/testdata/clusters/ingress-gateway-bind-addrs.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-grpc-multiple-services.latest.golden b/agent/xds/testdata/clusters/ingress-grpc-multiple-services.latest.golden deleted file mode 100644 index 6fad08d9c3b2f..0000000000000 --- a/agent/xds/testdata/clusters/ingress-grpc-multiple-services.latest.golden +++ /dev/null @@ -1,119 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-http-multiple-services.latest.golden b/agent/xds/testdata/clusters/ingress-http-multiple-services.latest.golden deleted file mode 100644 index f4ba7f1802db1..0000000000000 --- a/agent/xds/testdata/clusters/ingress-http-multiple-services.latest.golden +++ /dev/null @@ -1,199 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "baz.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "baz.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/baz" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "baz.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "qux.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "qux.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/qux" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "qux.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-chain-and-router-header-manip.latest.golden b/agent/xds/testdata/clusters/ingress-with-chain-and-router-header-manip.latest.golden deleted file mode 100644 index 284cbeb37ce6b..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-chain-and-router-header-manip.latest.golden +++ /dev/null @@ -1,1447 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-chain-and-router.latest.golden b/agent/xds/testdata/clusters/ingress-with-chain-and-router.latest.golden deleted file mode 100644 index 284cbeb37ce6b..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-chain-and-router.latest.golden +++ /dev/null @@ -1,1447 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-chain-and-splitter.latest.golden b/agent/xds/testdata/clusters/ingress-with-chain-and-splitter.latest.golden deleted file mode 100644 index 22df1ec44b2ef..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-chain-and-splitter.latest.golden +++ /dev/null @@ -1,151 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-grpc-router.latest.golden b/agent/xds/testdata/clusters/ingress-with-grpc-router.latest.golden deleted file mode 100644 index 110fab806ef8c..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-grpc-router.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "33s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-grpc-single-tls-listener.latest.golden b/agent/xds/testdata/clusters/ingress-with-grpc-single-tls-listener.latest.golden deleted file mode 100644 index f1a8500c6c5b1..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-grpc-single-tls-listener.latest.golden +++ /dev/null @@ -1,119 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden b/agent/xds/testdata/clusters/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden deleted file mode 100644 index f1a8500c6c5b1..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden +++ /dev/null @@ -1,119 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-http2-single-tls-listener.latest.golden b/agent/xds/testdata/clusters/ingress-with-http2-single-tls-listener.latest.golden deleted file mode 100644 index f1a8500c6c5b1..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-http2-single-tls-listener.latest.golden +++ /dev/null @@ -1,119 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS", - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener+service-level.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener+service-level.latest.golden deleted file mode 100644 index 8a9c954b9709f..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener+service-level.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-http.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-http.latest.golden deleted file mode 100644 index 64347312f9384..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-http.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/http" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden deleted file mode 100644 index d168b6488e653..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "insecure.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "insecure.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/insecure" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "insecure.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "secure.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "secure.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/secure" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "secure.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level.latest.golden deleted file mode 100644 index 699ed14e9cc25..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-level-wildcard.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-level-wildcard.latest.golden deleted file mode 100644 index d8aee80140849..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-level-wildcard.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-level.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-level.latest.golden deleted file mode 100644 index d8aee80140849..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-level.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-listener-level.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-listener-level.latest.golden deleted file mode 100644 index 699ed14e9cc25..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-listener-level.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-service-level-2.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-service-level-2.latest.golden deleted file mode 100644 index d8aee80140849..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-service-level-2.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-no-tls.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-no-tls.latest.golden deleted file mode 100644 index 8a9c954b9709f..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-no-tls.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-tls.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-tls.latest.golden deleted file mode 100644 index d8aee80140849..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-tls.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "22s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-sds-service-level.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-service-level.latest.golden deleted file mode 100644 index 8a9c954b9709f..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-sds-service-level.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-single-tls-listener.latest.golden b/agent/xds/testdata/clusters/ingress-with-single-tls-listener.latest.golden deleted file mode 100644 index 8a9c954b9709f..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-single-tls-listener.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-tls-listener-cipher-suites.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-listener-cipher-suites.latest.golden deleted file mode 100644 index 699ed14e9cc25..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-tls-listener-cipher-suites.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-tls-listener-max-version.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-listener-max-version.latest.golden deleted file mode 100644 index 699ed14e9cc25..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-tls-listener-max-version.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-tls-listener-min-version.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-listener-min-version.latest.golden deleted file mode 100644 index 699ed14e9cc25..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-tls-listener-min-version.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-tls-listener.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-listener.latest.golden deleted file mode 100644 index 699ed14e9cc25..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-tls-listener.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden deleted file mode 100644 index e911eee75ce88..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden +++ /dev/null @@ -1,199 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s3" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s4.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s4.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s4" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s4.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden deleted file mode 100644 index 8a9c954b9709f..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-tls-mixed-listeners.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-mixed-listeners.latest.golden deleted file mode 100644 index 8a9c954b9709f..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-tls-mixed-listeners.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-tls-mixed-max-version-listeners.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-mixed-max-version-listeners.latest.golden deleted file mode 100644 index 4773f59818994..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-tls-mixed-max-version-listeners.latest.golden +++ /dev/null @@ -1,151 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s3" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/ingress-with-tls-mixed-min-version-listeners.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-mixed-min-version-listeners.latest.golden deleted file mode 100644 index 4773f59818994..0000000000000 --- a/agent/xds/testdata/clusters/ingress-with-tls-mixed-min-version-listeners.latest.golden +++ /dev/null @@ -1,151 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s3" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/listener-balance-inbound-connections.latest.golden b/agent/xds/testdata/clusters/listener-balance-inbound-connections.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/listener-balance-inbound-connections.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/listener-balance-outbound-connections-bind-port.latest.golden b/agent/xds/testdata/clusters/listener-balance-outbound-connections-bind-port.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/listener-balance-outbound-connections-bind-port.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/listener-bind-address-port.latest.golden b/agent/xds/testdata/clusters/listener-bind-address-port.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/listener-bind-address-port.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/listener-bind-address.latest.golden b/agent/xds/testdata/clusters/listener-bind-address.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/listener-bind-address.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/listener-bind-port.latest.golden b/agent/xds/testdata/clusters/listener-bind-port.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/listener-bind-port.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/listener-max-inbound-connections.latest.golden b/agent/xds/testdata/clusters/listener-max-inbound-connections.latest.golden deleted file mode 100644 index e7bd10da000cc..0000000000000 --- a/agent/xds/testdata/clusters/listener-max-inbound-connections.latest.golden +++ /dev/null @@ -1,134 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": { - "thresholds": [ - { - "maxConnections": 222 - } - ] - }, - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/listener-unix-domain-socket.latest.golden b/agent/xds/testdata/clusters/listener-unix-domain-socket.latest.golden deleted file mode 100644 index 5a25e882ab312..0000000000000 --- a/agent/xds/testdata/clusters/listener-unix-domain-socket.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/mesh-gateway-custom-addresses.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-custom-addresses.latest.golden deleted file mode 100644 index caa140aac2d50..0000000000000 --- a/agent/xds/testdata/clusters/mesh-gateway-custom-addresses.latest.golden +++ /dev/null @@ -1,106 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-west-2.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-east-1.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/mesh-gateway-default-service-subset.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-default-service-subset.latest.golden deleted file mode 100644 index fb63679d49ba7..0000000000000 --- a/agent/xds/testdata/clusters/mesh-gateway-default-service-subset.latest.golden +++ /dev/null @@ -1,158 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-west-2.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-east-1.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "v1.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "v1.foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "v2.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "v2.foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/mesh-gateway-newer-information-in-federation-states.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-newer-information-in-federation-states.latest.golden deleted file mode 100644 index caa140aac2d50..0000000000000 --- a/agent/xds/testdata/clusters/mesh-gateway-newer-information-in-federation-states.latest.golden +++ /dev/null @@ -1,106 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-west-2.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-east-1.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/mesh-gateway-older-information-in-federation-states.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-older-information-in-federation-states.latest.golden deleted file mode 100644 index caa140aac2d50..0000000000000 --- a/agent/xds/testdata/clusters/mesh-gateway-older-information-in-federation-states.latest.golden +++ /dev/null @@ -1,106 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-west-2.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-east-1.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/mesh-gateway-service-subsets2.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-service-subsets2.latest.golden deleted file mode 100644 index fb63679d49ba7..0000000000000 --- a/agent/xds/testdata/clusters/mesh-gateway-service-subsets2.latest.golden +++ /dev/null @@ -1,158 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-west-2.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-east-1.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "v1.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "v1.foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "v2.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "v2.foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/mesh-gateway-tagged-addresses.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-tagged-addresses.latest.golden deleted file mode 100644 index caa140aac2d50..0000000000000 --- a/agent/xds/testdata/clusters/mesh-gateway-tagged-addresses.latest.golden +++ /dev/null @@ -1,106 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-west-2.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "123.us-east-1.elb.notaws.com", - "portValue": 443 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-custom-and-tagged-addresses.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-custom-and-tagged-addresses.latest.golden deleted file mode 100644 index 07cf25087bd1c..0000000000000 --- a/agent/xds/testdata/clusters/terminating-gateway-custom-and-tagged-addresses.latest.golden +++ /dev/null @@ -1,148 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "api.altdomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "filename": "api.cert.pem" - }, - "privateKey": { - "filename": "api.key.pem" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "cache.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "db.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-custom-trace-listener.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-custom-trace-listener.latest.golden deleted file mode 100644 index 07cf25087bd1c..0000000000000 --- a/agent/xds/testdata/clusters/terminating-gateway-custom-trace-listener.latest.golden +++ /dev/null @@ -1,148 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "api.altdomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "filename": "api.cert.pem" - }, - "privateKey": { - "filename": "api.key.pem" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "cache.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "db.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-default-service-subset.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-default-service-subset.latest.golden deleted file mode 100644 index 067195261be88..0000000000000 --- a/agent/xds/testdata/clusters/terminating-gateway-default-service-subset.latest.golden +++ /dev/null @@ -1,202 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "api.altdomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "filename": "api.cert.pem" - }, - "privateKey": { - "filename": "api.key.pem" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "cache.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "db.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-lb-config-no-hash-policies.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-lb-config-no-hash-policies.latest.golden deleted file mode 100644 index 2820af6f1e977..0000000000000 --- a/agent/xds/testdata/clusters/terminating-gateway-lb-config-no-hash-policies.latest.golden +++ /dev/null @@ -1,217 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "api.altdomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "filename": "api.cert.pem" - }, - "privateKey": { - "filename": "api.key.pem" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "cache.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "db.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "lbPolicy": "RING_HASH", - "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "ringHashLbConfig": { - "maximumRingSize": "50", - "minimumRingSize": "20" - }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "lbPolicy": "RING_HASH", - "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "ringHashLbConfig": { - "maximumRingSize": "50", - "minimumRingSize": "20" - }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "lbPolicy": "RING_HASH", - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "ringHashLbConfig": { - "maximumRingSize": "50", - "minimumRingSize": "20" - }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-no-api-cert.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-no-api-cert.latest.golden deleted file mode 100644 index 07cf25087bd1c..0000000000000 --- a/agent/xds/testdata/clusters/terminating-gateway-no-api-cert.latest.golden +++ /dev/null @@ -1,148 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "api.altdomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "filename": "api.cert.pem" - }, - "privateKey": { - "filename": "api.key.pem" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "cache.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "db.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-with-peer-trust-bundle.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-with-peer-trust-bundle.latest.golden deleted file mode 100644 index 07cf25087bd1c..0000000000000 --- a/agent/xds/testdata/clusters/terminating-gateway-with-peer-trust-bundle.latest.golden +++ /dev/null @@ -1,148 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "api.altdomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "filename": "api.cert.pem" - }, - "privateKey": { - "filename": "api.key.pem" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "cache.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "db.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden deleted file mode 100644 index 07cf25087bd1c..0000000000000 --- a/agent/xds/testdata/clusters/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden +++ /dev/null @@ -1,148 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "api.altdomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "filename": "api.cert.pem" - }, - "privateKey": { - "filename": "api.key.pem" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "cache.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "db.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-with-tls-incoming-max-version.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-with-tls-incoming-max-version.latest.golden deleted file mode 100644 index 07cf25087bd1c..0000000000000 --- a/agent/xds/testdata/clusters/terminating-gateway-with-tls-incoming-max-version.latest.golden +++ /dev/null @@ -1,148 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "api.altdomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "filename": "api.cert.pem" - }, - "privateKey": { - "filename": "api.key.pem" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "cache.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "db.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/terminating-gateway-with-tls-incoming-min-version.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-with-tls-incoming-min-version.latest.golden deleted file mode 100644 index 07cf25087bd1c..0000000000000 --- a/agent/xds/testdata/clusters/terminating-gateway-with-tls-incoming-min-version.latest.golden +++ /dev/null @@ -1,148 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "api.altdomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "filename": "api.cert.pem" - }, - "privateKey": { - "filename": "api.key.pem" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "cache.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "dnsLookupFamily": "V4_ONLY", - "dnsRefreshRate": "10s", - "loadAssignment": { - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "db.mydomain", - "portValue": 8081 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "type": "LOGICAL_DNS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "filename": "ca.cert.pem" - } - } - } - } - }, - "type": "EDS" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/transparent-proxy-http-upstream.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-http-upstream.latest.golden deleted file mode 100644 index fdc8e773170d0..0000000000000 --- a/agent/xds/testdata/clusters/transparent-proxy-http-upstream.latest.golden +++ /dev/null @@ -1,230 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "no-endpoints.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "no-endpoints.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "no-endpoints.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "lbPolicy": "CLUSTER_PROVIDED", - "name": "original-destination", - "type": "ORIGINAL_DST" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway.latest.golden deleted file mode 100644 index 2b3ceabc61b71..0000000000000 --- a/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway.latest.golden +++ /dev/null @@ -1,223 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/clusters/transparent-proxy-with-resolver-redirect-upstream.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-with-resolver-redirect-upstream.latest.golden deleted file mode 100644 index bf459c9ad9855..0000000000000 --- a/agent/xds/testdata/clusters/transparent-proxy-with-resolver-redirect-upstream.latest.golden +++ /dev/null @@ -1,182 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "circuitBreakers": {}, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" - }, - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "altStatName": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "circuitBreakers": {}, - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "connectTimeout": "5s", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "name": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "outlierDetection": {}, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "matchSubjectAltNames": [ - { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" - } - ], - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "sni": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - "type": "EDS" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "loadAssignment": { - "clusterName": "local_app", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - }, - "name": "local_app", - "type": "STATIC" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "connectTimeout": "5s", - "lbPolicy": "CLUSTER_PROVIDED", - "name": "original-destination", - "type": "ORIGINAL_DST" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/access-logs-defaults.latest.golden b/agent/xds/testdata/endpoints/access-logs-defaults.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/access-logs-defaults.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/access-logs-json-file.latest.golden b/agent/xds/testdata/endpoints/access-logs-json-file.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/access-logs-json-file.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/access-logs-text-stderr-disablelistenerlogs.latest.golden b/agent/xds/testdata/endpoints/access-logs-text-stderr-disablelistenerlogs.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/access-logs-text-stderr-disablelistenerlogs.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/api-gateway-http-listener-with-http-route.latest.golden b/agent/xds/testdata/endpoints/api-gateway-http-listener-with-http-route.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/api-gateway-http-listener-with-http-route.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/api-gateway-http-listener.latest.golden b/agent/xds/testdata/endpoints/api-gateway-http-listener.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/api-gateway-http-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/api-gateway-nil-config-entry.latest.golden b/agent/xds/testdata/endpoints/api-gateway-nil-config-entry.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/api-gateway-nil-config-entry.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden b/agent/xds/testdata/endpoints/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/api-gateway-tcp-listener-with-tcp-route.latest.golden b/agent/xds/testdata/endpoints/api-gateway-tcp-listener-with-tcp-route.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/api-gateway-tcp-listener-with-tcp-route.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/api-gateway-tcp-listener.latest.golden b/agent/xds/testdata/endpoints/api-gateway-tcp-listener.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/api-gateway-tcp-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/api-gateway-with-multiple-hostnames.latest.golden b/agent/xds/testdata/endpoints/api-gateway-with-multiple-hostnames.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/api-gateway-with-multiple-hostnames.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/api-gateway.latest.golden b/agent/xds/testdata/endpoints/api-gateway.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/api-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-lb-in-resolver.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-lb-in-resolver.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-lb-in-resolver.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-resolver-with-lb.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-resolver-with-lb.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-resolver-with-lb.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-route-to-lb-resolver.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-route-to-lb-resolver.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-route-to-lb-resolver.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-splitter-overweight.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-splitter-overweight.latest.golden deleted file mode 100644 index fde7857a2ebd8..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-splitter-overweight.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-upstream-defaults.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-upstream-defaults.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-upstream-defaults.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-chain-and-router.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-chain-and-router.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-chain-and-router.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-chain-and-splitter.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-chain-and-splitter.latest.golden deleted file mode 100644 index fde7857a2ebd8..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-chain-and-splitter.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-chain-http2.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-chain-http2.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-chain-http2.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-grpc-chain.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-grpc-chain.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-grpc-chain.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-grpc-router.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-grpc-router.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-grpc-router.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-http-chain.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-http-chain.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-http-chain.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-http2-chain.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-http2-chain.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-http2-chain.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-local.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-local.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tls-incoming-cipher-suites.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tls-incoming-cipher-suites.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-tls-incoming-cipher-suites.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tls-incoming-max-version.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tls-incoming-max-version.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-tls-incoming-max-version.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tls-incoming-min-version.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tls-incoming-min-version.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-tls-incoming-min-version.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-max-version.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-max-version.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-max-version.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-min-version.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-min-version.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-tls-outgoing-min-version.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/endpoints/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-limits-max-connections-only.latest.golden b/agent/xds/testdata/endpoints/custom-limits-max-connections-only.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-limits-max-connections-only.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-limits-set-to-zero.latest.golden b/agent/xds/testdata/endpoints/custom-limits-set-to-zero.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-limits-set-to-zero.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-limits.latest.golden b/agent/xds/testdata/endpoints/custom-limits.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-limits.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-local-app.latest.golden b/agent/xds/testdata/endpoints/custom-local-app.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-local-app.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-max-inbound-connections.latest.golden b/agent/xds/testdata/endpoints/custom-max-inbound-connections.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-max-inbound-connections.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden b/agent/xds/testdata/endpoints/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-passive-healthcheck.latest.golden b/agent/xds/testdata/endpoints/custom-passive-healthcheck.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-passive-healthcheck.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-public-listener-http-2.latest.golden b/agent/xds/testdata/endpoints/custom-public-listener-http-2.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-public-listener-http-2.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-public-listener-http-missing.latest.golden b/agent/xds/testdata/endpoints/custom-public-listener-http-missing.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-public-listener-http-missing.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-public-listener-http.latest.golden b/agent/xds/testdata/endpoints/custom-public-listener-http.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-public-listener-http.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-public-listener.latest.golden b/agent/xds/testdata/endpoints/custom-public-listener.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-public-listener.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-timeouts.latest.golden b/agent/xds/testdata/endpoints/custom-timeouts.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-timeouts.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-trace-listener.latest.golden b/agent/xds/testdata/endpoints/custom-trace-listener.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/custom-trace-listener.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-upstream-default-chain.latest.golden b/agent/xds/testdata/endpoints/custom-upstream-default-chain.latest.golden deleted file mode 100644 index c0d604ae53a7b..0000000000000 --- a/agent/xds/testdata/endpoints/custom-upstream-default-chain.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "myservice", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-upstream-ignored-with-disco-chain.latest.golden b/agent/xds/testdata/endpoints/custom-upstream-ignored-with-disco-chain.latest.golden deleted file mode 100644 index ffaf0a6bae06e..0000000000000 --- a/agent/xds/testdata/endpoints/custom-upstream-ignored-with-disco-chain.latest.golden +++ /dev/null @@ -1,109 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "failover-target~0~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "failover-target~1~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-upstream-with-prepared-query.latest.golden b/agent/xds/testdata/endpoints/custom-upstream-with-prepared-query.latest.golden deleted file mode 100644 index fde7857a2ebd8..0000000000000 --- a/agent/xds/testdata/endpoints/custom-upstream-with-prepared-query.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/custom-upstream.latest.golden b/agent/xds/testdata/endpoints/custom-upstream.latest.golden deleted file mode 100644 index c0d604ae53a7b..0000000000000 --- a/agent/xds/testdata/endpoints/custom-upstream.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "myservice", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/downstream-service-with-unix-sockets.latest.golden b/agent/xds/testdata/endpoints/downstream-service-with-unix-sockets.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/downstream-service-with-unix-sockets.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/expose-checks-grpc.latest.golden b/agent/xds/testdata/endpoints/expose-checks-grpc.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/expose-checks-grpc.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/expose-checks-http-with-bind-override.latest.golden b/agent/xds/testdata/endpoints/expose-checks-http-with-bind-override.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/expose-checks-http-with-bind-override.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/expose-checks-http.latest.golden b/agent/xds/testdata/endpoints/expose-checks-http.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/expose-checks-http.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/expose-checks.latest.golden b/agent/xds/testdata/endpoints/expose-checks.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/expose-checks.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/expose-paths-grpc-new-cluster-http1.latest.golden b/agent/xds/testdata/endpoints/expose-paths-grpc-new-cluster-http1.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/expose-paths-grpc-new-cluster-http1.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/expose-paths-local-app-paths.latest.golden b/agent/xds/testdata/endpoints/expose-paths-local-app-paths.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/expose-paths-local-app-paths.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/expose-paths-new-cluster-http2.latest.golden b/agent/xds/testdata/endpoints/expose-paths-new-cluster-http2.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/expose-paths-new-cluster-http2.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/grpc-public-listener.latest.golden b/agent/xds/testdata/endpoints/grpc-public-listener.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/grpc-public-listener.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/http-listener-with-timeouts.latest.golden b/agent/xds/testdata/endpoints/http-listener-with-timeouts.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/http-listener-with-timeouts.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/http-public-listener-no-xfcc.latest.golden b/agent/xds/testdata/endpoints/http-public-listener-no-xfcc.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/http-public-listener-no-xfcc.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/http-public-listener.latest.golden b/agent/xds/testdata/endpoints/http-public-listener.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/http-public-listener.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/http-upstream.latest.golden b/agent/xds/testdata/endpoints/http-upstream.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/http-upstream.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/http2-public-listener.latest.golden b/agent/xds/testdata/endpoints/http2-public-listener.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/http2-public-listener.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-config-entry-nil.latest.golden b/agent/xds/testdata/endpoints/ingress-config-entry-nil.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-config-entry-nil.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-defaults-no-chain.latest.golden b/agent/xds/testdata/endpoints/ingress-defaults-no-chain.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-defaults-no-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-gateway-bind-addrs.latest.golden b/agent/xds/testdata/endpoints/ingress-gateway-bind-addrs.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-gateway-bind-addrs.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden b/agent/xds/testdata/endpoints/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-gateway-with-tls-outgoing-max-version.latest.golden b/agent/xds/testdata/endpoints/ingress-gateway-with-tls-outgoing-max-version.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-gateway-with-tls-outgoing-max-version.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-gateway-with-tls-outgoing-min-version.latest.golden b/agent/xds/testdata/endpoints/ingress-gateway-with-tls-outgoing-min-version.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-gateway-with-tls-outgoing-min-version.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-grpc-multiple-services.latest.golden b/agent/xds/testdata/endpoints/ingress-grpc-multiple-services.latest.golden deleted file mode 100644 index 15a7d2b789ad4..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-grpc-multiple-services.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-http-multiple-services.latest.golden b/agent/xds/testdata/endpoints/ingress-http-multiple-services.latest.golden deleted file mode 100644 index a1b8a9153d0a7..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-http-multiple-services.latest.golden +++ /dev/null @@ -1,143 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "baz.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "qux.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-lb-in-resolver.latest.golden b/agent/xds/testdata/endpoints/ingress-lb-in-resolver.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-lb-in-resolver.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-chain-and-router-header-manip.latest.golden b/agent/xds/testdata/endpoints/ingress-with-chain-and-router-header-manip.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-chain-and-router-header-manip.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-chain-and-router.latest.golden b/agent/xds/testdata/endpoints/ingress-with-chain-and-router.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-chain-and-router.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-chain-and-splitter.latest.golden b/agent/xds/testdata/endpoints/ingress-with-chain-and-splitter.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-chain-and-splitter.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-defaults-passive-health-check.latest.golden b/agent/xds/testdata/endpoints/ingress-with-defaults-passive-health-check.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-defaults-passive-health-check.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-defaults-service-max-connections.latest.golden b/agent/xds/testdata/endpoints/ingress-with-defaults-service-max-connections.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-defaults-service-max-connections.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-grpc-router.latest.golden b/agent/xds/testdata/endpoints/ingress-with-grpc-router.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-grpc-router.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-grpc-single-tls-listener.latest.golden b/agent/xds/testdata/endpoints/ingress-with-grpc-single-tls-listener.latest.golden deleted file mode 100644 index c745542ee476f..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-grpc-single-tls-listener.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden b/agent/xds/testdata/endpoints/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden deleted file mode 100644 index c745542ee476f..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-http2-single-tls-listener.latest.golden b/agent/xds/testdata/endpoints/ingress-with-http2-single-tls-listener.latest.golden deleted file mode 100644 index c745542ee476f..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-http2-single-tls-listener.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-overwrite-defaults-passive-health-check.latest.golden b/agent/xds/testdata/endpoints/ingress-with-overwrite-defaults-passive-health-check.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-overwrite-defaults-passive-health-check.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-overwrite-defaults-service-max-connections.latest.golden b/agent/xds/testdata/endpoints/ingress-with-overwrite-defaults-service-max-connections.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-overwrite-defaults-service-max-connections.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-listener+service-level.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-listener+service-level.latest.golden deleted file mode 100644 index c745542ee476f..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-listener+service-level.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-listener-gw-level-http.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-listener-gw-level-http.latest.golden deleted file mode 100644 index 71594fbf1b4ec..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-listener-gw-level-http.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden deleted file mode 100644 index ccf0803dc0c1e..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "insecure.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "secure.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-listener-gw-level.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-listener-gw-level.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-listener-gw-level.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-listener-level-wildcard.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-listener-level-wildcard.latest.golden deleted file mode 100644 index 903ff9e17f3c5..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-listener-level-wildcard.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-listener-level.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-listener-level.latest.golden deleted file mode 100644 index 903ff9e17f3c5..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-listener-level.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-listener-listener-level.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-listener-listener-level.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-listener-listener-level.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-service-level-2.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-service-level-2.latest.golden deleted file mode 100644 index 903ff9e17f3c5..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-service-level-2.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-service-level-mixed-no-tls.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-service-level-mixed-no-tls.latest.golden deleted file mode 100644 index c745542ee476f..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-service-level-mixed-no-tls.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-service-level-mixed-tls.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-service-level-mixed-tls.latest.golden deleted file mode 100644 index 903ff9e17f3c5..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-service-level-mixed-tls.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-sds-service-level.latest.golden b/agent/xds/testdata/endpoints/ingress-with-sds-service-level.latest.golden deleted file mode 100644 index c745542ee476f..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-sds-service-level.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-service-max-connections.latest.golden b/agent/xds/testdata/endpoints/ingress-with-service-max-connections.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-service-max-connections.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-service-passive-health-check.latest.golden b/agent/xds/testdata/endpoints/ingress-with-service-passive-health-check.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-service-passive-health-check.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-single-tls-listener.latest.golden b/agent/xds/testdata/endpoints/ingress-with-single-tls-listener.latest.golden deleted file mode 100644 index c745542ee476f..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-single-tls-listener.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-tls-listener-cipher-suites.latest.golden b/agent/xds/testdata/endpoints/ingress-with-tls-listener-cipher-suites.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-tls-listener-cipher-suites.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-tls-listener-max-version.latest.golden b/agent/xds/testdata/endpoints/ingress-with-tls-listener-max-version.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-tls-listener-max-version.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-tls-listener-min-version.latest.golden b/agent/xds/testdata/endpoints/ingress-with-tls-listener-min-version.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-tls-listener-min-version.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-tls-listener.latest.golden b/agent/xds/testdata/endpoints/ingress-with-tls-listener.latest.golden deleted file mode 100644 index 2a1b29370b637..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-tls-listener.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden b/agent/xds/testdata/endpoints/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden deleted file mode 100644 index 29eb4029dd7e6..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden +++ /dev/null @@ -1,143 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s4.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden b/agent/xds/testdata/endpoints/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden deleted file mode 100644 index c745542ee476f..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-tls-mixed-listeners.latest.golden b/agent/xds/testdata/endpoints/ingress-with-tls-mixed-listeners.latest.golden deleted file mode 100644 index c745542ee476f..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-tls-mixed-listeners.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-tls-mixed-max-version-listeners.latest.golden b/agent/xds/testdata/endpoints/ingress-with-tls-mixed-max-version-listeners.latest.golden deleted file mode 100644 index e77e740023ae7..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-tls-mixed-max-version-listeners.latest.golden +++ /dev/null @@ -1,109 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-with-tls-mixed-min-version-listeners.latest.golden b/agent/xds/testdata/endpoints/ingress-with-tls-mixed-min-version-listeners.latest.golden deleted file mode 100644 index e77e740023ae7..0000000000000 --- a/agent/xds/testdata/endpoints/ingress-with-tls-mixed-min-version-listeners.latest.golden +++ /dev/null @@ -1,109 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/listener-balance-inbound-connections.latest.golden b/agent/xds/testdata/endpoints/listener-balance-inbound-connections.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/listener-balance-inbound-connections.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/listener-balance-outbound-connections-bind-port.latest.golden b/agent/xds/testdata/endpoints/listener-balance-outbound-connections-bind-port.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/listener-balance-outbound-connections-bind-port.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/listener-bind-address-port.latest.golden b/agent/xds/testdata/endpoints/listener-bind-address-port.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/listener-bind-address-port.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/listener-bind-address.latest.golden b/agent/xds/testdata/endpoints/listener-bind-address.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/listener-bind-address.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/listener-bind-port.latest.golden b/agent/xds/testdata/endpoints/listener-bind-port.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/listener-bind-port.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/listener-max-inbound-connections.latest.golden b/agent/xds/testdata/endpoints/listener-max-inbound-connections.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/listener-max-inbound-connections.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/listener-unix-domain-socket.latest.golden b/agent/xds/testdata/endpoints/listener-unix-domain-socket.latest.golden deleted file mode 100644 index b4372a3439e81..0000000000000 --- a/agent/xds/testdata/endpoints/listener-unix-domain-socket.latest.golden +++ /dev/null @@ -1,75 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/mesh-gateway-custom-addresses.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-custom-addresses.latest.golden deleted file mode 100644 index 4853c9dc932a1..0000000000000 --- a/agent/xds/testdata/endpoints/mesh-gateway-custom-addresses.latest.golden +++ /dev/null @@ -1,145 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.6", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.7", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.8", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.1", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.2", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.3", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.4", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.5", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.9", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/mesh-gateway-hash-lb-ignored.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-hash-lb-ignored.latest.golden deleted file mode 100644 index 8600551622112..0000000000000 --- a/agent/xds/testdata/endpoints/mesh-gateway-hash-lb-ignored.latest.golden +++ /dev/null @@ -1,159 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.6", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.7", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.8", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.1", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.2", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.3", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.4", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.5", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.9", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v1.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v2.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/mesh-gateway-ignore-extra-resolvers.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-ignore-extra-resolvers.latest.golden deleted file mode 100644 index 7b345547990ad..0000000000000 --- a/agent/xds/testdata/endpoints/mesh-gateway-ignore-extra-resolvers.latest.golden +++ /dev/null @@ -1,120 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.1", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.2", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.3", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.4", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.5", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.9", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v1.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v2.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/mesh-gateway-non-hash-lb-injected.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-non-hash-lb-injected.latest.golden deleted file mode 100644 index 8600551622112..0000000000000 --- a/agent/xds/testdata/endpoints/mesh-gateway-non-hash-lb-injected.latest.golden +++ /dev/null @@ -1,159 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.6", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.7", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.8", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.1", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.2", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.3", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.4", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.5", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.9", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v1.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v2.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/mesh-gateway-service-subsets.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-service-subsets.latest.golden index 8600551622112..f4e0c1e258b04 100644 --- a/agent/xds/testdata/endpoints/mesh-gateway-service-subsets.latest.golden +++ b/agent/xds/testdata/endpoints/mesh-gateway-service-subsets.latest.golden @@ -143,14 +143,124 @@ "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "clusterName": "v1.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "endpoints": [ - {} + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "172.16.1.6", + "portValue": 2222 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "172.16.1.7", + "portValue": 2222 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "v1.foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "172.16.1.3", + "portValue": 2222 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "172.16.1.4", + "portValue": 2222 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } ] }, { "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "clusterName": "v2.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", "endpoints": [ - {} + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "172.16.1.8", + "portValue": 2222 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "v2.foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "172.16.1.5", + "portValue": 2222 + } + } + }, + "healthStatus": "HEALTHY", + "loadBalancingWeight": 1 + }, + { + "endpoint": { + "address": { + "socketAddress": { + "address": "172.16.1.9", + "portValue": 2222 + } + } + }, + "healthStatus": "UNHEALTHY", + "loadBalancingWeight": 1 + } + ] + } ] } ], diff --git a/agent/xds/testdata/endpoints/mesh-gateway-service-subsets2.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-service-subsets2.latest.golden deleted file mode 100644 index f4e0c1e258b04..0000000000000 --- a/agent/xds/testdata/endpoints/mesh-gateway-service-subsets2.latest.golden +++ /dev/null @@ -1,269 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.6", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.7", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.8", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.1", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.2", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.3", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.4", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.5", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.9", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v1.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.6", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.7", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v1.foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.3", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.4", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v2.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.8", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v2.foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.5", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.9", - "portValue": 2222 - } - } - }, - "healthStatus": "UNHEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/mesh-gateway-service-timeouts.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-service-timeouts.latest.golden deleted file mode 100644 index 8600551622112..0000000000000 --- a/agent/xds/testdata/endpoints/mesh-gateway-service-timeouts.latest.golden +++ /dev/null @@ -1,159 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.6", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.7", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.8", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.1", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.2", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.3", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.4", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.5", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.9", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v1.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v2.bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/mesh-gateway-tagged-addresses.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-tagged-addresses.latest.golden deleted file mode 100644 index 4853c9dc932a1..0000000000000 --- a/agent/xds/testdata/endpoints/mesh-gateway-tagged-addresses.latest.golden +++ /dev/null @@ -1,145 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.6", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.7", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.8", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.1", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.2", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.3", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.4", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.5", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.9", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/mesh-gateway-tcp-keepalives.latest.golden b/agent/xds/testdata/endpoints/mesh-gateway-tcp-keepalives.latest.golden deleted file mode 100644 index 4853c9dc932a1..0000000000000 --- a/agent/xds/testdata/endpoints/mesh-gateway-tcp-keepalives.latest.golden +++ /dev/null @@ -1,145 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.6", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.7", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.8", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.1", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "198.18.1.2", - "portValue": 443 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.3", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.4", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.5", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "172.16.1.9", - "portValue": 2222 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-custom-and-tagged-addresses.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-custom-and-tagged-addresses.latest.golden deleted file mode 100644 index 0b67b10323e3f..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-custom-and-tagged-addresses.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-custom-trace-listener.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-custom-trace-listener.latest.golden deleted file mode 100644 index 0b67b10323e3f..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-custom-trace-listener.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-hostname-service-subsets.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-hostname-service-subsets.latest.golden deleted file mode 100644 index 0b67b10323e3f..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-hostname-service-subsets.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-http2-upstream-subsets.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-http2-upstream-subsets.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-http2-upstream-subsets.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-http2-upstream.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-http2-upstream.latest.golden deleted file mode 100644 index 96ee5c7094687..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-http2-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-ignore-extra-resolvers.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-ignore-extra-resolvers.latest.golden deleted file mode 100644 index 5663c47c82646..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-ignore-extra-resolvers.latest.golden +++ /dev/null @@ -1,28 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-lb-config-no-hash-policies.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-lb-config-no-hash-policies.latest.golden deleted file mode 100644 index 5663c47c82646..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-lb-config-no-hash-policies.latest.golden +++ /dev/null @@ -1,28 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-lb-config.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-lb-config.latest.golden deleted file mode 100644 index 5663c47c82646..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-lb-config.latest.golden +++ /dev/null @@ -1,28 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-no-api-cert.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-no-api-cert.latest.golden deleted file mode 100644 index 0b67b10323e3f..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-no-api-cert.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-sni.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-sni.latest.golden deleted file mode 100644 index 0b67b10323e3f..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-sni.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-tcp-keepalives.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-tcp-keepalives.latest.golden deleted file mode 100644 index 0b67b10323e3f..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-tcp-keepalives.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-with-peer-trust-bundle.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-with-peer-trust-bundle.latest.golden deleted file mode 100644 index 0b67b10323e3f..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-with-peer-trust-bundle.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden deleted file mode 100644 index 0b67b10323e3f..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-with-tls-incoming-max-version.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-with-tls-incoming-max-version.latest.golden deleted file mode 100644 index 0b67b10323e3f..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-with-tls-incoming-max-version.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/terminating-gateway-with-tls-incoming-min-version.latest.golden b/agent/xds/testdata/endpoints/terminating-gateway-with-tls-incoming-min-version.latest.golden deleted file mode 100644 index 0b67b10323e3f..0000000000000 --- a/agent/xds/testdata/endpoints/terminating-gateway-with-tls-incoming-min-version.latest.golden +++ /dev/null @@ -1,41 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/transparent-proxy-catalog-destinations-only.latest.golden b/agent/xds/testdata/endpoints/transparent-proxy-catalog-destinations-only.latest.golden deleted file mode 100644 index ebf0eb91d97e9..0000000000000 --- a/agent/xds/testdata/endpoints/transparent-proxy-catalog-destinations-only.latest.golden +++ /dev/null @@ -1,104 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "9.9.9.9", - "portValue": 9090 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "no-endpoints.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/transparent-proxy-dial-instances-directly.latest.golden b/agent/xds/testdata/endpoints/transparent-proxy-dial-instances-directly.latest.golden deleted file mode 100644 index 202693781ebd6..0000000000000 --- a/agent/xds/testdata/endpoints/transparent-proxy-dial-instances-directly.latest.golden +++ /dev/null @@ -1,131 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "9.9.9.9", - "portValue": 9092 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "mongo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.10.10", - "portValue": 27017 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.10.12", - "portValue": 27017 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/transparent-proxy-http-upstream.latest.golden b/agent/xds/testdata/endpoints/transparent-proxy-http-upstream.latest.golden deleted file mode 100644 index ebf0eb91d97e9..0000000000000 --- a/agent/xds/testdata/endpoints/transparent-proxy-http-upstream.latest.golden +++ /dev/null @@ -1,104 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "9.9.9.9", - "portValue": 9090 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "no-endpoints.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - {} - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/transparent-proxy-terminating-gateway.latest.golden b/agent/xds/testdata/endpoints/transparent-proxy-terminating-gateway.latest.golden deleted file mode 100644 index ce0d1b671c92e..0000000000000 --- a/agent/xds/testdata/endpoints/transparent-proxy-terminating-gateway.latest.golden +++ /dev/null @@ -1,119 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "9.9.9.9", - "portValue": 9090 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "9.9.9.9", - "portValue": 9090 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/transparent-proxy-with-resolver-redirect-upstream.latest.golden b/agent/xds/testdata/endpoints/transparent-proxy-with-resolver-redirect-upstream.latest.golden deleted file mode 100644 index 545759eaf5b48..0000000000000 --- a/agent/xds/testdata/endpoints/transparent-proxy-with-resolver-redirect-upstream.latest.golden +++ /dev/null @@ -1,63 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.10.1.1", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - }, - { - "endpoint": { - "address": { - "socketAddress": { - "address": "10.20.1.2", - "portValue": 8080 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "clusterName": "google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "9.9.9.9", - "portValue": 9090 - } - } - }, - "healthStatus": "HEALTHY", - "loadBalancingWeight": 1 - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/api-gateway-with-multiple-hostnames.latest.golden b/agent/xds/testdata/listeners/api-gateway-with-multiple-hostnames.latest.golden deleted file mode 100644 index 6469727f97989..0000000000000 --- a/agent/xds/testdata/listeners/api-gateway-with-multiple-hostnames.latest.golden +++ /dev/null @@ -1,54 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "8080" - }, - "statPrefix": "ingress_upstream_8080", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "http:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-lb-in-resolver.latest.golden b/agent/xds/testdata/listeners/connect-proxy-lb-in-resolver.latest.golden deleted file mode 100644 index 96c6814291eb7..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-lb-in-resolver.latest.golden +++ /dev/null @@ -1,137 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "db" - }, - "statPrefix": "upstream.db.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-resolver-with-lb.latest.golden b/agent/xds/testdata/listeners/connect-proxy-resolver-with-lb.latest.golden deleted file mode 100644 index 96c6814291eb7..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-resolver-with-lb.latest.golden +++ /dev/null @@ -1,137 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "db" - }, - "statPrefix": "upstream.db.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-route-to-lb-resolver.latest.golden b/agent/xds/testdata/listeners/connect-proxy-route-to-lb-resolver.latest.golden deleted file mode 100644 index 96c6814291eb7..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-route-to-lb-resolver.latest.golden +++ /dev/null @@ -1,137 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "db" - }, - "statPrefix": "upstream.db.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-splitter-overweight.latest.golden b/agent/xds/testdata/listeners/connect-proxy-splitter-overweight.latest.golden deleted file mode 100644 index 96c6814291eb7..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-splitter-overweight.latest.golden +++ /dev/null @@ -1,137 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "db" - }, - "statPrefix": "upstream.db.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-failover.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-failover.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-failover.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-router.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-router.latest.golden deleted file mode 100644 index 96c6814291eb7..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-router.latest.golden +++ /dev/null @@ -1,137 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "db" - }, - "statPrefix": "upstream.db.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-splitter.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain-and-splitter.latest.golden deleted file mode 100644 index 96c6814291eb7..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-chain-and-splitter.latest.golden +++ /dev/null @@ -1,137 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "db" - }, - "statPrefix": "upstream.db.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain-http2.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain-http2.latest.golden deleted file mode 100644 index 287fd5d69ae88..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-chain-http2.latest.golden +++ /dev/null @@ -1,152 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "http2ProtocolOptions": {}, - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "routeConfig": { - "name": "db", - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "db.default.default.dc1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - "statPrefix": "upstream.db.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-chain.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-chain.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-chain.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-default-chain-and-custom-cluster.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-default-chain-and-custom-cluster.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-default-chain-and-custom-cluster.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-grpc-router.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-grpc-router.latest.golden deleted file mode 100644 index bdfe7aa7bd6fa..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-grpc-router.latest.golden +++ /dev/null @@ -1,151 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "http2ProtocolOptions": {}, - "httpFilters": [ - { - "name": "envoy.filters.http.grpc_stats", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig", - "statsForAllMethods": true - } - }, - { - "name": "envoy.filters.http.grpc_http1_bridge", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config" - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "db" - }, - "statPrefix": "upstream.db.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden index 0254a224d513b..e543143959774 100644 --- a/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden +++ b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-local.latest.golden @@ -63,19 +63,179 @@ { "filters": [ { - "name": "envoy.filters.network.rbac", + "name": "envoy.filters.network.http_connection_manager", "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" + "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", + "forwardClientCertDetails": "APPEND_FORWARD", + "httpFilters": [ + { + "name": "envoy.filters.http.jwt_authn", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication", + "providers": { + "okta": { + "fromCookies": [ + "token" + ], + "fromParams": [ + "token" + ], + "localJwks": { + "inlineString": "hello world\n" + }, + "payloadInMetadata": "jwt_payload_okta" + } + }, + "rules": [ + { + "match": { + "prefix": "/" + }, + "requires": { + "requiresAny": { + "requirements": [ + { + "providerName": "okta" + }, + { + "allowMissingOrFailed": {} + } + ] + } + } + } + ] + } + }, + { + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": {} + } + }, + { + "name": "envoy.filters.http.header_to_metadata", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.header_to_metadata.v3.Config", + "requestRules": [ + { + "header": "x-forwarded-client-cert", + "onHeaderPresent": { + "key": "trust-domain", + "metadataNamespace": "consul", + "regexValueRewrite": { + "pattern": { + "googleRe2": {}, + "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" + }, + "substitution": "\\1" + } + } + }, + { + "header": "x-forwarded-client-cert", + "onHeaderPresent": { + "key": "partition", + "metadataNamespace": "consul", + "regexValueRewrite": { + "pattern": { + "googleRe2": {}, + "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" + }, + "substitution": "\\2" + } + } + }, + { + "header": "x-forwarded-client-cert", + "onHeaderPresent": { + "key": "namespace", + "metadataNamespace": "consul", + "regexValueRewrite": { + "pattern": { + "googleRe2": {}, + "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" + }, + "substitution": "\\3" + } + } + }, + { + "header": "x-forwarded-client-cert", + "onHeaderPresent": { + "key": "datacenter", + "metadataNamespace": "consul", + "regexValueRewrite": { + "pattern": { + "googleRe2": {}, + "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" + }, + "substitution": "\\4" + } + } + }, + { + "header": "x-forwarded-client-cert", + "onHeaderPresent": { + "key": "service", + "metadataNamespace": "consul", + "regexValueRewrite": { + "pattern": { + "googleRe2": {}, + "regex": ".*URI=spiffe://([^/]+.[^/]+)(?:/ap/([^/]+))?/ns/([^/]+)/dc/([^/]+)/svc/([^/;,]+).*" + }, + "substitution": "\\5" + } + } + } + ] + } + }, + { + "name": "envoy.filters.http.router", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" + } + } + ], + "routeConfig": { + "name": "public_listener", + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "public_listener", + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app" + } + } + ] + } + ] + }, + "setCurrentClientCertDetails": { + "cert": true, + "chain": true, + "dns": true, + "subject": true, + "uri": true + }, + "statPrefix": "public_listener", + "tracing": { + "randomSampling": {} + }, + "upgradeConfigs": [ + { + "upgradeType": "websocket" + } + ] } } ], @@ -84,6 +244,9 @@ "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", "commonTlsContext": { + "alpnProtocols": [ + "http/1.1" + ], "tlsCertificates": [ { "certificateChain": { diff --git a/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-max-version.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-max-version.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-max-version.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version.latest.golden b/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/connect-proxy-with-tls-outgoing-min-version.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/custom-limits-max-connections-only.latest.golden b/agent/xds/testdata/listeners/custom-limits-max-connections-only.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/custom-limits-max-connections-only.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/custom-limits-set-to-zero.latest.golden b/agent/xds/testdata/listeners/custom-limits-set-to-zero.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/custom-limits-set-to-zero.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/custom-limits.latest.golden b/agent/xds/testdata/listeners/custom-limits.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/custom-limits.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/custom-local-app.latest.golden b/agent/xds/testdata/listeners/custom-local-app.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/custom-local-app.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/custom-max-inbound-connections.latest.golden b/agent/xds/testdata/listeners/custom-max-inbound-connections.latest.golden deleted file mode 100644 index 7f5652c047382..0000000000000 --- a/agent/xds/testdata/listeners/custom-max-inbound-connections.latest.golden +++ /dev/null @@ -1,123 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.connection_limit", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit", - "maxConnections": "3456", - "statPrefix": "inbound_connection_limit" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden b/agent/xds/testdata/listeners/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/custom-passive-healthcheck.latest.golden b/agent/xds/testdata/listeners/custom-passive-healthcheck.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/custom-passive-healthcheck.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/custom-timeouts.latest.golden b/agent/xds/testdata/listeners/custom-timeouts.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/custom-timeouts.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/custom-upstream-default-chain.latest.golden b/agent/xds/testdata/listeners/custom-upstream-default-chain.latest.golden deleted file mode 100644 index 0254a224d513b..0000000000000 --- a/agent/xds/testdata/listeners/custom-upstream-default-chain.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 9999 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:9999", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden b/agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden index 41d2e0f4ff241..ca92cf2177a55 100644 --- a/agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden +++ b/agent/xds/testdata/listeners/custom-upstream-with-prepared-query.latest.golden @@ -5,8 +5,8 @@ "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "address": { "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 + "address": "11.11.11.11", + "portValue": 11111 } }, "filterChains": [ @@ -16,15 +16,14 @@ "name": "envoy.filters.network.tcp_proxy", "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_db" + "cluster": "random-cluster", + "statPrefix": "foo-stats" } } ] } ], - "name": "prepared_query:db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" + "name": "db:custom-upstream" }, { "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", @@ -38,48 +37,11 @@ { "filters": [ { - "name": "envoy.filters.network.http_connection_manager", + "name": "envoy.filters.network.tcp_proxy", "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "http2ProtocolOptions": {}, - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "routeConfig": { - "name": "prepared_query:geo-cache", - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "prepared_query:geo-cache", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - "statPrefix": "upstream.prepared_query_geo-cache", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", + "statPrefix": "upstream.prepared_query_geo-cache" } } ] diff --git a/agent/xds/testdata/listeners/custom-upstream.latest.golden b/agent/xds/testdata/listeners/custom-upstream.latest.golden index 0254a224d513b..ca92cf2177a55 100644 --- a/agent/xds/testdata/listeners/custom-upstream.latest.golden +++ b/agent/xds/testdata/listeners/custom-upstream.latest.golden @@ -5,8 +5,8 @@ "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", "address": { "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 + "address": "11.11.11.11", + "portValue": 11111 } }, "filterChains": [ @@ -16,15 +16,14 @@ "name": "envoy.filters.network.tcp_proxy", "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" + "cluster": "random-cluster", + "statPrefix": "foo-stats" } } ] } ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" + "name": "db:custom-upstream" }, { "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", diff --git a/agent/xds/testdata/listeners/downstream-service-with-unix-sockets.latest.golden b/agent/xds/testdata/listeners/downstream-service-with-unix-sockets.latest.golden deleted file mode 100644 index 78526457cc956..0000000000000 --- a/agent/xds/testdata/listeners/downstream-service-with-unix-sockets.latest.golden +++ /dev/null @@ -1,115 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:127.0.0.1:9191", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "127.10.10.10", - "portValue": 8181 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.prepared_query_geo-cache" - } - } - ] - } - ], - "name": "prepared_query:geo-cache:127.10.10.10:8181", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "0.0.0.0", - "portValue": 0 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:0.0.0.0:0", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/expose-checks.latest.golden b/agent/xds/testdata/listeners/expose-checks.latest.golden deleted file mode 100644 index 2299f061ddec7..0000000000000 --- a/agent/xds/testdata/listeners/expose-checks.latest.golden +++ /dev/null @@ -1,142 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 21500 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "sourcePrefixRanges": [ - { - "addressPrefix": "127.0.0.1", - "prefixLen": 8 - }, - { - "addressPrefix": "192.0.2.1", - "prefixLen": 32 - }, - { - "addressPrefix": "::1", - "prefixLen": 128 - } - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "routeConfig": { - "name": "exposed_path_filter_debug_21500", - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_filter_debug_21500", - "routes": [ - { - "match": { - "path": "/debug" - }, - "route": { - "cluster": "exposed_cluster_8181" - } - } - ] - } - ] - }, - "statPrefix": "exposed_path_filter_debug_21500", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "exposed_path_debug:1.2.3.4:21500", - "trafficDirection": "INBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "local_app", - "statPrefix": "public_listener" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:1.2.3.4:8080", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/expose-paths-grpc-new-cluster-http1.latest.golden b/agent/xds/testdata/listeners/expose-paths-grpc-new-cluster-http1.latest.golden deleted file mode 100644 index 90cb383d20c45..0000000000000 --- a/agent/xds/testdata/listeners/expose-paths-grpc-new-cluster-http1.latest.golden +++ /dev/null @@ -1,179 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 21500 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "routeConfig": { - "name": "exposed_path_filter_healthz_21500", - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_filter_healthz_21500", - "routes": [ - { - "match": { - "path": "/healthz" - }, - "route": { - "cluster": "exposed_cluster_8090" - } - } - ] - } - ] - }, - "statPrefix": "exposed_path_filter_healthz_21500", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "exposed_path_healthz:1.2.3.4:21500", - "trafficDirection": "INBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "http2ProtocolOptions": {}, - "httpFilters": [ - { - "name": "envoy.filters.http.grpc_stats", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig", - "statsForAllMethods": true - } - }, - { - "name": "envoy.filters.http.grpc_http1_bridge", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config" - } - }, - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "routeConfig": { - "name": "public_listener", - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app" - } - } - ] - } - ] - }, - "statPrefix": "public_listener", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "alpnProtocols": [ - "h2", - "http/1.1" - ], - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "name": "public_listener:1.2.3.4:8080", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-config-entry-nil.latest.golden b/agent/xds/testdata/listeners/ingress-config-entry-nil.latest.golden deleted file mode 100644 index 97cdec41ef13e..0000000000000 --- a/agent/xds/testdata/listeners/ingress-config-entry-nil.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-defaults-no-chain.latest.golden b/agent/xds/testdata/listeners/ingress-defaults-no-chain.latest.golden deleted file mode 100644 index 97cdec41ef13e..0000000000000 --- a/agent/xds/testdata/listeners/ingress-defaults-no-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden b/agent/xds/testdata/listeners/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-gateway-with-tls-outgoing-max-version.latest.golden b/agent/xds/testdata/listeners/ingress-gateway-with-tls-outgoing-max-version.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-gateway-with-tls-outgoing-max-version.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-gateway-with-tls-outgoing-min-version.latest.golden b/agent/xds/testdata/listeners/ingress-gateway-with-tls-outgoing-min-version.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-gateway-with-tls-outgoing-min-version.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-lb-in-resolver.latest.golden b/agent/xds/testdata/listeners/ingress-lb-in-resolver.latest.golden deleted file mode 100644 index 6469727f97989..0000000000000 --- a/agent/xds/testdata/listeners/ingress-lb-in-resolver.latest.golden +++ /dev/null @@ -1,54 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "8080" - }, - "statPrefix": "ingress_upstream_8080", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "http:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-multiple-listeners-duplicate-service.latest.golden b/agent/xds/testdata/listeners/ingress-multiple-listeners-duplicate-service.latest.golden deleted file mode 100644 index 63affa4498850..0000000000000 --- a/agent/xds/testdata/listeners/ingress-multiple-listeners-duplicate-service.latest.golden +++ /dev/null @@ -1,101 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 443 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "443" - }, - "statPrefix": "ingress_upstream_443", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "http:1.2.3.4:443", - "trafficDirection": "OUTBOUND" - }, - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "8080" - }, - "statPrefix": "ingress_upstream_8080", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "http:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-chain-and-failover-to-cluster-peer.latest.golden b/agent/xds/testdata/listeners/ingress-with-chain-and-failover-to-cluster-peer.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-chain-and-failover-to-cluster-peer.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-chain-and-failover.latest.golden b/agent/xds/testdata/listeners/ingress-with-chain-and-failover.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-chain-and-failover.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-chain-and-router-header-manip.latest.golden b/agent/xds/testdata/listeners/ingress-with-chain-and-router-header-manip.latest.golden deleted file mode 100644 index 6469727f97989..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-chain-and-router-header-manip.latest.golden +++ /dev/null @@ -1,54 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "8080" - }, - "statPrefix": "ingress_upstream_8080", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "http:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-chain-and-router.latest.golden b/agent/xds/testdata/listeners/ingress-with-chain-and-router.latest.golden deleted file mode 100644 index 6469727f97989..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-chain-and-router.latest.golden +++ /dev/null @@ -1,54 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "8080" - }, - "statPrefix": "ingress_upstream_8080", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "http:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-chain-and-splitter.latest.golden b/agent/xds/testdata/listeners/ingress-with-chain-and-splitter.latest.golden deleted file mode 100644 index 6469727f97989..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-chain-and-splitter.latest.golden +++ /dev/null @@ -1,54 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "8080" - }, - "statPrefix": "ingress_upstream_8080", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "http:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-chain.latest.golden b/agent/xds/testdata/listeners/ingress-with-chain.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-chain.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-defaults-passive-health-check.latest.golden b/agent/xds/testdata/listeners/ingress-with-defaults-passive-health-check.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-defaults-passive-health-check.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-defaults-service-max-connections.latest.golden b/agent/xds/testdata/listeners/ingress-with-defaults-service-max-connections.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-defaults-service-max-connections.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-grpc-router.latest.golden b/agent/xds/testdata/listeners/ingress-with-grpc-router.latest.golden deleted file mode 100644 index 6469727f97989..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-grpc-router.latest.golden +++ /dev/null @@ -1,54 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "8080" - }, - "statPrefix": "ingress_upstream_8080", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "name": "http:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-overwrite-defaults-passive-health-check.latest.golden b/agent/xds/testdata/listeners/ingress-with-overwrite-defaults-passive-health-check.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-overwrite-defaults-passive-health-check.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-overwrite-defaults-service-max-connections.latest.golden b/agent/xds/testdata/listeners/ingress-with-overwrite-defaults-service-max-connections.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-overwrite-defaults-service-max-connections.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener-level-wildcard.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener-level-wildcard.latest.golden deleted file mode 100644 index 309e66dc0ed4b..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-sds-listener-level-wildcard.latest.golden +++ /dev/null @@ -1,87 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "9191" - }, - "statPrefix": "ingress_upstream_9191", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "alpnProtocols": [ - "http/1.1" - ], - "tlsCertificateSdsSecretConfigs": [ - { - "name": "listener-cert", - "sdsConfig": { - "apiConfigSource": { - "apiType": "GRPC", - "grpcServices": [ - { - "envoyGrpc": { - "clusterName": "listener-cluster" - }, - "timeout": "5s" - } - ], - "transportApiVersion": "V3" - }, - "resourceApiVersion": "V3" - } - } - ], - "tlsParams": {} - }, - "requireClientCertificate": false - } - } - } - ], - "name": "http:1.2.3.4:9191", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-sds-listener-level.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-listener-level.latest.golden deleted file mode 100644 index 309e66dc0ed4b..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-sds-listener-level.latest.golden +++ /dev/null @@ -1,87 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "9191" - }, - "statPrefix": "ingress_upstream_9191", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "alpnProtocols": [ - "http/1.1" - ], - "tlsCertificateSdsSecretConfigs": [ - { - "name": "listener-cert", - "sdsConfig": { - "apiConfigSource": { - "apiType": "GRPC", - "grpcServices": [ - { - "envoyGrpc": { - "clusterName": "listener-cluster" - }, - "timeout": "5s" - } - ], - "transportApiVersion": "V3" - }, - "resourceApiVersion": "V3" - } - } - ], - "tlsParams": {} - }, - "requireClientCertificate": false - } - } - } - ], - "name": "http:1.2.3.4:9191", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-sds-service-level-2.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-service-level-2.latest.golden deleted file mode 100644 index db099e6b7d370..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-sds-service-level-2.latest.golden +++ /dev/null @@ -1,172 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "www.example.com" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "9191_web" - }, - "statPrefix": "ingress_upstream_9191_web", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "alpnProtocols": [ - "http/1.1" - ], - "tlsCertificateSdsSecretConfigs": [ - { - "name": "www-cert", - "sdsConfig": { - "apiConfigSource": { - "apiType": "GRPC", - "grpcServices": [ - { - "envoyGrpc": { - "clusterName": "web-cluster" - }, - "timeout": "5s" - } - ], - "transportApiVersion": "V3" - }, - "resourceApiVersion": "V3" - } - } - ], - "tlsParams": {} - }, - "requireClientCertificate": false - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "foo.example.com" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "9191_foo" - }, - "statPrefix": "ingress_upstream_9191_foo", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "alpnProtocols": [ - "http/1.1" - ], - "tlsCertificateSdsSecretConfigs": [ - { - "name": "foo-cert", - "sdsConfig": { - "apiConfigSource": { - "apiType": "GRPC", - "grpcServices": [ - { - "envoyGrpc": { - "clusterName": "foo-cluster" - }, - "timeout": "5s" - } - ], - "transportApiVersion": "V3" - }, - "resourceApiVersion": "V3" - } - } - ], - "tlsParams": {} - }, - "requireClientCertificate": false - } - } - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "http:1.2.3.4:9191", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-tls.latest.golden b/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-tls.latest.golden deleted file mode 100644 index dca1e584ae533..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-sds-service-level-mixed-tls.latest.golden +++ /dev/null @@ -1,134 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 9191 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "www.example.com" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "9191_web" - }, - "statPrefix": "ingress_upstream_9191_web", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "alpnProtocols": [ - "http/1.1" - ], - "tlsCertificateSdsSecretConfigs": [ - { - "name": "www-cert", - "sdsConfig": { - "apiConfigSource": { - "apiType": "GRPC", - "grpcServices": [ - { - "envoyGrpc": { - "clusterName": "web-cluster" - }, - "timeout": "5s" - } - ], - "transportApiVersion": "V3" - }, - "resourceApiVersion": "V3" - } - } - ], - "tlsParams": {} - }, - "requireClientCertificate": false - } - } - }, - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "httpFilters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "9191" - }, - "statPrefix": "ingress_upstream_9191", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "http:1.2.3.4:9191", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-service-max-connections.latest.golden b/agent/xds/testdata/listeners/ingress-with-service-max-connections.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-service-max-connections.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-service-passive-health-check.latest.golden b/agent/xds/testdata/listeners/ingress-with-service-passive-health-check.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-service-passive-health-check.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden b/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 068e01983c926..0000000000000 --- a/agent/xds/testdata/listeners/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,32 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8080 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ] - } - ], - "name": "db:1.2.3.4:8080", - "trafficDirection": "OUTBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/mesh-gateway-default-service-subset.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-default-service-subset.latest.golden deleted file mode 100644 index 3b77ccca9b996..0000000000000 --- a/agent/xds/testdata/listeners/mesh-gateway-default-service-subset.latest.golden +++ /dev/null @@ -1,96 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc2" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc4" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc6" - } - } - ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "mesh_gateway_local.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/mesh-gateway-hash-lb-ignored.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-hash-lb-ignored.latest.golden deleted file mode 100644 index 3b77ccca9b996..0000000000000 --- a/agent/xds/testdata/listeners/mesh-gateway-hash-lb-ignored.latest.golden +++ /dev/null @@ -1,96 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc2" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc4" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc6" - } - } - ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "mesh_gateway_local.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/mesh-gateway-ignore-extra-resolvers.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-ignore-extra-resolvers.latest.golden deleted file mode 100644 index 3b77ccca9b996..0000000000000 --- a/agent/xds/testdata/listeners/mesh-gateway-ignore-extra-resolvers.latest.golden +++ /dev/null @@ -1,96 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc2" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc4" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc6" - } - } - ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "mesh_gateway_local.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/mesh-gateway-newer-information-in-federation-states.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-newer-information-in-federation-states.latest.golden deleted file mode 100644 index 3b77ccca9b996..0000000000000 --- a/agent/xds/testdata/listeners/mesh-gateway-newer-information-in-federation-states.latest.golden +++ /dev/null @@ -1,96 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc2" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc4" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc6" - } - } - ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "mesh_gateway_local.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/mesh-gateway-non-hash-lb-injected.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-non-hash-lb-injected.latest.golden deleted file mode 100644 index 3b77ccca9b996..0000000000000 --- a/agent/xds/testdata/listeners/mesh-gateway-non-hash-lb-injected.latest.golden +++ /dev/null @@ -1,96 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc2" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc4" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc6" - } - } - ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "mesh_gateway_local.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/mesh-gateway-older-information-in-federation-states.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-older-information-in-federation-states.latest.golden deleted file mode 100644 index 3b77ccca9b996..0000000000000 --- a/agent/xds/testdata/listeners/mesh-gateway-older-information-in-federation-states.latest.golden +++ /dev/null @@ -1,96 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc2" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc4" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc6" - } - } - ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "mesh_gateway_local.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/mesh-gateway-service-subsets.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-service-subsets.latest.golden deleted file mode 100644 index 3b77ccca9b996..0000000000000 --- a/agent/xds/testdata/listeners/mesh-gateway-service-subsets.latest.golden +++ /dev/null @@ -1,96 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc2" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc4" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc6" - } - } - ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "mesh_gateway_local.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/mesh-gateway-service-subsets2.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-service-subsets2.latest.golden deleted file mode 100644 index 3b77ccca9b996..0000000000000 --- a/agent/xds/testdata/listeners/mesh-gateway-service-subsets2.latest.golden +++ /dev/null @@ -1,96 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc2" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc4" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc6" - } - } - ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "mesh_gateway_local.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/mesh-gateway-service-timeouts.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-service-timeouts.latest.golden deleted file mode 100644 index 3b77ccca9b996..0000000000000 --- a/agent/xds/testdata/listeners/mesh-gateway-service-timeouts.latest.golden +++ /dev/null @@ -1,96 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc2" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc4" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc6" - } - } - ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "mesh_gateway_local.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/mesh-gateway-tcp-keepalives.latest.golden b/agent/xds/testdata/listeners/mesh-gateway-tcp-keepalives.latest.golden deleted file mode 100644 index 3b77ccca9b996..0000000000000 --- a/agent/xds/testdata/listeners/mesh-gateway-tcp-keepalives.latest.golden +++ /dev/null @@ -1,96 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "*.dc2.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc2" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc4.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc4.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc4" - } - } - ] - }, - { - "filterChainMatch": { - "serverNames": [ - "*.dc6.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "dc6.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "mesh_gateway_remote.default.dc6" - } - } - ] - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "mesh_gateway_local.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-default-service-subset.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-default-service-subset.latest.golden deleted file mode 100644 index 7f77ee4de3f80..0000000000000 --- a/agent/xds/testdata/listeners/terminating-gateway-default-service-subset.latest.golden +++ /dev/null @@ -1,346 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.api.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.cache.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.web.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.web.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.web.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "terminating_gateway.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-hostname-service-subsets.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-hostname-service-subsets.latest.golden deleted file mode 100644 index 85a4720d732da..0000000000000 --- a/agent/xds/testdata/listeners/terminating-gateway-hostname-service-subsets.latest.golden +++ /dev/null @@ -1,462 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "alt.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "alt.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.api.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.api.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.cache.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "prod.cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "prod.cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.cache.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.web.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "terminating_gateway.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-http2-upstream-subsets.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-http2-upstream-subsets.latest.golden deleted file mode 100644 index 1e4dd317a7698..0000000000000 --- a/agent/xds/testdata/listeners/terminating-gateway-http2-upstream-subsets.latest.golden +++ /dev/null @@ -1,46 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "terminating_gateway.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-http2-upstream.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-http2-upstream.latest.golden deleted file mode 100644 index 1e4dd317a7698..0000000000000 --- a/agent/xds/testdata/listeners/terminating-gateway-http2-upstream.latest.golden +++ /dev/null @@ -1,46 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "terminating_gateway.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-ignore-extra-resolvers.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-ignore-extra-resolvers.latest.golden deleted file mode 100644 index a508e82d51595..0000000000000 --- a/agent/xds/testdata/listeners/terminating-gateway-ignore-extra-resolvers.latest.golden +++ /dev/null @@ -1,433 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.api.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.cache.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.web.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.web.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.web.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "terminating_gateway.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-lb-config-no-hash-policies.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-lb-config-no-hash-policies.latest.golden deleted file mode 100644 index a508e82d51595..0000000000000 --- a/agent/xds/testdata/listeners/terminating-gateway-lb-config-no-hash-policies.latest.golden +++ /dev/null @@ -1,433 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.api.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.cache.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.web.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.web.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.web.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "terminating_gateway.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-lb-config.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-lb-config.latest.golden deleted file mode 100644 index a508e82d51595..0000000000000 --- a/agent/xds/testdata/listeners/terminating-gateway-lb-config.latest.golden +++ /dev/null @@ -1,433 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.api.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.cache.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.web.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.web.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "forwardClientCertDetails": "APPEND_FORWARD", - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "rds": { - "configSource": { - "ads": {}, - "resourceApiVersion": "V3" - }, - "routeConfigName": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - }, - "setCurrentClientCertDetails": { - "cert": true, - "chain": true, - "dns": true, - "subject": true, - "uri": true - }, - "statPrefix": "upstream.web.default.default.dc1", - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "terminating_gateway.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden index 61c0f6e3b98d4..a508e82d51595 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-service-subsets.latest.golden @@ -160,56 +160,6 @@ } } }, - { - "filterChainMatch": { - "serverNames": [ - "prod.cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "prod.cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.cache.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, { "filterChainMatch": { "serverNames": [ diff --git a/agent/xds/testdata/listeners/terminating-gateway-sni.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-sni.latest.golden deleted file mode 100644 index 45ad9d29a0958..0000000000000 --- a/agent/xds/testdata/listeners/terminating-gateway-sni.latest.golden +++ /dev/null @@ -1,246 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.api.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.cache.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.web.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "terminating_gateway.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/terminating-gateway-tcp-keepalives.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-tcp-keepalives.latest.golden deleted file mode 100644 index 45ad9d29a0958..0000000000000 --- a/agent/xds/testdata/listeners/terminating-gateway-tcp-keepalives.latest.golden +++ /dev/null @@ -1,246 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "address": { - "socketAddress": { - "address": "1.2.3.4", - "portValue": 8443 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "serverNames": [ - "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.api.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkKgAwIBAgIRAJrvEdaRAkSltrotd/l/j2cwCgYIKoZIzj0EAwIwgbgx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjE/MD0GA1UEAxM2Q29uc3VsIEFnZW50IENB\nIDk2NjM4NzM1MDkzNTU5NTIwNDk3MTQwOTU3MDY1MTc0OTg3NDMxMB4XDTIwMDQx\nNDIyMzE1MloXDTIxMDQxNDIyMzE1MlowHDEaMBgGA1UEAxMRc2VydmVyLmRjMS5j\nb25zdWwwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ4v0FoIYI0OWmxE2MR6w5l\n0pWGhc02RpsOPj/6RS1fmXMMu7JzPzwCmkGcR16RlwwhNFKCZsWpvAjVRHf/pTp+\no4HHMIHEMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB\nBQUHAwIwDAYDVR0TAQH/BAIwADApBgNVHQ4EIgQgk7kABFitAy3PluyNtmzYiC7H\njSN8W/K/OXNJQAQAscMwKwYDVR0jBCQwIoAgNKbPPepvRHXSAPTc+a/BXBzFX1qJ\ny+Zi7qtjlFX7qtUwLQYDVR0RBCYwJIIRc2VydmVyLmRjMS5jb25zdWyCCWxvY2Fs\naG9zdIcEfwAAATAKBggqhkjOPQQDAgNJADBGAiEAhP4HmN5BWysWTbQWClXaWUah\nLpBGFrvc/2cCQuyEZKsCIQD6JyYCYMArtWwZ4G499zktxrFlqfX14bqyONrxtA5I\nDw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIE3KbKXHdsa0vvC1fysQaGdoJRgjRALIolI4XJanie+coAoGCCqGSM49\nAwEHoUQDQgAEOL9BaCGCNDlpsRNjEesOZdKVhoXNNkabDj4/+kUtX5lzDLuycz88\nAppBnEdekZcMITRSgmbFqbwI1UR3/6U6fg==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.cache.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICmjCCAkGgAwIBAgIQe1ZmC0rzRwer6jaH1YIUIjAKBggqhkjOPQQDAjCBuDEL\nMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2Nv\nMRowGAYDVQQJExExMDEgU2Vjb25kIFN0cmVldDEOMAwGA1UEERMFOTQxMDUxFzAV\nBgNVBAoTDkhhc2hpQ29ycCBJbmMuMT8wPQYDVQQDEzZDb25zdWwgQWdlbnQgQ0Eg\nODE5ODAwNjg0MDM0MTM3ODkyNDYxNTA1MDk0NDU3OTU1MTQxNjEwHhcNMjAwNjE5\nMTU1MjAzWhcNMjEwNjE5MTU1MjAzWjAcMRowGAYDVQQDExFzZXJ2ZXIuZGMxLmNv\nbnN1bDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABH2aWaaa3fpQLBayheHiKlrH\n+z53m0frfGknKjOhOPVYDVHV8x0OE01negswVQbKHAtxPf1M8Zy+WbI9rK7Ua1mj\ngccwgcQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF\nBQcDAjAMBgNVHRMBAf8EAjAAMCkGA1UdDgQiBCDf9CPBSUwwZvpeW73oJLTmgQE2\ntW1NKpL5t1uq9WFcqDArBgNVHSMEJDAigCCPPd/NxgZB0tq2M8pdVpPj3Cr79iTv\ni4/T1ysodfMb7zAtBgNVHREEJjAkghFzZXJ2ZXIuZGMxLmNvbnN1bIIJbG9jYWxo\nb3N0hwR/AAABMAoGCCqGSM49BAMCA0cAMEQCIFCjFZAoXq0s2ied2eIBv0i1KoW5\nIhCylnKFt6iHkyDeAiBBCByTcjHRgEQmqyPojQKoO584EFiczTub9aWdnf9tEw==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEINsen3S8xzxMrKcRZIvxXzhKDn43Tw9ttqWEFU9TqS5hoAoGCCqGSM49\nAwEHoUQDQgAEfZpZpprd+lAsFrKF4eIqWsf7PnebR+t8aScqM6E49VgNUdXzHQ4T\nTWd6CzBVBsocC3E9/UzxnL5Zsj2srtRrWQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.db.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICnTCCAkOgAwIBAgIRAKF+qDJbaOULNL1TIatrsBowCgYIKoZIzj0EAwIwgbkx\nCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj\nbzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw\nFQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB\nIDE4Nzg3MDAwNjUzMDcxOTYzNTk1ODkwNTE1ODY1NjEzMDA2MTU0NDAeFw0yMDA2\nMTkxNTMxMzRaFw0yMTA2MTkxNTMxMzRaMBwxGjAYBgNVBAMTEXNlcnZlci5kYzEu\nY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEdQ8Igci5f7ZvvCVsxXt9\ntLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZbz/82EwPoS7Dqo3LTK4IuelOimoNNxuk\nkaOBxzCBxDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG\nAQUFBwMCMAwGA1UdEwEB/wQCMAAwKQYDVR0OBCIEILzTLkfJcdWQnTMKUcai/YJq\n0RqH1pjCqtY7SOU4gGOTMCsGA1UdIwQkMCKAIMa2vNcTEC5AGfHIYARJ/4sodX0o\nLzCj3lpw7BcEzPTcMC0GA1UdEQQmMCSCEXNlcnZlci5kYzEuY29uc3Vsgglsb2Nh\nbGhvc3SHBH8AAAEwCgYIKoZIzj0EAwIDSAAwRQIgBZ/Z4GSLEc98WvT/qjTVCNTG\n1WNaAaesVbkRx+J0yl8CIQDAVoqY9ByA5vKHjnQrxWlc/JUtJz8wudg7e/OCRriP\nSg==\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIN1v14FaNxgY4MgjDOOWthen8dgwB0lNMs9/j2TfrnxzoAoGCCqGSM49\nAwEHoUQDQgAEdQ8Igci5f7ZvvCVsxXt9tLfvczD+60XHg0OC0+Aka7ZjQfbEjQwZ\nbz/82EwPoS7Dqo3LTK4IuelOimoNNxukkQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "serverNames": [ - "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "statPrefix": "upstream.web.default.default.dc1" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICjDCCAjKgAwIBAgIIC5llxGV1gB8wCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowDjEMMAoG\nA1UEAxMDd2ViMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEADPv1RHVNRfa2VKR\nAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Favq5E0ivpNtv1QnFhxtPd7d5k4e+T7\nSkW1TaOCAXIwggFuMA4GA1UdDwEB/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcD\nAgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADBoBgNVHQ4EYQRfN2Q6MDc6ODc6M2E6\nNDA6MTk6NDc6YzM6NWE6YzA6YmE6NjI6ZGY6YWY6NGI6ZDQ6MDU6MjU6NzY6M2Q6\nNWE6OGQ6MTY6OGQ6Njc6NWU6MmU6YTA6MzQ6N2Q6ZGM6ZmYwagYDVR0jBGMwYYBf\nZDE6MTE6MTE6YWM6MmE6YmE6OTc6YjI6M2Y6YWM6N2I6YmQ6ZGE6YmU6YjE6OGE6\nZmM6OWE6YmE6YjU6YmM6ODM6ZTc6NWU6NDE6NmY6ZjI6NzM6OTU6NTg6MGM6ZGIw\nWQYDVR0RBFIwUIZOc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9ucy9kZWZhdWx0L2RjL2RjMS9zdmMvd2ViMAoGCCqG\nSM49BAMCA0gAMEUCIGC3TTvvjj76KMrguVyFf4tjOqaSCRie3nmHMRNNRav7AiEA\npY0heYeK9A6iOLrzqxSerkXXQyj5e9bE4VgUnxgPU6g=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIMoTkpRggp3fqZzFKh82yS4LjtJI+XY+qX/7DefHFrtdoAoGCCqGSM49\nAwEHoUQDQgAEADPv1RHVNRfa2VKRAB16b6rZnEt7tuhaxCFpQXPj7M2omb0B9Fav\nq5E0ivpNtv1QnFhxtPd7d5k4e+T7SkW1TQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "tlsParams": {}, - "validationContext": { - "trustedCa": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" - } - } - }, - "requireClientCertificate": true - } - } - }, - { - "filters": [ - { - "name": "envoy.filters.network.sni_cluster", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.sni_cluster.v3.SniCluster" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "cluster": "", - "statPrefix": "terminating_gateway.default" - } - } - ] - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "name": "default:1.2.3.4:8443", - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/access-logs-defaults.latest.golden b/agent/xds/testdata/routes/access-logs-defaults.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/access-logs-defaults.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/access-logs-json-file.latest.golden b/agent/xds/testdata/routes/access-logs-json-file.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/access-logs-json-file.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/access-logs-text-stderr-disablelistenerlogs.latest.golden b/agent/xds/testdata/routes/access-logs-text-stderr-disablelistenerlogs.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/access-logs-text-stderr-disablelistenerlogs.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/api-gateway-http-listener-with-http-route.latest.golden b/agent/xds/testdata/routes/api-gateway-http-listener-with-http-route.latest.golden deleted file mode 100644 index 3409e2f0dabc2..0000000000000 --- a/agent/xds/testdata/routes/api-gateway-http-listener-with-http-route.latest.golden +++ /dev/null @@ -1,31 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*", - "*:8080" - ], - "name": "api-gateway-listener-9b9265b", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "http-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/api-gateway-http-listener.latest.golden b/agent/xds/testdata/routes/api-gateway-http-listener.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/api-gateway-http-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/api-gateway-nil-config-entry.latest.golden b/agent/xds/testdata/routes/api-gateway-nil-config-entry.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/api-gateway-nil-config-entry.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden b/agent/xds/testdata/routes/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden deleted file mode 100644 index 9a3033d238161..0000000000000 --- a/agent/xds/testdata/routes/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden +++ /dev/null @@ -1,31 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8081", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*", - "*:8081" - ], - "name": "api-gateway-listener-http-9b9265b", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "http-service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/api-gateway-tcp-listener-with-tcp-route.latest.golden b/agent/xds/testdata/routes/api-gateway-tcp-listener-with-tcp-route.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/api-gateway-tcp-listener-with-tcp-route.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/api-gateway-tcp-listener.latest.golden b/agent/xds/testdata/routes/api-gateway-tcp-listener.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/api-gateway-tcp-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/api-gateway.latest.golden b/agent/xds/testdata/routes/api-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/api-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-upstream-defaults.latest.golden b/agent/xds/testdata/routes/connect-proxy-upstream-defaults.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-upstream-defaults.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-and-failover-to-cluster-peer.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-and-failover-to-cluster-peer.latest.golden index 8b919343d21a9..9a73db46e0d6e 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-chain-and-failover-to-cluster-peer.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-chain-and-failover-to-cluster-peer.latest.golden @@ -1,5 +1,31 @@ { "nonce": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "validateClusters": true, + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "db", + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "33s" + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "versionInfo": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-and-failover.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-and-failover.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-chain-and-failover.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-and-redirect-to-cluster-peer.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-and-redirect-to-cluster-peer.latest.golden index 8b919343d21a9..b5da244e3e67f 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-chain-and-redirect-to-cluster-peer.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-chain-and-redirect-to-cluster-peer.latest.golden @@ -1,5 +1,31 @@ { "nonce": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "validateClusters": true, + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "db", + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "db.default.cluster-01.external.peer1.domain", + "timeout": "33s" + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "versionInfo": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-external-sni.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-external-sni.latest.golden index 8b919343d21a9..9a73db46e0d6e 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-chain-external-sni.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-chain-external-sni.latest.golden @@ -1,5 +1,31 @@ { "nonce": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "validateClusters": true, + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "db", + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "33s" + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "versionInfo": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-http2.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-http2.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-chain-http2.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-chain.latest.golden index 8b919343d21a9..9a73db46e0d6e 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-chain.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-chain.latest.golden @@ -1,5 +1,31 @@ { "nonce": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "validateClusters": true, + "virtualHosts": [ + { + "domains": [ + "*" + ], + "name": "db", + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "33s" + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "versionInfo": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-default-chain-and-custom-cluster.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-default-chain-and-custom-cluster.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-default-chain-and-custom-cluster.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-grpc-chain.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-grpc-chain.latest.golden deleted file mode 100644 index 9a73db46e0d6e..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-grpc-chain.latest.golden +++ /dev/null @@ -1,31 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "db", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "33s" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-http-chain.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-http-chain.latest.golden deleted file mode 100644 index 9a73db46e0d6e..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-http-chain.latest.golden +++ /dev/null @@ -1,31 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "db", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "33s" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-http2-chain.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-http2-chain.latest.golden deleted file mode 100644 index 9a73db46e0d6e..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-http2-chain.latest.golden +++ /dev/null @@ -1,31 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "db", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "33s" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-local.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-local.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tcp-chain.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tcp-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tls-incoming-cipher-suites.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tls-incoming-cipher-suites.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tls-incoming-cipher-suites.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tls-incoming-max-version.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tls-incoming-max-version.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tls-incoming-max-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tls-incoming-min-version.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tls-incoming-min-version.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tls-incoming-min-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-max-version.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-max-version.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-max-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-min-version.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-min-version.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tls-outgoing-min-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/routes/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-limits-max-connections-only.latest.golden b/agent/xds/testdata/routes/custom-limits-max-connections-only.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-limits-max-connections-only.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-limits-set-to-zero.latest.golden b/agent/xds/testdata/routes/custom-limits-set-to-zero.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-limits-set-to-zero.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-limits.latest.golden b/agent/xds/testdata/routes/custom-limits.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-limits.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-local-app.latest.golden b/agent/xds/testdata/routes/custom-local-app.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-local-app.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-max-inbound-connections.latest.golden b/agent/xds/testdata/routes/custom-max-inbound-connections.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-max-inbound-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden b/agent/xds/testdata/routes/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-passive-healthcheck.latest.golden b/agent/xds/testdata/routes/custom-passive-healthcheck.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-passive-healthcheck.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-public-listener-http-2.latest.golden b/agent/xds/testdata/routes/custom-public-listener-http-2.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-public-listener-http-2.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-public-listener-http-missing.latest.golden b/agent/xds/testdata/routes/custom-public-listener-http-missing.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-public-listener-http-missing.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-public-listener-http.latest.golden b/agent/xds/testdata/routes/custom-public-listener-http.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-public-listener-http.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-public-listener.latest.golden b/agent/xds/testdata/routes/custom-public-listener.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-public-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-timeouts.latest.golden b/agent/xds/testdata/routes/custom-timeouts.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-timeouts.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-trace-listener.latest.golden b/agent/xds/testdata/routes/custom-trace-listener.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-trace-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-upstream-default-chain.latest.golden b/agent/xds/testdata/routes/custom-upstream-default-chain.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-upstream-default-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-upstream-ignored-with-disco-chain.latest.golden b/agent/xds/testdata/routes/custom-upstream-ignored-with-disco-chain.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-upstream-ignored-with-disco-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-upstream-with-prepared-query.latest.golden b/agent/xds/testdata/routes/custom-upstream-with-prepared-query.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-upstream-with-prepared-query.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/custom-upstream.latest.golden b/agent/xds/testdata/routes/custom-upstream.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/custom-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/downstream-service-with-unix-sockets.latest.golden b/agent/xds/testdata/routes/downstream-service-with-unix-sockets.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/downstream-service-with-unix-sockets.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/expose-checks-grpc.latest.golden b/agent/xds/testdata/routes/expose-checks-grpc.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/expose-checks-grpc.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/expose-checks-http-with-bind-override.latest.golden b/agent/xds/testdata/routes/expose-checks-http-with-bind-override.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/expose-checks-http-with-bind-override.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/expose-checks-http.latest.golden b/agent/xds/testdata/routes/expose-checks-http.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/expose-checks-http.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/expose-checks.latest.golden b/agent/xds/testdata/routes/expose-checks.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/expose-checks.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/expose-paths-grpc-new-cluster-http1.latest.golden b/agent/xds/testdata/routes/expose-paths-grpc-new-cluster-http1.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/expose-paths-grpc-new-cluster-http1.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/expose-paths-local-app-paths.latest.golden b/agent/xds/testdata/routes/expose-paths-local-app-paths.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/expose-paths-local-app-paths.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/expose-paths-new-cluster-http2.latest.golden b/agent/xds/testdata/routes/expose-paths-new-cluster-http2.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/expose-paths-new-cluster-http2.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/grpc-public-listener.latest.golden b/agent/xds/testdata/routes/grpc-public-listener.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/grpc-public-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/http-listener-with-timeouts.latest.golden b/agent/xds/testdata/routes/http-listener-with-timeouts.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/http-listener-with-timeouts.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/http-public-listener-no-xfcc.latest.golden b/agent/xds/testdata/routes/http-public-listener-no-xfcc.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/http-public-listener-no-xfcc.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/http-public-listener.latest.golden b/agent/xds/testdata/routes/http-public-listener.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/http-public-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/http-upstream.latest.golden b/agent/xds/testdata/routes/http-upstream.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/http-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/http2-public-listener.latest.golden b/agent/xds/testdata/routes/http2-public-listener.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/http2-public-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-gateway-bind-addrs.latest.golden b/agent/xds/testdata/routes/ingress-gateway-bind-addrs.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-gateway-bind-addrs.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-gateway-nil-config-entry.latest.golden b/agent/xds/testdata/routes/ingress-gateway-nil-config-entry.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-gateway-nil-config-entry.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-gateway-no-services.latest.golden b/agent/xds/testdata/routes/ingress-gateway-no-services.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-gateway-no-services.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden b/agent/xds/testdata/routes/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-gateway-with-tls-outgoing-max-version.latest.golden b/agent/xds/testdata/routes/ingress-gateway-with-tls-outgoing-max-version.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-gateway-with-tls-outgoing-max-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-gateway-with-tls-outgoing-min-version.latest.golden b/agent/xds/testdata/routes/ingress-gateway-with-tls-outgoing-min-version.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-gateway-with-tls-outgoing-min-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-gateway.latest.golden b/agent/xds/testdata/routes/ingress-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-multiple-listeners-duplicate-service.latest.golden b/agent/xds/testdata/routes/ingress-multiple-listeners-duplicate-service.latest.golden deleted file mode 100644 index cb29b2bdabd18..0000000000000 --- a/agent/xds/testdata/routes/ingress-multiple-listeners-duplicate-service.latest.golden +++ /dev/null @@ -1,72 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "443", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "foo.ingress.*", - "foo.ingress.*:443" - ], - "name": "foo", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "foo.ingress.*", - "foo.ingress.*:8080" - ], - "name": "foo", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - }, - { - "domains": [ - "bar.ingress.*", - "bar.ingress.*:8080" - ], - "name": "bar", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-chain-and-failover-to-cluster-peer.latest.golden b/agent/xds/testdata/routes/ingress-with-chain-and-failover-to-cluster-peer.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-chain-and-failover-to-cluster-peer.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-chain-and-failover.latest.golden b/agent/xds/testdata/routes/ingress-with-chain-and-failover.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-chain-and-failover.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-defaults-passive-health-check.latest.golden b/agent/xds/testdata/routes/ingress-with-defaults-passive-health-check.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-defaults-passive-health-check.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-defaults-service-max-connections.latest.golden b/agent/xds/testdata/routes/ingress-with-defaults-service-max-connections.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-defaults-service-max-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-grpc-single-tls-listener.latest.golden b/agent/xds/testdata/routes/ingress-with-grpc-single-tls-listener.latest.golden deleted file mode 100644 index a5fd13c151256..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-grpc-single-tls-listener.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8081", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:8081" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden b/agent/xds/testdata/routes/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden deleted file mode 100644 index a5fd13c151256..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8081", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:8081" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-http2-single-tls-listener.latest.golden b/agent/xds/testdata/routes/ingress-with-http2-single-tls-listener.latest.golden deleted file mode 100644 index a5fd13c151256..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-http2-single-tls-listener.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8081", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:8081" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-overwrite-defaults-passive-health-check.latest.golden b/agent/xds/testdata/routes/ingress-with-overwrite-defaults-passive-health-check.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-overwrite-defaults-passive-health-check.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-overwrite-defaults-service-max-connections.latest.golden b/agent/xds/testdata/routes/ingress-with-overwrite-defaults-service-max-connections.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-overwrite-defaults-service-max-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-sds-listener+service-level.latest.golden b/agent/xds/testdata/routes/ingress-with-sds-listener+service-level.latest.golden deleted file mode 100644 index de35eeddfdd7c..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-sds-listener+service-level.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:8080" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080_s1", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-sds-listener-gw-level-http.latest.golden b/agent/xds/testdata/routes/ingress-with-sds-listener-gw-level-http.latest.golden deleted file mode 100644 index 70dcd591060de..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-sds-listener-gw-level-http.latest.golden +++ /dev/null @@ -1,31 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "http.ingress.*", - "http.ingress.*:8080" - ], - "name": "http", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden b/agent/xds/testdata/routes/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-sds-listener-gw-level.latest.golden b/agent/xds/testdata/routes/ingress-with-sds-listener-gw-level.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-sds-listener-gw-level.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-sds-listener-listener-level.latest.golden b/agent/xds/testdata/routes/ingress-with-sds-listener-listener-level.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-sds-listener-listener-level.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-sds-service-level-2.latest.golden b/agent/xds/testdata/routes/ingress-with-sds-service-level-2.latest.golden deleted file mode 100644 index 48d9d7b774439..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-sds-service-level-2.latest.golden +++ /dev/null @@ -1,57 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "9191_foo", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "foo.example.com", - "foo.example.com:9191" - ], - "name": "foo", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "22s" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "9191_web", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "www.example.com", - "www.example.com:9191" - ], - "name": "web", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "22s" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-sds-service-level-mixed-no-tls.latest.golden b/agent/xds/testdata/routes/ingress-with-sds-service-level-mixed-no-tls.latest.golden deleted file mode 100644 index de35eeddfdd7c..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-sds-service-level-mixed-no-tls.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:8080" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080_s1", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-sds-service-level.latest.golden b/agent/xds/testdata/routes/ingress-with-sds-service-level.latest.golden index be0cb1f2a4a50..48d9d7b774439 100644 --- a/agent/xds/testdata/routes/ingress-with-sds-service-level.latest.golden +++ b/agent/xds/testdata/routes/ingress-with-sds-service-level.latest.golden @@ -3,22 +3,23 @@ "resources": [ { "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080_s1", + "name": "9191_foo", "validateClusters": true, "virtualHosts": [ { "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" + "foo.example.com", + "foo.example.com:9191" ], - "name": "s1", + "name": "foo", "routes": [ { "match": { "prefix": "/" }, "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "cluster": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "22s" } } ] @@ -27,22 +28,23 @@ }, { "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080_s2", + "name": "9191_web", "validateClusters": true, "virtualHosts": [ { "domains": [ - "s2.ingress.*", - "s2.ingress.*:8080" + "www.example.com", + "www.example.com:9191" ], - "name": "s2", + "name": "web", "routes": [ { "match": { "prefix": "/" }, "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "22s" } } ] diff --git a/agent/xds/testdata/routes/ingress-with-service-max-connections.latest.golden b/agent/xds/testdata/routes/ingress-with-service-max-connections.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-service-max-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-service-passive-health-check.latest.golden b/agent/xds/testdata/routes/ingress-with-service-passive-health-check.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-service-passive-health-check.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-single-tls-listener.latest.golden b/agent/xds/testdata/routes/ingress-with-single-tls-listener.latest.golden deleted file mode 100644 index a5fd13c151256..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-single-tls-listener.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8081", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:8081" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden b/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden b/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tls-listener-cipher-suites.latest.golden b/agent/xds/testdata/routes/ingress-with-tls-listener-cipher-suites.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tls-listener-cipher-suites.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tls-listener-max-version.latest.golden b/agent/xds/testdata/routes/ingress-with-tls-listener-max-version.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tls-listener-max-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tls-listener-min-version.latest.golden b/agent/xds/testdata/routes/ingress-with-tls-listener-min-version.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tls-listener-min-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tls-listener.latest.golden b/agent/xds/testdata/routes/ingress-with-tls-listener.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tls-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden b/agent/xds/testdata/routes/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden deleted file mode 100644 index 8dd74e7de7147..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden +++ /dev/null @@ -1,127 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8081", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:8081" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8082", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s3.ingress.*", - "s3.ingress.*:8082" - ], - "name": "s3", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8083", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s4.ingress.*", - "s4.ingress.*:8083" - ], - "name": "s4", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s4.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8084", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s4.ingress.*", - "s4.ingress.*:8084" - ], - "name": "s4", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s4.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden b/agent/xds/testdata/routes/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden deleted file mode 100644 index a5fd13c151256..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8081", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:8081" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tls-mixed-listeners.latest.golden b/agent/xds/testdata/routes/ingress-with-tls-mixed-listeners.latest.golden deleted file mode 100644 index 78f110c770367..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tls-mixed-listeners.latest.golden +++ /dev/null @@ -1,55 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "9090", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:9090" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tls-mixed-max-version-listeners.latest.golden b/agent/xds/testdata/routes/ingress-with-tls-mixed-max-version-listeners.latest.golden deleted file mode 100644 index 977c827264b28..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tls-mixed-max-version-listeners.latest.golden +++ /dev/null @@ -1,79 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8081", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:8081" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8082", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s3.ingress.*", - "s3.ingress.*:8082" - ], - "name": "s3", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-tls-mixed-min-version-listeners.latest.golden b/agent/xds/testdata/routes/ingress-with-tls-mixed-min-version-listeners.latest.golden deleted file mode 100644 index 977c827264b28..0000000000000 --- a/agent/xds/testdata/routes/ingress-with-tls-mixed-min-version-listeners.latest.golden +++ /dev/null @@ -1,79 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s1.ingress.*", - "s1.ingress.*:8080" - ], - "name": "s1", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8081", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s2.ingress.*", - "s2.ingress.*:8081" - ], - "name": "s2", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8082", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "s3.ingress.*", - "s3.ingress.*:8082" - ], - "name": "s3", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "s3.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/listener-balance-inbound-connections.latest.golden b/agent/xds/testdata/routes/listener-balance-inbound-connections.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/listener-balance-inbound-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/listener-balance-outbound-connections-bind-port.latest.golden b/agent/xds/testdata/routes/listener-balance-outbound-connections-bind-port.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/listener-balance-outbound-connections-bind-port.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/listener-bind-address-port.latest.golden b/agent/xds/testdata/routes/listener-bind-address-port.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/listener-bind-address-port.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/listener-bind-address.latest.golden b/agent/xds/testdata/routes/listener-bind-address.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/listener-bind-address.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/listener-bind-port.latest.golden b/agent/xds/testdata/routes/listener-bind-port.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/listener-bind-port.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/listener-max-inbound-connections.latest.golden b/agent/xds/testdata/routes/listener-max-inbound-connections.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/listener-max-inbound-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/listener-unix-domain-socket.latest.golden b/agent/xds/testdata/routes/listener-unix-domain-socket.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/listener-unix-domain-socket.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-custom-addresses.latest.golden b/agent/xds/testdata/routes/mesh-gateway-custom-addresses.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-custom-addresses.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-default-service-subset.latest.golden b/agent/xds/testdata/routes/mesh-gateway-default-service-subset.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-default-service-subset.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-hash-lb-ignored.latest.golden b/agent/xds/testdata/routes/mesh-gateway-hash-lb-ignored.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-hash-lb-ignored.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-ignore-extra-resolvers.latest.golden b/agent/xds/testdata/routes/mesh-gateway-ignore-extra-resolvers.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-ignore-extra-resolvers.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-newer-information-in-federation-states.latest.golden b/agent/xds/testdata/routes/mesh-gateway-newer-information-in-federation-states.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-newer-information-in-federation-states.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-no-services.latest.golden b/agent/xds/testdata/routes/mesh-gateway-no-services.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-no-services.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-non-hash-lb-injected.latest.golden b/agent/xds/testdata/routes/mesh-gateway-non-hash-lb-injected.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-non-hash-lb-injected.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-older-information-in-federation-states.latest.golden b/agent/xds/testdata/routes/mesh-gateway-older-information-in-federation-states.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-older-information-in-federation-states.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-service-subsets.latest.golden b/agent/xds/testdata/routes/mesh-gateway-service-subsets.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-service-subsets.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-service-subsets2.latest.golden b/agent/xds/testdata/routes/mesh-gateway-service-subsets2.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-service-subsets2.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-service-timeouts.latest.golden b/agent/xds/testdata/routes/mesh-gateway-service-timeouts.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-service-timeouts.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-tagged-addresses.latest.golden b/agent/xds/testdata/routes/mesh-gateway-tagged-addresses.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-tagged-addresses.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-tcp-keepalives.latest.golden b/agent/xds/testdata/routes/mesh-gateway-tcp-keepalives.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-tcp-keepalives.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/routes/mesh-gateway-using-federation-control-plane.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-using-federation-control-plane.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-using-federation-states.latest.golden b/agent/xds/testdata/routes/mesh-gateway-using-federation-states.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway-using-federation-states.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway.latest.golden b/agent/xds/testdata/routes/mesh-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/mesh-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-custom-and-tagged-addresses.latest.golden b/agent/xds/testdata/routes/terminating-gateway-custom-and-tagged-addresses.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-custom-and-tagged-addresses.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-custom-trace-listener.latest.golden b/agent/xds/testdata/routes/terminating-gateway-custom-trace-listener.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-custom-trace-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-default-service-subset.latest.golden b/agent/xds/testdata/routes/terminating-gateway-default-service-subset.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-default-service-subset.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-hostname-service-subsets.latest.golden b/agent/xds/testdata/routes/terminating-gateway-hostname-service-subsets.latest.golden deleted file mode 100644 index f05a3fc603401..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-hostname-service-subsets.latest.golden +++ /dev/null @@ -1,103 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "alt.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "alt.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "alt.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "prod.cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "prod.cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "prod.cache.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-http2-upstream-subsets.latest.golden b/agent/xds/testdata/routes/terminating-gateway-http2-upstream-subsets.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-http2-upstream-subsets.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-http2-upstream.latest.golden b/agent/xds/testdata/routes/terminating-gateway-http2-upstream.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-http2-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-ignore-extra-resolvers.latest.golden b/agent/xds/testdata/routes/terminating-gateway-ignore-extra-resolvers.latest.golden deleted file mode 100644 index fa5dbf99a413e..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-ignore-extra-resolvers.latest.golden +++ /dev/null @@ -1,79 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-lb-config-no-hash-policies.latest.golden b/agent/xds/testdata/routes/terminating-gateway-lb-config-no-hash-policies.latest.golden deleted file mode 100644 index 39689dc5b2ea6..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-lb-config-no-hash-policies.latest.golden +++ /dev/null @@ -1,82 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "0.200s" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "0.200s" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "0.200s" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-no-api-cert.latest.golden b/agent/xds/testdata/routes/terminating-gateway-no-api-cert.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-no-api-cert.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-no-services.latest.golden b/agent/xds/testdata/routes/terminating-gateway-no-services.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-no-services.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-service-subsets.latest.golden b/agent/xds/testdata/routes/terminating-gateway-service-subsets.latest.golden deleted file mode 100644 index fa5dbf99a413e..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-service-subsets.latest.golden +++ /dev/null @@ -1,79 +0,0 @@ -{ - "nonce": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "v1.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "v2.web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - }, - { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "validateClusters": true, - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "autoHostRewrite": true, - "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - } - ] - } - ] - } - ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-sni.latest.golden b/agent/xds/testdata/routes/terminating-gateway-sni.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-sni.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-tcp-keepalives.latest.golden b/agent/xds/testdata/routes/terminating-gateway-tcp-keepalives.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-tcp-keepalives.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-with-peer-trust-bundle.latest.golden b/agent/xds/testdata/routes/terminating-gateway-with-peer-trust-bundle.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-with-peer-trust-bundle.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden b/agent/xds/testdata/routes/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-with-tls-incoming-max-version.latest.golden b/agent/xds/testdata/routes/terminating-gateway-with-tls-incoming-max-version.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-with-tls-incoming-max-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway-with-tls-incoming-min-version.latest.golden b/agent/xds/testdata/routes/terminating-gateway-with-tls-incoming-min-version.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway-with-tls-incoming-min-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/terminating-gateway.latest.golden b/agent/xds/testdata/routes/terminating-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/terminating-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-catalog-destinations-only.latest.golden b/agent/xds/testdata/routes/transparent-proxy-catalog-destinations-only.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/transparent-proxy-catalog-destinations-only.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-dial-instances-directly.latest.golden b/agent/xds/testdata/routes/transparent-proxy-dial-instances-directly.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/transparent-proxy-dial-instances-directly.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-http-upstream.latest.golden b/agent/xds/testdata/routes/transparent-proxy-http-upstream.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/transparent-proxy-http-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-terminating-gateway.latest.golden b/agent/xds/testdata/routes/transparent-proxy-terminating-gateway.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/transparent-proxy-terminating-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-with-resolver-redirect-upstream.latest.golden b/agent/xds/testdata/routes/transparent-proxy-with-resolver-redirect-upstream.latest.golden deleted file mode 100644 index 8b919343d21a9..0000000000000 --- a/agent/xds/testdata/routes/transparent-proxy-with-resolver-redirect-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/access-logs-defaults.latest.golden b/agent/xds/testdata/secrets/access-logs-defaults.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/access-logs-defaults.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/access-logs-json-file.latest.golden b/agent/xds/testdata/secrets/access-logs-json-file.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/access-logs-json-file.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/access-logs-text-stderr-disablelistenerlogs.latest.golden b/agent/xds/testdata/secrets/access-logs-text-stderr-disablelistenerlogs.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/access-logs-text-stderr-disablelistenerlogs.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/api-gateway-http-listener-with-http-route.latest.golden b/agent/xds/testdata/secrets/api-gateway-http-listener-with-http-route.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/api-gateway-http-listener-with-http-route.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/api-gateway-http-listener.latest.golden b/agent/xds/testdata/secrets/api-gateway-http-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/api-gateway-http-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/api-gateway-nil-config-entry.latest.golden b/agent/xds/testdata/secrets/api-gateway-nil-config-entry.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/api-gateway-nil-config-entry.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden b/agent/xds/testdata/secrets/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/api-gateway-tcp-listener-with-tcp-route.latest.golden b/agent/xds/testdata/secrets/api-gateway-tcp-listener-with-tcp-route.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/api-gateway-tcp-listener-with-tcp-route.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/api-gateway-tcp-listener.latest.golden b/agent/xds/testdata/secrets/api-gateway-tcp-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/api-gateway-tcp-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/api-gateway-with-multiple-hostnames.latest.golden b/agent/xds/testdata/secrets/api-gateway-with-multiple-hostnames.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/api-gateway-with-multiple-hostnames.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/api-gateway.latest.golden b/agent/xds/testdata/secrets/api-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/api-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-lb-in-resolver.latest.golden b/agent/xds/testdata/secrets/connect-proxy-lb-in-resolver.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-lb-in-resolver.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-resolver-with-lb.latest.golden b/agent/xds/testdata/secrets/connect-proxy-resolver-with-lb.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-resolver-with-lb.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-route-to-lb-resolver.latest.golden b/agent/xds/testdata/secrets/connect-proxy-route-to-lb-resolver.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-route-to-lb-resolver.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-splitter-overweight.latest.golden b/agent/xds/testdata/secrets/connect-proxy-splitter-overweight.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-splitter-overweight.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-upstream-defaults.latest.golden b/agent/xds/testdata/secrets/connect-proxy-upstream-defaults.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-upstream-defaults.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-chain-and-failover.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-chain-and-failover.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-chain-and-failover.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-chain-and-overrides.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-chain-and-overrides.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-chain-and-overrides.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-chain-and-router.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-chain-and-router.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-chain-and-router.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-chain-and-splitter.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-chain-and-splitter.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-chain-and-splitter.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-chain-external-sni.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-chain-external-sni.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-chain-external-sni.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-chain-http2.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-chain-http2.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-chain-http2.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-chain.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-chain.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-default-chain-and-custom-cluster.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-default-chain-and-custom-cluster.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-default-chain-and-custom-cluster.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-grpc-chain.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-grpc-chain.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-grpc-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-grpc-router.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-grpc-router.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-grpc-router.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-http-chain.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-http-chain.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-http-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-http2-chain.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-http2-chain.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-http2-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-local.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-local.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tcp-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tls-incoming-cipher-suites.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tls-incoming-cipher-suites.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tls-incoming-cipher-suites.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tls-incoming-max-version.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tls-incoming-max-version.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tls-incoming-max-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tls-incoming-min-version.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tls-incoming-min-version.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tls-incoming-min-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-max-version.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-max-version.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-max-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-min-version.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-min-version.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tls-outgoing-min-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/secrets/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/secrets/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-limits-max-connections-only.latest.golden b/agent/xds/testdata/secrets/custom-limits-max-connections-only.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-limits-max-connections-only.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-limits-set-to-zero.latest.golden b/agent/xds/testdata/secrets/custom-limits-set-to-zero.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-limits-set-to-zero.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-limits.latest.golden b/agent/xds/testdata/secrets/custom-limits.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-limits.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-local-app.latest.golden b/agent/xds/testdata/secrets/custom-local-app.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-local-app.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-max-inbound-connections.latest.golden b/agent/xds/testdata/secrets/custom-max-inbound-connections.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-max-inbound-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden b/agent/xds/testdata/secrets/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-passive-healthcheck.latest.golden b/agent/xds/testdata/secrets/custom-passive-healthcheck.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-passive-healthcheck.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-public-listener-http-2.latest.golden b/agent/xds/testdata/secrets/custom-public-listener-http-2.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-public-listener-http-2.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-public-listener-http-missing.latest.golden b/agent/xds/testdata/secrets/custom-public-listener-http-missing.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-public-listener-http-missing.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-public-listener-http.latest.golden b/agent/xds/testdata/secrets/custom-public-listener-http.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-public-listener-http.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-public-listener.latest.golden b/agent/xds/testdata/secrets/custom-public-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-public-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-timeouts.latest.golden b/agent/xds/testdata/secrets/custom-timeouts.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-timeouts.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-trace-listener.latest.golden b/agent/xds/testdata/secrets/custom-trace-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-trace-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-upstream-default-chain.latest.golden b/agent/xds/testdata/secrets/custom-upstream-default-chain.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-upstream-default-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-upstream-ignored-with-disco-chain.latest.golden b/agent/xds/testdata/secrets/custom-upstream-ignored-with-disco-chain.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-upstream-ignored-with-disco-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-upstream-with-prepared-query.latest.golden b/agent/xds/testdata/secrets/custom-upstream-with-prepared-query.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-upstream-with-prepared-query.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/custom-upstream.latest.golden b/agent/xds/testdata/secrets/custom-upstream.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/custom-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/downstream-service-with-unix-sockets.latest.golden b/agent/xds/testdata/secrets/downstream-service-with-unix-sockets.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/downstream-service-with-unix-sockets.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/expose-checks-grpc.latest.golden b/agent/xds/testdata/secrets/expose-checks-grpc.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/expose-checks-grpc.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/expose-checks-http-with-bind-override.latest.golden b/agent/xds/testdata/secrets/expose-checks-http-with-bind-override.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/expose-checks-http-with-bind-override.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/expose-checks-http.latest.golden b/agent/xds/testdata/secrets/expose-checks-http.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/expose-checks-http.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/expose-checks.latest.golden b/agent/xds/testdata/secrets/expose-checks.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/expose-checks.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/expose-paths-grpc-new-cluster-http1.latest.golden b/agent/xds/testdata/secrets/expose-paths-grpc-new-cluster-http1.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/expose-paths-grpc-new-cluster-http1.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/expose-paths-local-app-paths.latest.golden b/agent/xds/testdata/secrets/expose-paths-local-app-paths.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/expose-paths-local-app-paths.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/expose-paths-new-cluster-http2.latest.golden b/agent/xds/testdata/secrets/expose-paths-new-cluster-http2.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/expose-paths-new-cluster-http2.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/grpc-public-listener.latest.golden b/agent/xds/testdata/secrets/grpc-public-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/grpc-public-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/http-listener-with-timeouts.latest.golden b/agent/xds/testdata/secrets/http-listener-with-timeouts.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/http-listener-with-timeouts.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/http-public-listener-no-xfcc.latest.golden b/agent/xds/testdata/secrets/http-public-listener-no-xfcc.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/http-public-listener-no-xfcc.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/http-public-listener.latest.golden b/agent/xds/testdata/secrets/http-public-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/http-public-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/http-upstream.latest.golden b/agent/xds/testdata/secrets/http-upstream.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/http-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/http2-public-listener.latest.golden b/agent/xds/testdata/secrets/http2-public-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/http2-public-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-config-entry-nil.latest.golden b/agent/xds/testdata/secrets/ingress-config-entry-nil.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-config-entry-nil.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-defaults-no-chain.latest.golden b/agent/xds/testdata/secrets/ingress-defaults-no-chain.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-defaults-no-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-gateway-bind-addrs.latest.golden b/agent/xds/testdata/secrets/ingress-gateway-bind-addrs.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-gateway-bind-addrs.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-gateway-nil-config-entry.latest.golden b/agent/xds/testdata/secrets/ingress-gateway-nil-config-entry.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-gateway-nil-config-entry.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-gateway-no-services.latest.golden b/agent/xds/testdata/secrets/ingress-gateway-no-services.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-gateway-no-services.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden b/agent/xds/testdata/secrets/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-gateway-with-tls-outgoing-max-version.latest.golden b/agent/xds/testdata/secrets/ingress-gateway-with-tls-outgoing-max-version.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-gateway-with-tls-outgoing-max-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-gateway-with-tls-outgoing-min-version.latest.golden b/agent/xds/testdata/secrets/ingress-gateway-with-tls-outgoing-min-version.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-gateway-with-tls-outgoing-min-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-gateway.latest.golden b/agent/xds/testdata/secrets/ingress-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-grpc-multiple-services.latest.golden b/agent/xds/testdata/secrets/ingress-grpc-multiple-services.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-grpc-multiple-services.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-http-multiple-services.latest.golden b/agent/xds/testdata/secrets/ingress-http-multiple-services.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-http-multiple-services.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-lb-in-resolver.latest.golden b/agent/xds/testdata/secrets/ingress-lb-in-resolver.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-lb-in-resolver.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-multiple-listeners-duplicate-service.latest.golden b/agent/xds/testdata/secrets/ingress-multiple-listeners-duplicate-service.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-multiple-listeners-duplicate-service.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-splitter-with-resolver-redirect.latest.golden b/agent/xds/testdata/secrets/ingress-splitter-with-resolver-redirect.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-splitter-with-resolver-redirect.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-chain-and-failover-to-cluster-peer.latest.golden b/agent/xds/testdata/secrets/ingress-with-chain-and-failover-to-cluster-peer.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-chain-and-failover-to-cluster-peer.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-chain-and-failover.latest.golden b/agent/xds/testdata/secrets/ingress-with-chain-and-failover.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-chain-and-failover.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-chain-and-router-header-manip.latest.golden b/agent/xds/testdata/secrets/ingress-with-chain-and-router-header-manip.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-chain-and-router-header-manip.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-chain-and-router.latest.golden b/agent/xds/testdata/secrets/ingress-with-chain-and-router.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-chain-and-router.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-chain-and-splitter.latest.golden b/agent/xds/testdata/secrets/ingress-with-chain-and-splitter.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-chain-and-splitter.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-chain-external-sni.latest.golden b/agent/xds/testdata/secrets/ingress-with-chain-external-sni.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-chain-external-sni.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-chain.latest.golden b/agent/xds/testdata/secrets/ingress-with-chain.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-chain.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-defaults-passive-health-check.latest.golden b/agent/xds/testdata/secrets/ingress-with-defaults-passive-health-check.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-defaults-passive-health-check.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-defaults-service-max-connections.latest.golden b/agent/xds/testdata/secrets/ingress-with-defaults-service-max-connections.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-defaults-service-max-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-grpc-router.latest.golden b/agent/xds/testdata/secrets/ingress-with-grpc-router.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-grpc-router.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-grpc-single-tls-listener.latest.golden b/agent/xds/testdata/secrets/ingress-with-grpc-single-tls-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-grpc-single-tls-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden b/agent/xds/testdata/secrets/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-http2-single-tls-listener.latest.golden b/agent/xds/testdata/secrets/ingress-with-http2-single-tls-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-http2-single-tls-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-overwrite-defaults-passive-health-check.latest.golden b/agent/xds/testdata/secrets/ingress-with-overwrite-defaults-passive-health-check.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-overwrite-defaults-passive-health-check.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-overwrite-defaults-service-max-connections.latest.golden b/agent/xds/testdata/secrets/ingress-with-overwrite-defaults-service-max-connections.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-overwrite-defaults-service-max-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-listener+service-level.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-listener+service-level.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-listener+service-level.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-listener-gw-level-http.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-listener-gw-level-http.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-listener-gw-level-http.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-listener-gw-level.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-listener-gw-level.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-listener-gw-level.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-listener-level-wildcard.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-listener-level-wildcard.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-listener-level-wildcard.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-listener-level.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-listener-level.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-listener-level.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-listener-listener-level.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-listener-listener-level.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-listener-listener-level.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-service-level-2.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-service-level-2.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-service-level-2.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-service-level-mixed-no-tls.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-service-level-mixed-no-tls.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-service-level-mixed-no-tls.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-service-level-mixed-tls.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-service-level-mixed-tls.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-service-level-mixed-tls.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-sds-service-level.latest.golden b/agent/xds/testdata/secrets/ingress-with-sds-service-level.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-sds-service-level.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-service-max-connections.latest.golden b/agent/xds/testdata/secrets/ingress-with-service-max-connections.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-service-max-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-service-passive-health-check.latest.golden b/agent/xds/testdata/secrets/ingress-with-service-passive-health-check.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-service-passive-health-check.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-single-tls-listener.latest.golden b/agent/xds/testdata/secrets/ingress-with-single-tls-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-single-tls-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden b/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden b/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tls-listener-cipher-suites.latest.golden b/agent/xds/testdata/secrets/ingress-with-tls-listener-cipher-suites.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tls-listener-cipher-suites.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tls-listener-max-version.latest.golden b/agent/xds/testdata/secrets/ingress-with-tls-listener-max-version.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tls-listener-max-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tls-listener-min-version.latest.golden b/agent/xds/testdata/secrets/ingress-with-tls-listener-min-version.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tls-listener-min-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tls-listener.latest.golden b/agent/xds/testdata/secrets/ingress-with-tls-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tls-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden b/agent/xds/testdata/secrets/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden b/agent/xds/testdata/secrets/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tls-mixed-listeners.latest.golden b/agent/xds/testdata/secrets/ingress-with-tls-mixed-listeners.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tls-mixed-listeners.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tls-mixed-max-version-listeners.latest.golden b/agent/xds/testdata/secrets/ingress-with-tls-mixed-max-version-listeners.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tls-mixed-max-version-listeners.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/ingress-with-tls-mixed-min-version-listeners.latest.golden b/agent/xds/testdata/secrets/ingress-with-tls-mixed-min-version-listeners.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/ingress-with-tls-mixed-min-version-listeners.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/listener-balance-inbound-connections.latest.golden b/agent/xds/testdata/secrets/listener-balance-inbound-connections.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/listener-balance-inbound-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/listener-balance-outbound-connections-bind-port.latest.golden b/agent/xds/testdata/secrets/listener-balance-outbound-connections-bind-port.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/listener-balance-outbound-connections-bind-port.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/listener-bind-address-port.latest.golden b/agent/xds/testdata/secrets/listener-bind-address-port.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/listener-bind-address-port.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/listener-bind-address.latest.golden b/agent/xds/testdata/secrets/listener-bind-address.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/listener-bind-address.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/listener-bind-port.latest.golden b/agent/xds/testdata/secrets/listener-bind-port.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/listener-bind-port.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/listener-max-inbound-connections.latest.golden b/agent/xds/testdata/secrets/listener-max-inbound-connections.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/listener-max-inbound-connections.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/listener-unix-domain-socket.latest.golden b/agent/xds/testdata/secrets/listener-unix-domain-socket.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/listener-unix-domain-socket.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-custom-addresses.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-custom-addresses.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-custom-addresses.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-default-service-subset.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-default-service-subset.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-default-service-subset.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-hash-lb-ignored.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-hash-lb-ignored.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-hash-lb-ignored.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-ignore-extra-resolvers.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-ignore-extra-resolvers.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-ignore-extra-resolvers.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-newer-information-in-federation-states.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-newer-information-in-federation-states.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-newer-information-in-federation-states.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-no-services.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-no-services.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-no-services.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-non-hash-lb-injected.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-non-hash-lb-injected.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-non-hash-lb-injected.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-older-information-in-federation-states.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-older-information-in-federation-states.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-older-information-in-federation-states.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-service-subsets.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-service-subsets.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-service-subsets.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-service-subsets2.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-service-subsets2.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-service-subsets2.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-service-timeouts.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-service-timeouts.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-service-timeouts.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-tagged-addresses.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-tagged-addresses.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-tagged-addresses.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-tcp-keepalives.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-tcp-keepalives.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-tcp-keepalives.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-using-federation-control-plane.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-using-federation-control-plane.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-using-federation-control-plane.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway-using-federation-states.latest.golden b/agent/xds/testdata/secrets/mesh-gateway-using-federation-states.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway-using-federation-states.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/mesh-gateway.latest.golden b/agent/xds/testdata/secrets/mesh-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/mesh-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/splitter-with-resolver-redirect.latest.golden b/agent/xds/testdata/secrets/splitter-with-resolver-redirect.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/splitter-with-resolver-redirect.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-custom-and-tagged-addresses.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-custom-and-tagged-addresses.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-custom-and-tagged-addresses.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-custom-trace-listener.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-custom-trace-listener.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-custom-trace-listener.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-default-service-subset.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-default-service-subset.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-default-service-subset.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-hostname-service-subsets.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-hostname-service-subsets.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-hostname-service-subsets.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-http2-upstream-subsets.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-http2-upstream-subsets.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-http2-upstream-subsets.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-http2-upstream.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-http2-upstream.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-http2-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-ignore-extra-resolvers.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-ignore-extra-resolvers.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-ignore-extra-resolvers.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-lb-config-no-hash-policies.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-lb-config-no-hash-policies.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-lb-config-no-hash-policies.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-lb-config.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-lb-config.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-lb-config.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-no-api-cert.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-no-api-cert.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-no-api-cert.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-no-services.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-no-services.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-no-services.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-service-subsets.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-service-subsets.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-service-subsets.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-sni.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-sni.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-sni.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-tcp-keepalives.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-tcp-keepalives.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-tcp-keepalives.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-with-peer-trust-bundle.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-with-peer-trust-bundle.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-with-peer-trust-bundle.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-with-tls-incoming-cipher-suites.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-with-tls-incoming-max-version.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-with-tls-incoming-max-version.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-with-tls-incoming-max-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway-with-tls-incoming-min-version.latest.golden b/agent/xds/testdata/secrets/terminating-gateway-with-tls-incoming-min-version.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway-with-tls-incoming-min-version.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/terminating-gateway.latest.golden b/agent/xds/testdata/secrets/terminating-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/terminating-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/transparent-proxy-catalog-destinations-only.latest.golden b/agent/xds/testdata/secrets/transparent-proxy-catalog-destinations-only.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/transparent-proxy-catalog-destinations-only.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/transparent-proxy-dial-instances-directly.latest.golden b/agent/xds/testdata/secrets/transparent-proxy-dial-instances-directly.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/transparent-proxy-dial-instances-directly.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/transparent-proxy-http-upstream.latest.golden b/agent/xds/testdata/secrets/transparent-proxy-http-upstream.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/transparent-proxy-http-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/transparent-proxy-terminating-gateway.latest.golden b/agent/xds/testdata/secrets/transparent-proxy-terminating-gateway.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/transparent-proxy-terminating-gateway.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xds/testdata/secrets/transparent-proxy-with-resolver-redirect-upstream.latest.golden b/agent/xds/testdata/secrets/transparent-proxy-with-resolver-redirect-upstream.latest.golden deleted file mode 100644 index 82e45650658b4..0000000000000 --- a/agent/xds/testdata/secrets/transparent-proxy-with-resolver-redirect-upstream.latest.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nonce": "00000001", - "typeUrl": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret", - "versionInfo": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/cluster_resources.go b/agent/xdsv2/cluster_resources.go index 8d280853c2ad7..d32eeed2ec62b 100644 --- a/agent/xdsv2/cluster_resources.go +++ b/agent/xdsv2/cluster_resources.go @@ -9,7 +9,6 @@ import ( envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" envoy_aggregate_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/aggregate/v3" envoy_upstreams_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" @@ -20,58 +19,77 @@ import ( "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1/pbproxystate" ) -func (pr *ProxyResources) makeClustersAndEndpoints(name string) (map[string]proto.Message, map[string]proto.Message, error) { - envoyClusters := make(map[string]proto.Message) - envoyEndpoints := make(map[string]proto.Message) +func (pr *ProxyResources) doesEnvoyClusterAlreadyExist(name string) bool { + // TODO(proxystate): consider using a map instead of [] for this kind of lookup + for _, envoyCluster := range pr.envoyResources[xdscommon.ClusterType] { + if envoyCluster.(*envoy_cluster_v3.Cluster).Name == name { + return true + } + } + return false +} + +func (pr *ProxyResources) makeXDSClusters() ([]proto.Message, error) { + clusters := make([]proto.Message, 0) + + for clusterName := range pr.proxyState.Clusters { + protoCluster, err := pr.makeClusters(clusterName) + // TODO: aggregate errors for clusters and still return any properly formed clusters. + if err != nil { + return nil, err + } + clusters = append(clusters, protoCluster...) + } + + return clusters, nil +} + +func (pr *ProxyResources) makeClusters(name string) ([]proto.Message, error) { + clusters := make([]proto.Message, 0) proxyStateCluster, ok := pr.proxyState.Clusters[name] if !ok { - return nil, nil, fmt.Errorf("cluster %q not found", name) + return nil, fmt.Errorf("cluster %q not found", name) + } + + if pr.doesEnvoyClusterAlreadyExist(name) { + // don't error + return []proto.Message{}, nil } switch proxyStateCluster.Group.(type) { case *pbproxystate.Cluster_FailoverGroup: fg := proxyStateCluster.GetFailoverGroup() - clusters, eps, err := pr.makeEnvoyAggregateClusterAndEndpoint(name, proxyStateCluster.Protocol, fg) + clusters, err := pr.makeEnvoyAggregateCluster(name, proxyStateCluster.Protocol, fg) if err != nil { - return nil, nil, err + return nil, err } - // for each cluster, add it to clusters map and add endpoint to endpoint map for _, c := range clusters { - envoyClusters[c.Name] = c - if ep, ok := eps[c.Name]; ok { - envoyEndpoints[c.Name] = ep - } + clusters = append(clusters, c) } case *pbproxystate.Cluster_EndpointGroup: eg := proxyStateCluster.GetEndpointGroup() - cluster, eps, err := pr.makeEnvoyClusterAndEndpoint(name, proxyStateCluster.Protocol, eg) + cluster, err := pr.makeEnvoyCluster(name, proxyStateCluster.Protocol, eg) if err != nil { - return nil, nil, err - } - - // for each cluster, add it to clusters map and add endpoint to endpoint map - envoyClusters[cluster.Name] = cluster - if ep, ok := eps[cluster.Name]; ok { - envoyEndpoints[cluster.Name] = ep + return nil, err } + clusters = append(clusters, cluster) default: - return nil, nil, errors.New("cluster group type should be Endpoint Group or Failover Group") + return nil, errors.New("cluster group type should be Endpoint Group or Failover Group") } - return envoyClusters, envoyEndpoints, nil + return clusters, nil } -func (pr *ProxyResources) makeEnvoyClusterAndEndpoint(name string, protocol pbproxystate.Protocol, - eg *pbproxystate.EndpointGroup) (*envoy_cluster_v3.Cluster, map[string]*envoy_endpoint_v3.ClusterLoadAssignment, error) { +func (pr *ProxyResources) makeEnvoyCluster(name string, protocol pbproxystate.Protocol, eg *pbproxystate.EndpointGroup) (*envoy_cluster_v3.Cluster, error) { if eg != nil { switch t := eg.Group.(type) { case *pbproxystate.EndpointGroup_Dynamic: dynamic := eg.GetDynamic() - return pr.makeEnvoyDynamicClusterAndEndpoint(name, protocol, dynamic) + return pr.makeEnvoyDynamicCluster(name, protocol, dynamic) case *pbproxystate.EndpointGroup_Static: static := eg.GetStatic() - return pr.makeEnvoyStaticClusterAndEndpoint(name, protocol, static) + return pr.makeEnvoyStaticCluster(name, protocol, static) case *pbproxystate.EndpointGroup_Dns: dns := eg.GetDns() return pr.makeEnvoyDnsCluster(name, protocol, dns) @@ -79,14 +97,13 @@ func (pr *ProxyResources) makeEnvoyClusterAndEndpoint(name string, protocol pbpr passthrough := eg.GetPassthrough() return pr.makeEnvoyPassthroughCluster(name, protocol, passthrough) default: - return nil, nil, fmt.Errorf("unsupported endpoint group type: %s", t) + return nil, fmt.Errorf("unsupported endpoint group type: %s", t) } } - return nil, nil, fmt.Errorf("no endpoint group") + return nil, fmt.Errorf("no endpoint group") } -func (pr *ProxyResources) makeEnvoyDynamicClusterAndEndpoint(name string, protocol pbproxystate.Protocol, - dynamic *pbproxystate.DynamicEndpointGroup) (*envoy_cluster_v3.Cluster, map[string]*envoy_endpoint_v3.ClusterLoadAssignment, error) { +func (pr *ProxyResources) makeEnvoyDynamicCluster(name string, protocol pbproxystate.Protocol, dynamic *pbproxystate.DynamicEndpointGroup) (*envoy_cluster_v3.Cluster, error) { cluster := &envoy_cluster_v3.Cluster{ Name: name, ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_EDS}, @@ -101,7 +118,7 @@ func (pr *ProxyResources) makeEnvoyDynamicClusterAndEndpoint(name string, protoc } err := addHttpProtocolOptions(protocol, cluster) if err != nil { - return nil, nil, err + return nil, err } if dynamic.Config != nil { if dynamic.Config.UseAltStatName { @@ -120,31 +137,23 @@ func (pr *ProxyResources) makeEnvoyDynamicClusterAndEndpoint(name string, protoc err := addEnvoyLBToCluster(dynamic.Config, cluster) if err != nil { - return nil, nil, err + return nil, err } } if dynamic.OutboundTls != nil { envoyTransportSocket, err := pr.makeEnvoyTransportSocket(dynamic.OutboundTls) if err != nil { - return nil, nil, err + return nil, err } cluster.TransportSocket = envoyTransportSocket } - // Generate Envoy endpoint - endpointResources := make(map[string]*envoy_endpoint_v3.ClusterLoadAssignment) - if endpointList, ok := pr.proxyState.Endpoints[cluster.Name]; ok { - protoEndpoint := makeEnvoyClusterLoadAssignment(cluster.Name, endpointList.Endpoints) - endpointResources[cluster.Name] = protoEndpoint - } - - return cluster, endpointResources, nil + return cluster, nil } -func (pr *ProxyResources) makeEnvoyStaticClusterAndEndpoint(name string, protocol pbproxystate.Protocol, - static *pbproxystate.StaticEndpointGroup) (*envoy_cluster_v3.Cluster, map[string]*envoy_endpoint_v3.ClusterLoadAssignment, error) { +func (pr *ProxyResources) makeEnvoyStaticCluster(name string, protocol pbproxystate.Protocol, static *pbproxystate.StaticEndpointGroup) (*envoy_cluster_v3.Cluster, error) { cluster := &envoy_cluster_v3.Cluster{ Name: name, ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{Type: envoy_cluster_v3.Cluster_STATIC}, @@ -163,23 +172,21 @@ func (pr *ProxyResources) makeEnvoyStaticClusterAndEndpoint(name string, protoco err = addHttpProtocolOptions(protocol, cluster) } if err != nil { - return nil, nil, err + return nil, err } if static.Config != nil { cluster.ConnectTimeout = static.Config.ConnectTimeout addEnvoyCircuitBreakers(static.GetConfig().CircuitBreakers, cluster) } - return cluster, nil, nil + return cluster, nil } -func (pr *ProxyResources) makeEnvoyDnsCluster(name string, protocol pbproxystate.Protocol, - dns *pbproxystate.DNSEndpointGroup) (*envoy_cluster_v3.Cluster, map[string]*envoy_endpoint_v3.ClusterLoadAssignment, error) { - return nil, nil, nil +func (pr *ProxyResources) makeEnvoyDnsCluster(name string, protocol pbproxystate.Protocol, dns *pbproxystate.DNSEndpointGroup) (*envoy_cluster_v3.Cluster, error) { + return nil, nil } -func (pr *ProxyResources) makeEnvoyPassthroughCluster(name string, protocol pbproxystate.Protocol, - passthrough *pbproxystate.PassthroughEndpointGroup) (*envoy_cluster_v3.Cluster, map[string]*envoy_endpoint_v3.ClusterLoadAssignment, error) { +func (pr *ProxyResources) makeEnvoyPassthroughCluster(name string, protocol pbproxystate.Protocol, passthrough *pbproxystate.PassthroughEndpointGroup) (*envoy_cluster_v3.Cluster, error) { cluster := &envoy_cluster_v3.Cluster{ Name: name, ConnectTimeout: passthrough.Config.ConnectTimeout, @@ -189,47 +196,37 @@ func (pr *ProxyResources) makeEnvoyPassthroughCluster(name string, protocol pbpr if passthrough.OutboundTls != nil { envoyTransportSocket, err := pr.makeEnvoyTransportSocket(passthrough.OutboundTls) if err != nil { - return nil, nil, err + return nil, err } cluster.TransportSocket = envoyTransportSocket } err := addHttpProtocolOptions(protocol, cluster) if err != nil { - return nil, nil, err + return nil, err } - return cluster, nil, nil + return cluster, nil } -func (pr *ProxyResources) makeEnvoyAggregateClusterAndEndpoint(name string, protocol pbproxystate.Protocol, - fg *pbproxystate.FailoverGroup) (map[string]*envoy_cluster_v3.Cluster, map[string]*envoy_endpoint_v3.ClusterLoadAssignment, error) { - clusters := make(map[string]*envoy_cluster_v3.Cluster) - endpointResources := make(map[string]*envoy_endpoint_v3.ClusterLoadAssignment) +func (pr *ProxyResources) makeEnvoyAggregateCluster(name string, protocol pbproxystate.Protocol, fg *pbproxystate.FailoverGroup) ([]*envoy_cluster_v3.Cluster, error) { + var clusters []*envoy_cluster_v3.Cluster if fg != nil { var egNames []string for _, eg := range fg.EndpointGroups { - cluster, eps, err := pr.makeEnvoyClusterAndEndpoint(eg.Name, protocol, eg) + cluster, err := pr.makeEnvoyCluster(eg.Name, protocol, eg) if err != nil { - return nil, eps, err + return nil, err } egNames = append(egNames, cluster.Name) - - // add failover cluster - clusters[cluster.Name] = cluster - - // add endpoint for failover cluster - if ep, ok := eps[cluster.Name]; ok { - endpointResources[cluster.Name] = ep - } + clusters = append(clusters, cluster) } aggregateClusterConfig, err := anypb.New(&envoy_aggregate_cluster_v3.ClusterConfig{ Clusters: egNames, }) if err != nil { - return nil, nil, err + return nil, err } - // create aggregate cluster c := &envoy_cluster_v3.Cluster{ Name: name, ConnectTimeout: fg.Config.ConnectTimeout, @@ -246,19 +243,11 @@ func (pr *ProxyResources) makeEnvoyAggregateClusterAndEndpoint(name string, prot } err = addHttpProtocolOptions(protocol, c) if err != nil { - return nil, nil, err - } - - // add aggregate cluster - clusters[c.Name] = c - - // add endpoint for aggregate cluster - if endpointList, ok := pr.proxyState.Endpoints[c.Name]; ok { - protoEndpoint := makeEnvoyClusterLoadAssignment(c.Name, endpointList.Endpoints) - endpointResources[c.Name] = protoEndpoint + return nil, err } + clusters = append(clusters, c) } - return clusters, endpointResources, nil + return clusters, nil } func addLocalAppHttpProtocolOptions(protocol pbproxystate.Protocol, c *envoy_cluster_v3.Cluster) error { @@ -387,19 +376,9 @@ func addEnvoyLBToCluster(dynamicConfig *pbproxystate.DynamicEndpointGroupConfig, return nil } -func (pr *ProxyResources) makeEnvoyClustersAndEndpointsFromL4Destination(l4 *pbproxystate.L4Destination) error { - switch l4.Destination.(type) { - case *pbproxystate.L4Destination_Cluster: - pr.addEnvoyClustersAndEndpointsToEnvoyResources(l4.GetCluster().GetName()) - - case *pbproxystate.L4Destination_WeightedClusters: - psWeightedClusters := l4.GetWeightedClusters() - for _, psCluster := range psWeightedClusters.GetClusters() { - pr.addEnvoyClustersAndEndpointsToEnvoyResources(psCluster.Name) - } - default: - return errors.New("cluster group type should be Endpoint Group or Failover Group") - } - +// TODO(proxystate): In a future PR this will create clusters and add it to ProxyResources.proxyState +// Currently, we do not traverse the listener -> endpoint paths and instead just generate each resource by iterating +// through its top level map. In the future we want to traverse these paths to ensure each listener has a cluster, etc. +func (pr *ProxyResources) makeEnvoyClusterFromL4Destination(l4 *pbproxystate.L4Destination) error { return nil } diff --git a/agent/xdsv2/endpoint_resources.go b/agent/xdsv2/endpoint_resources.go index ce81d5cad0f60..fa3d39d8779fe 100644 --- a/agent/xdsv2/endpoint_resources.go +++ b/agent/xdsv2/endpoint_resources.go @@ -7,7 +7,9 @@ import ( envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" "github.com/hashicorp/consul/agent/xds/response" + "github.com/hashicorp/consul/envoyextensions/xdscommon" "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1/pbproxystate" + "google.golang.org/protobuf/proto" ) func makeEnvoyLbEndpoint(endpoint *pbproxystate.Endpoint) *envoy_endpoint_v3.LbEndpoint { @@ -44,3 +46,16 @@ func makeEnvoyClusterLoadAssignment(clusterName string, endpoints []*pbproxystat Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{localityLbEndpoints}, } } + +func (pr *ProxyResources) makeXDSEndpoints() ([]proto.Message, error) { + endpoints := make([]proto.Message, 0) + + for clusterName, eps := range pr.proxyState.GetEndpoints() { + if clusterName != xdscommon.LocalAppClusterName { + protoEndpoint := makeEnvoyClusterLoadAssignment(clusterName, eps.Endpoints) + endpoints = append(endpoints, protoEndpoint) + } + } + + return endpoints, nil +} diff --git a/agent/xdsv2/listener_resources.go b/agent/xdsv2/listener_resources.go index 29c0e42af0e0b..1ccfb42a6d5e1 100644 --- a/agent/xdsv2/listener_resources.go +++ b/agent/xdsv2/listener_resources.go @@ -42,16 +42,18 @@ const ( envoyHttpConnectionManagerFilterName = "envoy.filters.network.http_connection_manager" ) -func (pr *ProxyResources) makeEnvoyResourceGraphsStartingFromListeners() error { +func (pr *ProxyResources) makeXDSListeners() ([]proto.Message, error) { + listeners := make([]proto.Message, 0) + for _, l := range pr.proxyState.Listeners { protoListener, err := pr.makeListener(l) // TODO: aggregate errors for listeners and still return any properly formed listeners. if err != nil { - return err + return nil, err } - pr.envoyResources[xdscommon.ListenerType][protoListener.Name] = protoListener + listeners = append(listeners, protoListener) } - return nil + return listeners, nil } func (pr *ProxyResources) makeListener(listener *pbproxystate.Listener) (*envoy_listener_v3.Listener, error) { @@ -303,11 +305,11 @@ func (pr *ProxyResources) makeEnvoyResourcesForSNIDestination(sni *pbproxystate. } func (pr *ProxyResources) makeEnvoyResourcesForL4Destination(l4 *pbproxystate.Router_L4) ([]*envoy_listener_v3.Filter, error) { - err := pr.makeEnvoyClustersAndEndpointsFromL4Destination(l4.L4) + err := pr.makeEnvoyClusterFromL4Destination(l4.L4) if err != nil { return nil, err } - envoyFilters, err := pr.makeL4Filters(l4.L4) + envoyFilters, err := makeL4Filters(l4.L4) return envoyFilters, err } @@ -332,7 +334,7 @@ func getAlpnProtocols(protocol pbproxystate.L7Protocol) []string { return alpnProtocols } -func (pr *ProxyResources) makeL4Filters(l4 *pbproxystate.L4Destination) ([]*envoy_listener_v3.Filter, error) { +func makeL4Filters(l4 *pbproxystate.L4Destination) ([]*envoy_listener_v3.Filter, error) { var envoyFilters []*envoy_listener_v3.Filter if l4 != nil { rbacFilters, err := MakeRBACNetworkFilters(l4.TrafficPermissions) @@ -440,7 +442,7 @@ func (pr *ProxyResources) makeL7Filters(l7 *pbproxystate.L7Destination) ([]*envo } } else { // Add Envoy route under the route resource since it's not inlined. - pr.envoyResources[xdscommon.RouteType][routeConfig.Name] = routeConfig + pr.envoyResources[xdscommon.RouteType] = append(pr.envoyResources[xdscommon.RouteType], routeConfig) httpConnMgr.RouteSpecifier = &envoy_http_v3.HttpConnectionManager_Rds{ Rds: &envoy_http_v3.Rds{ diff --git a/agent/xdsv2/resources.go b/agent/xdsv2/resources.go index 1c3251930cebb..fa5f7179e6a5d 100644 --- a/agent/xdsv2/resources.go +++ b/agent/xdsv2/resources.go @@ -20,7 +20,6 @@ type ResourceGenerator struct { ProxyFeatures xdscommon.SupportedProxyFeatures } -// NewResourceGenerator will create a new ResourceGenerator. func NewResourceGenerator( logger hclog.Logger, ) *ResourceGenerator { @@ -29,63 +28,48 @@ func NewResourceGenerator( } } -// ProxyResources is the main state used to convert proxyState resources to Envoy resources. type ProxyResources struct { - // proxyState is the final proxyState computed by Consul controllers. - proxyState *proxytracker.ProxyState - // envoyResources is a map of each resource type (listener, endpoint, route, cluster, etc.) - // with a corresponding map of k/v pairs of resource name to envoy proto message. - // map[string]map[string]proto.Message is used over map[string][]proto.Message because - // AllResourcesFromIR() will create envoy resource by walking the object graph from listener - // to endpoint. In the process, the same resource might be referenced more than once, - // so the map is used to prevent duplicate resources being created and also will use - // an O(1) lookup to see if it exists (it actually will set the map key rather than - // checks everywhere) where as each lookup would be O(n) with a []proto structure. - envoyResources map[string]map[string]proto.Message + proxyState *proxytracker.ProxyState + envoyResources map[string][]proto.Message } func (g *ResourceGenerator) AllResourcesFromIR(proxyState *proxytracker.ProxyState) (map[string][]proto.Message, error) { pr := &ProxyResources{ proxyState: proxyState, - envoyResources: make(map[string]map[string]proto.Message), + envoyResources: make(map[string][]proto.Message), } - pr.envoyResources[xdscommon.ListenerType] = make(map[string]proto.Message) - pr.envoyResources[xdscommon.RouteType] = make(map[string]proto.Message) - pr.envoyResources[xdscommon.ClusterType] = make(map[string]proto.Message) - pr.envoyResources[xdscommon.EndpointType] = make(map[string]proto.Message) - - err := pr.makeEnvoyResourceGraphsStartingFromListeners() + err := pr.generateXDSResources() if err != nil { return nil, fmt.Errorf("failed to generate xDS resources for ProxyState: %v", err) } + return pr.envoyResources, nil +} - // Now account for Clusters that did not have a destination. - for name := range proxyState.Clusters { - if _, ok := pr.envoyResources[xdscommon.ClusterType][name]; !ok { - pr.addEnvoyClustersAndEndpointsToEnvoyResources(name) - } +func (pr *ProxyResources) generateXDSResources() error { + listeners, err := pr.makeXDSListeners() + if err != nil { + return err } - envoyResources := convertResourceMapsToResourceArrays(pr.envoyResources) - return envoyResources, nil -} + pr.envoyResources[xdscommon.ListenerType] = listeners -// convertResourceMapsToResourceArrays will convert map[string]map[string]proto.Message, which is used to -// prevent duplicate resource being created, to map[string][]proto.Message which is used by Delta server. -func convertResourceMapsToResourceArrays(resourceMap map[string]map[string]proto.Message) map[string][]proto.Message { - resources := make(map[string][]proto.Message) - resources[xdscommon.ListenerType] = make([]proto.Message, 0) - resources[xdscommon.RouteType] = make([]proto.Message, 0) - resources[xdscommon.ClusterType] = make([]proto.Message, 0) - resources[xdscommon.EndpointType] = make([]proto.Message, 0) + clusters, err := pr.makeXDSClusters() + if err != nil { + return err + } + pr.envoyResources[xdscommon.ClusterType] = clusters - // This conversion incurs processing cost which is done once in the generating envoy resources. - // This tradeoff is preferable to doing array scan every time an envoy resource needs to be - // to pr.envoyResource to see if it already exists. - for resourceTypeName, resourceMap := range resourceMap { - for _, resource := range resourceMap { - resources[resourceTypeName] = append(resources[resourceTypeName], resource) - } + endpoints, err := pr.makeXDSEndpoints() + if err != nil { + return err } - return resources + pr.envoyResources[xdscommon.EndpointType] = endpoints + + routes, err := pr.makeXDSRoutes() + if err != nil { + return err + } + pr.envoyResources[xdscommon.RouteType] = routes + + return nil } diff --git a/agent/xdsv2/resources_test.go b/agent/xdsv2/resources_test.go index 1210124494e44..c1afbda705be8 100644 --- a/agent/xdsv2/resources_test.go +++ b/agent/xdsv2/resources_test.go @@ -54,16 +54,17 @@ func TestAllResourcesFromIR_XDSGoldenFileInputs(t *testing.T) { "destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy", //sources - please add in alphabetical order - "source/l7-expose-paths", - "source/local-and-inbound-connections", - "source/multiple-workload-addresses-with-specific-ports", - "source/multiple-workload-addresses-without-ports", - "source/multiport-l4-multiple-workload-addresses-with-specific-ports", - "source/multiport-l4-multiple-workload-addresses-without-ports", - "source/multiport-l4-workload-with-only-mesh-port", - "source/multiport-l7-multiple-workload-addresses-with-specific-ports", - "source/multiport-l7-multiple-workload-addresses-without-ports", - "source/single-workload-address-without-ports", + //"source/l4-multiple-workload-addresses-with-specific-ports", + //"source/l4-multiple-workload-addresses-without-ports", + //"source/l4-single-workload-address-without-ports", + //"source/l7-expose-paths", + //"source/local-and-inbound-connections", + //"source/multiport-l4-multiple-workload-addresses-with-specific-ports", + //"source/multiport-l4-multiple-workload-addresses-without-ports", + //"source/multiport-l4-workload-with-only-mesh-port", + //"source/multiport-l7-multiple-workload-addresses-with-specific-ports", + //"source/multiport-l7-multiple-workload-addresses-without-ports", + //"source/multiport-l7-multiple-workload-addresses-without-ports", } for _, name := range cases { diff --git a/agent/xdsv2/route_resources.go b/agent/xdsv2/route_resources.go index 073b89d22ca87..af06c174484f8 100644 --- a/agent/xdsv2/route_resources.go +++ b/agent/xdsv2/route_resources.go @@ -16,8 +16,21 @@ import ( "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1/pbproxystate" envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + "google.golang.org/protobuf/proto" ) +func (pr *ProxyResources) makeXDSRoutes() ([]proto.Message, error) { + routes := make([]proto.Message, 0) + + for name, r := range pr.proxyState.Routes { + protoRoute := pr.makeEnvoyRouteConfigFromProxystateRoute(name, r) + // TODO: aggregate errors for routes and still return any properly formed routes. + routes = append(routes, protoRoute) + } + + return routes, nil +} + func (pr *ProxyResources) makeEnvoyRoute(name string) (*envoy_route_v3.RouteConfiguration, error) { var route *envoy_route_v3.RouteConfiguration // TODO(proxystate): This will make routes in the future. This function should distinguish between static routes @@ -234,18 +247,6 @@ func makeEnvoyQueryParamFromProxystateQueryMatch(psMatch *pbproxystate.QueryPara return envoyQueryParamMatcher } -func (pr *ProxyResources) addEnvoyClustersAndEndpointsToEnvoyResources(clusterName string) { - clusters, endpoints, _ := pr.makeClustersAndEndpoints(clusterName) - - for name, cluster := range clusters { - pr.envoyResources[xdscommon.ClusterType][name] = cluster - } - - for name, ep := range endpoints { - pr.envoyResources[xdscommon.EndpointType][name] = ep - } -} - // TODO (dans): Will this always be envoy_route_v3.Route_Route? // Definitely for connect proxies this is the only option. func (pr *ProxyResources) makeEnvoyRouteActionFromProxystateRouteDestination(psRouteDestination *pbproxystate.RouteDestination) *envoy_route_v3.Route_Route { @@ -259,15 +260,16 @@ func (pr *ProxyResources) makeEnvoyRouteActionFromProxystateRouteDestination(psR envoyRouteRoute.Route.ClusterSpecifier = &envoy_route_v3.RouteAction_Cluster{ Cluster: psCluster.GetName(), } - pr.addEnvoyClustersAndEndpointsToEnvoyResources(psCluster.Name) + clusters, _ := pr.makeClusters(psCluster.Name) + pr.envoyResources[xdscommon.ClusterType] = append(pr.envoyResources[xdscommon.ClusterType], clusters...) case *pbproxystate.RouteDestination_WeightedClusters: psWeightedClusters := psRouteDestination.GetWeightedClusters() envoyClusters := make([]*envoy_route_v3.WeightedCluster_ClusterWeight, 0, len(psWeightedClusters.GetClusters())) totalWeight := 0 for _, psCluster := range psWeightedClusters.GetClusters() { - pr.addEnvoyClustersAndEndpointsToEnvoyResources(psCluster.Name) - + clusters, _ := pr.makeClusters(psCluster.Name) + pr.envoyResources[xdscommon.ClusterType] = append(pr.envoyResources[xdscommon.ClusterType], clusters...) totalWeight += int(psCluster.Weight.GetValue()) envoyClusters = append(envoyClusters, makeEnvoyClusterWeightFromProxystateWeightedCluster(psCluster)) } @@ -316,7 +318,10 @@ func (pr *ProxyResources) makeEnvoyRouteActionFromProxystateRouteDestination(psR } func makeEnvoyClusterWeightFromProxystateWeightedCluster(cluster *pbproxystate.L7WeightedDestinationCluster) *envoy_route_v3.WeightedCluster_ClusterWeight { - envoyClusterWeight := makeEnvoyClusterWeightFromNameAndWeight(cluster.GetName(), cluster.GetWeight()) + envoyClusterWeight := &envoy_route_v3.WeightedCluster_ClusterWeight{ + Name: cluster.GetName(), + Weight: cluster.GetWeight(), + } for _, hm := range cluster.GetHeaderMutations() { injectEnvoyClusterWeightWithProxystateHeaderMutation(envoyClusterWeight, hm) @@ -325,15 +330,6 @@ func makeEnvoyClusterWeightFromProxystateWeightedCluster(cluster *pbproxystate.L return envoyClusterWeight } -func makeEnvoyClusterWeightFromNameAndWeight(name string, weight *wrapperspb.UInt32Value) *envoy_route_v3.WeightedCluster_ClusterWeight { - envoyClusterWeight := &envoy_route_v3.WeightedCluster_ClusterWeight{ - Name: name, - Weight: weight, - } - - return envoyClusterWeight -} - func injectEnvoyClusterWeightWithProxystateHeaderMutation(envoyClusterWeight *envoy_route_v3.WeightedCluster_ClusterWeight, mutation *pbproxystate.HeaderMutation) { mutation.GetAction() switch mutation.GetAction().(type) { diff --git a/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden b/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden index b87031ba81b1b..280f42b8581f5 100644 --- a/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden +++ b/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden @@ -1,270 +1,157 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "failover-target~0~http.api-1.default.dc1.internal.foo.consul", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "http.api-2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" } }, - "connectTimeout": "55s", - "commonLbConfig": { - "healthyPanicThreshold": {} + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" } } ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" } ] }, - "alpnProtocols": [ + "alpnProtocols": [ "consul~http" ] }, - "sni": "api-1.default.dc1.internal.foo.consul" + "sni": "api-2.default.dc1.internal.foo.consul" } } }, { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "failover-target~1~http.api-1.default.dc1.internal.foo.consul", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "connectTimeout": "5s", - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - }, - "matchSubjectAltNames": [ - { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/backup1-identity" - } - ] - }, - "alpnProtocols": [ - "consul~http" - ] - }, - "sni": "backup-1.default.dc1.internal.foo.consul" - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "http.api-1.default.dc1.internal.foo.consul", - "altStatName": "http.api-1.default.dc1.internal.foo.consul", - "clusterType": { - "name": "envoy.clusters.aggregate", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.clusters.aggregate.v3.ClusterConfig", - "clusters": [ - "failover-target~0~http.api-1.default.dc1.internal.foo.consul", - "failover-target~1~http.api-1.default.dc1.internal.foo.consul" - ] - } - }, - "connectTimeout": "55s", - "lbPolicy": "CLUSTER_PROVIDED" - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "http.api-2.default.dc1.internal.foo.consul", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" - } - }, - "connectTimeout": "5s", - "commonLbConfig": { - "healthyPanicThreshold": {} - }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - }, - "matchSubjectAltNames": [ - { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" - } - ] - }, - "alpnProtocols": [ - "consul~http" - ] - }, - "sni": "api-2.default.dc1.internal.foo.consul" - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "null_route_cluster", - "type": "STATIC", - "connectTimeout": "10s" + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "null_route_cluster", + "type": "STATIC", + "connectTimeout": "10s" }, { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-1.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" } }, - "connectTimeout": "5s", - "commonLbConfig": { - "healthyPanicThreshold": {} + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" } } ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" } ] }, - "alpnProtocols": [ + "alpnProtocols": [ "consul~tcp" ] }, - "sni": "api-1.default.dc1.internal.foo.consul" + "sni": "api-1.default.dc1.internal.foo.consul" } } }, { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "tcp.api-2.default.dc1.internal.foo.consul", - "type": "EDS", - "edsClusterConfig": { - "edsConfig": { - "ads": {}, - "resourceApiVersion": "V3" + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "tcp.api-2.default.dc1.internal.foo.consul", + "type": "EDS", + "edsClusterConfig": { + "edsConfig": { + "ads": {}, + "resourceApiVersion": "V3" } }, - "connectTimeout": "5s", - "commonLbConfig": { - "healthyPanicThreshold": {} + "connectTimeout": "5s", + "commonLbConfig": { + "healthyPanicThreshold": {} }, - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" } } ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" } ] }, - "alpnProtocols": [ + "alpnProtocols": [ "consul~tcp" ] }, - "sni": "api-2.default.dc1.internal.foo.consul" + "sni": "api-2.default.dc1.internal.foo.consul" } } } ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 0000000000000..ce9870c06cd9d --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,31 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:port1", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 0000000000000..ce9870c06cd9d --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,31 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:port1", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/l4-single-workload-address-without-ports.golden b/agent/xdsv2/testdata/clusters/source/l4-single-workload-address-without-ports.golden new file mode 100644 index 0000000000000..ce9870c06cd9d --- /dev/null +++ b/agent/xdsv2/testdata/clusters/source/l4-single-workload-address-without-ports.golden @@ -0,0 +1,31 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "name": "local_app:port1", + "type": "STATIC", + "loadAssignment": { + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + } + ], + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/clusters/source/multiple-workload-addresses-with-specific-ports.golden deleted file mode 100644 index 0d7d009aa1027..0000000000000 --- a/agent/xdsv2/testdata/clusters/source/multiple-workload-addresses-with-specific-ports.golden +++ /dev/null @@ -1,119 +0,0 @@ -{ - "versionInfo": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:grpc", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:grpc", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8083 - } - } - } - } - ] - } - ] - }, - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:http", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:http", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8081 - } - } - } - } - ] - } - ] - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:http2", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:http2", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8082 - } - } - } - } - ] - } - ] - }, - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:tcp", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:tcp", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "nonce": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/clusters/source/multiple-workload-addresses-without-ports.golden deleted file mode 100644 index 0d7d009aa1027..0000000000000 --- a/agent/xdsv2/testdata/clusters/source/multiple-workload-addresses-without-ports.golden +++ /dev/null @@ -1,119 +0,0 @@ -{ - "versionInfo": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:grpc", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:grpc", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8083 - } - } - } - } - ] - } - ] - }, - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:http", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:http", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8081 - } - } - } - } - ] - } - ] - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:http2", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:http2", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8082 - } - } - } - } - ] - } - ] - }, - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:tcp", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:tcp", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "nonce": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/clusters/source/single-workload-address-without-ports.golden b/agent/xdsv2/testdata/clusters/source/single-workload-address-without-ports.golden deleted file mode 100644 index 0d7d009aa1027..0000000000000 --- a/agent/xdsv2/testdata/clusters/source/single-workload-address-without-ports.golden +++ /dev/null @@ -1,119 +0,0 @@ -{ - "versionInfo": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:grpc", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:grpc", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8083 - } - } - } - } - ] - } - ] - }, - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:http", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:http", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8081 - } - } - } - } - ] - } - ] - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:http2", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:http2", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8082 - } - } - } - } - ] - } - ] - }, - "typedExtensionProtocolOptions": { - "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": { - "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions", - "explicitHttpConfig": { - "http2ProtocolOptions": {} - } - } - } - }, - { - "@type": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "name": "local_app:tcp", - "type": "STATIC", - "loadAssignment": { - "clusterName": "local_app:tcp", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 8080 - } - } - } - } - ] - } - ] - } - } - ], - "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", - "nonce": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 0000000000000..b0c31e6e79c77 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,27 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 0000000000000..b0c31e6e79c77 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,27 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/l4-single-workload-address-without-ports.golden b/agent/xdsv2/testdata/endpoints/source/l4-single-workload-address-without-ports.golden new file mode 100644 index 0000000000000..b0c31e6e79c77 --- /dev/null +++ b/agent/xdsv2/testdata/endpoints/source/l4-single-workload-address-without-ports.golden @@ -0,0 +1,27 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + ], + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/l7-expose-paths.golden b/agent/xdsv2/testdata/endpoints/source/l7-expose-paths.golden index 47b46bca225bf..1ccb234c89dbc 100644 --- a/agent/xdsv2/testdata/endpoints/source/l7-expose-paths.golden +++ b/agent/xdsv2/testdata/endpoints/source/l7-expose-paths.golden @@ -1,5 +1,67 @@ { "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "exposed_cluster_9090", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "exposed_cluster_9091", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9091 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/local-and-inbound-connections.golden b/agent/xdsv2/testdata/endpoints/source/local-and-inbound-connections.golden index 47b46bca225bf..c9e8727f031d4 100644 --- a/agent/xdsv2/testdata/endpoints/source/local-and-inbound-connections.golden +++ b/agent/xdsv2/testdata/endpoints/source/local-and-inbound-connections.golden @@ -1,5 +1,87 @@ { "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "exposed_cluster_9090", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "exposed_cluster_9091", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9091 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port1", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:port3", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8081 + } + } + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/endpoints/source/multiple-workload-addresses-with-specific-ports.golden deleted file mode 100644 index 47b46bca225bf..0000000000000 --- a/agent/xdsv2/testdata/endpoints/source/multiple-workload-addresses-with-specific-ports.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "nonce": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/endpoints/source/multiple-workload-addresses-without-ports.golden deleted file mode 100644 index 47b46bca225bf..0000000000000 --- a/agent/xdsv2/testdata/endpoints/source/multiple-workload-addresses-without-ports.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "nonce": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden index 47b46bca225bf..916fbc26ceab7 100644 --- a/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden +++ b/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-with-specific-ports.golden @@ -1,5 +1,47 @@ { "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-without-ports.golden index 47b46bca225bf..916fbc26ceab7 100644 --- a/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-without-ports.golden +++ b/agent/xdsv2/testdata/endpoints/source/multiport-l4-multiple-workload-addresses-without-ports.golden @@ -1,5 +1,47 @@ { "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden index 47b46bca225bf..916fbc26ceab7 100644 --- a/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden +++ b/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden @@ -1,5 +1,47 @@ { "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-without-ports.golden index 47b46bca225bf..e3c67d2c90ae8 100644 --- a/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-without-ports.golden +++ b/agent/xdsv2/testdata/endpoints/source/multiport-l7-multiple-workload-addresses-without-ports.golden @@ -1,5 +1,67 @@ { "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:admin-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 8080 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:api-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9090 + } + } + } + } + ] + } + ] + }, + { + "@type": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "clusterName": "local_app:grpc-port", + "endpoints": [ + { + "lbEndpoints": [ + { + "endpoint": { + "address": { + "socketAddress": { + "address": "127.0.0.1", + "portValue": 9091 + } + } + } + } + ] + } + ] + } + ], "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/testdata/endpoints/source/single-workload-address-without-ports.golden b/agent/xdsv2/testdata/endpoints/source/single-workload-address-without-ports.golden deleted file mode 100644 index 47b46bca225bf..0000000000000 --- a/agent/xdsv2/testdata/endpoints/source/single-workload-address-without-ports.golden +++ /dev/null @@ -1,5 +0,0 @@ -{ - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", - "nonce": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/destination/mixed-multi-destination.golden b/agent/xdsv2/testdata/listeners/destination/mixed-multi-destination.golden index eae168bf8aa04..23dd5e4c6475c 100644 --- a/agent/xdsv2/testdata/listeners/destination/mixed-multi-destination.golden +++ b/agent/xdsv2/testdata/listeners/destination/mixed-multi-destination.golden @@ -17,7 +17,7 @@ "name": "envoy.filters.network.http_connection_manager", "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "upstream.http.api-1.default.default.dc1", + "statPrefix": "upstream.", "rds": { "configSource": { "ads": {}, diff --git a/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden index b0477d8310e14..9cd146e6ef0d5 100644 --- a/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden +++ b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden @@ -47,7 +47,7 @@ "name": "envoy.filters.network.http_connection_manager", "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "upstream.http.api-app.default.default.dc1", + "statPrefix": "upstream.", "rds": { "configSource": { "ads": {}, @@ -140,7 +140,7 @@ "name": "envoy.filters.network.http_connection_manager", "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "upstream.http.api-app2.default.default.dc1", + "statPrefix": "upstream.", "rds": { "configSource": { "ads": {}, diff --git a/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden index 180213b6523c0..71dec1b4db466 100644 --- a/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden +++ b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden @@ -47,7 +47,7 @@ "name": "envoy.filters.network.http_connection_manager", "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "upstream.http.api-app.default.default.dc1", + "statPrefix": "upstream.", "rds": { "configSource": { "ads": {}, diff --git a/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden index 180213b6523c0..71dec1b4db466 100644 --- a/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden +++ b/agent/xdsv2/testdata/listeners/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -47,7 +47,7 @@ "name": "envoy.filters.network.http_connection_manager", "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "upstream.http.api-app.default.default.dc1", + "statPrefix": "upstream.", "rds": { "configSource": { "ads": {}, diff --git a/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 0000000000000..644769d8423fc --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,100 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.2", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~port1" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ + { + "any": true + } + ], + "principals": [ + { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://foo.consul/ap/default/ns/default/identity/foo$" + } + } + } + } + ] + } + } + }, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:port1" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 0000000000000..82581d5762489 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,78 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~port1" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:port1" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/l4-single-workload-address-without-ports.golden b/agent/xdsv2/testdata/listeners/source/l4-single-workload-address-without-ports.golden new file mode 100644 index 0000000000000..82581d5762489 --- /dev/null +++ b/agent/xdsv2/testdata/listeners/source/l4-single-workload-address-without-ports.golden @@ -0,0 +1,78 @@ +{ + "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", + "name": "public_listener", + "address": { + "socketAddress": { + "address": "10.0.0.1", + "portValue": 20000 + } + }, + "filterChains": [ + { + "filterChainMatch": { + "applicationProtocols": [ + "consul~port1" + ] + }, + "filters": [ + { + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" + } + }, + { + "name": "envoy.filters.network.tcp_proxy", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", + "statPrefix": "public_listener", + "cluster": "local_app:port1" + } + } + ], + "transportSocket": { + "name": "tls", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", + "commonTlsContext": { + "tlsParams": {}, + "tlsCertificates": [ + { + "certificateChain": { + "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" + }, + "privateKey": { + "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + } + ], + "validationContext": { + "trustedCa": { + "inlineString": "some-root\nsome-other-root\n" + } + } + }, + "requireClientCertificate": true + } + } + } + ], + "listenerFilters": [ + { + "name": "envoy.filters.listener.tls_inspector", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" + } + } + ], + "trafficDirection": "INBOUND" + } + ], + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/listeners/source/multiple-workload-addresses-with-specific-ports.golden deleted file mode 100644 index cb81777262f64..0000000000000 --- a/agent/xdsv2/testdata/listeners/source/multiple-workload-addresses-with-specific-ports.golden +++ /dev/null @@ -1,359 +0,0 @@ -{ - "versionInfo": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "name": "public_listener", - "address": { - "socketAddress": { - "address": "127.0.0.1", - "portValue": 20000 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~grpc" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "public_listener", - "routeConfig": { - "name": "public_listener:grpc", - "virtualHosts": [ - { - "name": "public_listener:grpc", - "domains": [ - "*" - ], - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app:grpc" - } - } - ] - } - ] - }, - "httpFilters": [ - { - "name": "envoy.filters.http.grpc_stats", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig", - "statsForAllMethods": true - } - }, - { - "name": "envoy.filters.http.grpc_http1_bridge", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config" - } - }, - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "tracing": { - "randomSampling": {} - }, - "http2ProtocolOptions": {}, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - }, - "alpnProtocols": [ - "h2", - "http/1.1" - ] - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~http" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "public_listener", - "routeConfig": { - "name": "public_listener:http", - "virtualHosts": [ - { - "name": "public_listener:http", - "domains": [ - "*" - ], - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app:http" - } - } - ] - } - ] - }, - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - }, - "alpnProtocols": [ - "http/1.1" - ] - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~http2" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "public_listener", - "routeConfig": { - "name": "public_listener:http2", - "virtualHosts": [ - { - "name": "public_listener:http2", - "domains": [ - "*" - ], - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app:http2" - } - } - ] - } - ] - }, - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "tracing": { - "randomSampling": {} - }, - "http2ProtocolOptions": {}, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - }, - "alpnProtocols": [ - "h2", - "http/1.1" - ] - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~tcp" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "statPrefix": "public_listener", - "cluster": "local_app:tcp" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "nonce": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/listeners/source/multiple-workload-addresses-without-ports.golden deleted file mode 100644 index 81f3bcca70ffe..0000000000000 --- a/agent/xdsv2/testdata/listeners/source/multiple-workload-addresses-without-ports.golden +++ /dev/null @@ -1,359 +0,0 @@ -{ - "versionInfo": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "name": "public_listener", - "address": { - "socketAddress": { - "address": "10.0.0.1", - "portValue": 20000 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~grpc" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "public_listener", - "routeConfig": { - "name": "public_listener:grpc", - "virtualHosts": [ - { - "name": "public_listener:grpc", - "domains": [ - "*" - ], - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app:grpc" - } - } - ] - } - ] - }, - "httpFilters": [ - { - "name": "envoy.filters.http.grpc_stats", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig", - "statsForAllMethods": true - } - }, - { - "name": "envoy.filters.http.grpc_http1_bridge", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config" - } - }, - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "tracing": { - "randomSampling": {} - }, - "http2ProtocolOptions": {}, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - }, - "alpnProtocols": [ - "h2", - "http/1.1" - ] - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~http" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "public_listener", - "routeConfig": { - "name": "public_listener:http", - "virtualHosts": [ - { - "name": "public_listener:http", - "domains": [ - "*" - ], - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app:http" - } - } - ] - } - ] - }, - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - }, - "alpnProtocols": [ - "http/1.1" - ] - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~http2" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "public_listener", - "routeConfig": { - "name": "public_listener:http2", - "virtualHosts": [ - { - "name": "public_listener:http2", - "domains": [ - "*" - ], - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app:http2" - } - } - ] - } - ] - }, - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "tracing": { - "randomSampling": {} - }, - "http2ProtocolOptions": {}, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - }, - "alpnProtocols": [ - "h2", - "http/1.1" - ] - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~tcp" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "statPrefix": "public_listener", - "cluster": "local_app:tcp" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "nonce": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/listeners/source/single-workload-address-without-ports.golden b/agent/xdsv2/testdata/listeners/source/single-workload-address-without-ports.golden deleted file mode 100644 index 81f3bcca70ffe..0000000000000 --- a/agent/xdsv2/testdata/listeners/source/single-workload-address-without-ports.golden +++ /dev/null @@ -1,359 +0,0 @@ -{ - "versionInfo": "00000001", - "resources": [ - { - "@type": "type.googleapis.com/envoy.config.listener.v3.Listener", - "name": "public_listener", - "address": { - "socketAddress": { - "address": "10.0.0.1", - "portValue": 20000 - } - }, - "filterChains": [ - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~grpc" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "public_listener", - "routeConfig": { - "name": "public_listener:grpc", - "virtualHosts": [ - { - "name": "public_listener:grpc", - "domains": [ - "*" - ], - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app:grpc" - } - } - ] - } - ] - }, - "httpFilters": [ - { - "name": "envoy.filters.http.grpc_stats", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_stats.v3.FilterConfig", - "statsForAllMethods": true - } - }, - { - "name": "envoy.filters.http.grpc_http1_bridge", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.grpc_http1_bridge.v3.Config" - } - }, - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "tracing": { - "randomSampling": {} - }, - "http2ProtocolOptions": {}, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - }, - "alpnProtocols": [ - "h2", - "http/1.1" - ] - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~http" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "public_listener", - "routeConfig": { - "name": "public_listener:http", - "virtualHosts": [ - { - "name": "public_listener:http", - "domains": [ - "*" - ], - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app:http" - } - } - ] - } - ] - }, - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "tracing": { - "randomSampling": {} - }, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - }, - "alpnProtocols": [ - "http/1.1" - ] - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~http2" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "statPrefix": "public_listener", - "routeConfig": { - "name": "public_listener:http2", - "virtualHosts": [ - { - "name": "public_listener:http2", - "domains": [ - "*" - ], - "routes": [ - { - "match": { - "prefix": "/" - }, - "route": { - "cluster": "local_app:http2" - } - } - ] - } - ] - }, - "httpFilters": [ - { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": {} - } - }, - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ], - "tracing": { - "randomSampling": {} - }, - "http2ProtocolOptions": {}, - "upgradeConfigs": [ - { - "upgradeType": "websocket" - } - ] - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - }, - "alpnProtocols": [ - "h2", - "http/1.1" - ] - }, - "requireClientCertificate": true - } - } - }, - { - "filterChainMatch": { - "applicationProtocols": [ - "consul~tcp" - ] - }, - "filters": [ - { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, - "statPrefix": "connect_authz" - } - }, - { - "name": "envoy.filters.network.tcp_proxy", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy", - "statPrefix": "public_listener", - "cluster": "local_app:tcp" - } - } - ], - "transportSocket": { - "name": "tls", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext", - "commonTlsContext": { - "tlsParams": {}, - "tlsCertificates": [ - { - "certificateChain": { - "inlineString": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n" - }, - "privateKey": { - "inlineString": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - } - ], - "validationContext": { - "trustedCa": { - "inlineString": "some-root\nsome-other-root\n" - } - } - }, - "requireClientCertificate": true - } - } - } - ], - "listenerFilters": [ - { - "name": "envoy.filters.listener.tls_inspector", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector" - } - } - ], - "trafficDirection": "INBOUND" - } - ], - "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", - "nonce": "00000001" -} \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/routes/source/l4-multiple-workload-addresses-with-specific-ports.golden similarity index 100% rename from agent/xdsv2/testdata/routes/source/multiple-workload-addresses-with-specific-ports.golden rename to agent/xdsv2/testdata/routes/source/l4-multiple-workload-addresses-with-specific-ports.golden diff --git a/agent/xdsv2/testdata/routes/source/multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/routes/source/l4-multiple-workload-addresses-without-ports.golden similarity index 100% rename from agent/xdsv2/testdata/routes/source/multiple-workload-addresses-without-ports.golden rename to agent/xdsv2/testdata/routes/source/l4-multiple-workload-addresses-without-ports.golden diff --git a/agent/xdsv2/testdata/routes/source/single-workload-address-without-ports.golden b/agent/xdsv2/testdata/routes/source/l4-single-workload-address-without-ports.golden similarity index 100% rename from agent/xdsv2/testdata/routes/source/single-workload-address-without-ports.golden rename to agent/xdsv2/testdata/routes/source/l4-single-workload-address-without-ports.golden diff --git a/agent/xdsv2/testdata/routes/source/l7-expose-paths.golden b/agent/xdsv2/testdata/routes/source/l7-expose-paths.golden index 306f5220e7b9c..68b5239aec9ed 100644 --- a/agent/xdsv2/testdata/routes/source/l7-expose-paths.golden +++ b/agent/xdsv2/testdata/routes/source/l7-expose-paths.golden @@ -1,5 +1,53 @@ { "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "exposed_path_route_GetHealth1235", + "virtualHosts": [ + { + "name": "exposed_path_route_GetHealth1235", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "GetHealth" + }, + "route": { + "cluster": "exposed_cluster_9091" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "exposed_path_route_health1234", + "virtualHosts": [ + { + "name": "exposed_path_route_health1234", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "/health" + }, + "route": { + "cluster": "exposed_cluster_9090" + } + } + ] + } + ], + "validateClusters": true + } + ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/local-and-inbound-connections.golden b/agent/xdsv2/testdata/routes/source/local-and-inbound-connections.golden index 306f5220e7b9c..97c96f44bb629 100644 --- a/agent/xdsv2/testdata/routes/source/local-and-inbound-connections.golden +++ b/agent/xdsv2/testdata/routes/source/local-and-inbound-connections.golden @@ -1,5 +1,77 @@ { "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "exposed_path_route_GetHealth1235", + "virtualHosts": [ + { + "name": "exposed_path_route_GetHealth1235", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "GetHealth" + }, + "route": { + "cluster": "exposed_cluster_9091" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "exposed_path_route_health1234", + "virtualHosts": [ + { + "name": "exposed_path_route_health1234", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "path": "/health" + }, + "route": { + "cluster": "exposed_cluster_9090" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:port3", + "virtualHosts": [ + { + "name": "public_listener:port3", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:port3", + "timeout": "9s" + } + } + ] + } + ], + "validateClusters": true + } + ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden b/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden index 306f5220e7b9c..3b1a61403ba7d 100644 --- a/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden +++ b/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-with-specific-ports.golden @@ -1,5 +1,53 @@ { "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:admin-port", + "virtualHosts": [ + { + "name": "public_listener:admin-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:admin-port" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:api-port", + "virtualHosts": [ + { + "name": "public_listener:api-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:api-port" + } + } + ] + } + ], + "validateClusters": true + } + ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-without-ports.golden b/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-without-ports.golden index 306f5220e7b9c..7f976890c64b0 100644 --- a/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-without-ports.golden +++ b/agent/xdsv2/testdata/routes/source/multiport-l7-multiple-workload-addresses-without-ports.golden @@ -1,5 +1,76 @@ { "versionInfo": "00000001", + "resources": [ + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:admin-port", + "virtualHosts": [ + { + "name": "public_listener:admin-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:admin-port" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:api-port", + "virtualHosts": [ + { + "name": "public_listener:api-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:api-port" + } + } + ] + } + ], + "validateClusters": true + }, + { + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "public_listener:grpc-port", + "virtualHosts": [ + { + "name": "public_listener:grpc-port", + "domains": [ + "*" + ], + "routes": [ + { + "match": { + "prefix": "/" + }, + "route": { + "cluster": "local_app:grpc-port" + } + } + ] + } + ], + "validateClusters": true + } + ], "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", "nonce": "00000001" } \ No newline at end of file diff --git a/api/acl.go b/api/acl.go index fcea0fdde0828..f95e597af48ca 100644 --- a/api/acl.go +++ b/api/acl.go @@ -256,9 +256,6 @@ const ( // BindingRuleBindTypeNode binds to a node identity with given name. BindingRuleBindTypeNode BindingRuleBindType = "node" - // BindingRuleBindTypePolicy binds to a specific policy with given name. - BindingRuleBindTypePolicy BindingRuleBindType = "policy" - // BindingRuleBindTypeTemplatedPolicy binds to a templated policy with given template name and variables. BindingRuleBindTypeTemplatedPolicy BindingRuleBindType = "templated-policy" ) diff --git a/api/api_test.go b/api/api_test.go index d1af29fbddf7b..4d5dd1fda8305 100644 --- a/api/api_test.go +++ b/api/api_test.go @@ -119,7 +119,7 @@ func makeClientWithConfig( var server *testutil.TestServer var err error retry.RunWith(retry.ThreeTimes(), t, func(r *retry.R) { - server, err = testutil.NewTestServerConfigT(r, cb2) + server, err = testutil.NewTestServerConfigT(t, cb2) if err != nil { r.Fatalf("Failed to start server: %v", err.Error()) } diff --git a/api/lock_test.go b/api/lock_test.go index ee59a01abceff..4003a94632f8d 100644 --- a/api/lock_test.go +++ b/api/lock_test.go @@ -13,11 +13,10 @@ import ( "testing" "time" - "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" ) -func createTestLock(t testutil.TestingTB, c *Client, key string) (*Lock, *Session) { +func createTestLock(t *testing.T, c *Client, key string) (*Lock, *Session) { t.Helper() session := c.Session() @@ -107,7 +106,7 @@ func TestAPI_LockForceInvalidate(t *testing.T) { defer s.Stop() retry.Run(t, func(r *retry.R) { - lock, session := createTestLock(r, c, "test/lock") + lock, session := createTestLock(t, c, "test/lock") defer session.Destroy(lock.opts.Session, nil) // Should work diff --git a/build-support/scripts/devtools.sh b/build-support/scripts/devtools.sh index c9a887c0ecf03..e3f6d154520b5 100755 --- a/build-support/scripts/devtools.sh +++ b/build-support/scripts/devtools.sh @@ -25,7 +25,6 @@ Options: -protobuf Just install tools for protobuf. -lint Just install tools for linting. -codegen Just install tools for codegen. - -pre-commit Just install pre-commit. -h | --help Print this help text. EOF } @@ -52,10 +51,6 @@ function main { codegen_install return 0 ;; - -pre-commit ) - pre_commit_install - return 0 - ;; -h | --help ) usage return 0 @@ -143,13 +138,9 @@ function proto_tools_install { function lint_install { local lint_consul_retry_version lint_consul_retry_version="$(make --no-print-directory print-LINT_CONSUL_RETRY_VERSION)" - local golangci_lint_version golangci_lint_version="$(make --no-print-directory print-GOLANGCI_LINT_VERSION)" - local gci_version - gci_version="$(make --no-print-directory print-GCI_VERSION)" - install_versioned_tool \ 'lint-consul-retry' \ 'github.com/hashicorp/lint-consul-retry' \ @@ -165,12 +156,6 @@ function lint_install { 'github.com/golangci/golangci-lint' \ "${golangci_lint_version}" \ 'github.com/golangci/golangci-lint/cmd/golangci-lint' - - install_versioned_tool \ - 'gci' \ - 'github.com/daixiang0/gci' \ - "${gci_version}" \ - 'github.com/daixiang0/gci' } function codegen_install { @@ -200,50 +185,11 @@ function copywrite_install { 'github.com/hashicorp/copywrite' } -function pre_commit_install { - # if already installed make sure the hook is also installed - if command -v "pre-commit" &>/dev/null; then - # Not to be confused with installing the tool, this installs - # the git hook locally (.git/hooks/pre-commit) which pre-commit - # uses as a vector to run checks on `git commit`. This hook is - # generated based on the local environment hence not source - # controlled. - pre-commit install - return 0 - fi - - # Install options based on https://pre-commit.com/#installation - if command -v "brew" &>/dev/null; then - brew install pre-commit && pre-commit install - return 0 - fi - - # Try python regardless of platform (mac, linux, etc) - if command -v "pip3" &>/dev/null; then - pip3 install pre-commit && pre-commit install - return 0 - fi - - # Can't disappoint the linux/debian folks - if command -v "apt" &>/dev/null; then - sudo apt-get install -yq pre-commit && pre-commit install - return 0 - fi - - if [[ "$(uname)" == "Darwin" ]]; then - echo "ERROR: Install homebrew from https://brew.sh/ so that pre-commit (https://pre-commit.com) can be installed." - return 1 - fi - - echo "ERROR: Install python3 and pip3 so that pre-commit (https://pre-commit.com) can be installed." - return 1 -} - function tools_install { + lint_install proto_tools_install codegen_install - pre_commit_install copywrite_install return 0 diff --git a/command/acl/bindingrule/create/bindingrule_create.go b/command/acl/bindingrule/create/bindingrule_create.go index 0b09a5eb2f0cc..ab6a16f3ed5c3 100644 --- a/command/acl/bindingrule/create/bindingrule_create.go +++ b/command/acl/bindingrule/create/bindingrule_create.go @@ -73,7 +73,7 @@ func (c *cmd) init() { &c.bindType, "bind-type", string(api.BindingRuleBindTypeService), - "Type of binding to perform (\"service\", \"role\", \"node\", \"policy\", or \"templated-policy\").", + "Type of binding to perform (\"service\", \"role\", \"node\" or \"templated-policy\").", ) c.flags.Var( (*flags.FlagMapValue)(&c.bindVars), diff --git a/command/acl/bindingrule/update/bindingrule_update.go b/command/acl/bindingrule/update/bindingrule_update.go index 40c03cab546e6..ce7006748728d 100644 --- a/command/acl/bindingrule/update/bindingrule_update.go +++ b/command/acl/bindingrule/update/bindingrule_update.go @@ -77,7 +77,7 @@ func (c *cmd) init() { &c.bindType, "bind-type", string(api.BindingRuleBindTypeService), - "Type of binding to perform (\"service\", \"policy\", or \"role\").", + "Type of binding to perform (\"service\" or \"role\").", ) c.flags.StringVar( &c.bindName, diff --git a/command/acl/bindingrule/update/bindingrule_update_test.go b/command/acl/bindingrule/update/bindingrule_update_test.go index c873aadcb4898..1bbcd35cc25d9 100644 --- a/command/acl/bindingrule/update/bindingrule_update_test.go +++ b/command/acl/bindingrule/update/bindingrule_update_test.go @@ -242,39 +242,6 @@ func TestBindingRuleUpdateCommand(t *testing.T) { require.Equal(t, "serviceaccount.namespace==alt and serviceaccount.name==demo", rule.Selector) }) - t.Run("update all fields with policy", func(t *testing.T) { - id := createRule(t, false) - - ui := cli.NewMockUi() - cmd := New(ui) - - args := []string{ - "-http-addr=" + a.HTTPAddr(), - "-token=root", - "-id", id, - "-description=test rule edited", - "-bind-type", "policy", - "-bind-name=policy-updated", - "-selector=serviceaccount.namespace==alt and serviceaccount.name==demo", - } - - code := cmd.Run(args) - require.Equal(t, code, 0, "err: %s", ui.ErrorWriter.String()) - require.Empty(t, ui.ErrorWriter.String()) - - rule, _, err := client.ACL().BindingRuleRead( - id, - &api.QueryOptions{Token: "root"}, - ) - require.NoError(t, err) - require.NotNil(t, rule) - - require.Equal(t, "test rule edited", rule.Description) - require.Equal(t, "policy-updated", rule.BindName) - require.Equal(t, api.BindingRuleBindTypePolicy, rule.BindType) - require.Equal(t, "serviceaccount.namespace==alt and serviceaccount.name==demo", rule.Selector) - }) - t.Run("update all fields with templated policy", func(t *testing.T) { id := createRule(t, false) diff --git a/command/connect/envoy/exec_test.go b/command/connect/envoy/exec_test.go index 332dd77a4fe7c..e949019e8235e 100644 --- a/command/connect/envoy/exec_test.go +++ b/command/connect/envoy/exec_test.go @@ -355,9 +355,6 @@ func patchExecArgs(t *testing.T) { } func TestMakeBootstrapPipe_DoesNotBlockOnAFullPipe(t *testing.T) { - if testing.Short() { - t.Skip("too slow for testing.Short") - } // A named pipe can buffer up to 64k, use a value larger than that bootstrap := bytes.Repeat([]byte("a"), 66000) diff --git a/command/registry.go b/command/registry.go index 1a403aa11f261..604b0033b72f3 100644 --- a/command/registry.go +++ b/command/registry.go @@ -133,7 +133,6 @@ import ( tlscert "github.com/hashicorp/consul/command/tls/cert" tlscertcreate "github.com/hashicorp/consul/command/tls/cert/create" "github.com/hashicorp/consul/command/troubleshoot" - troubleshootports "github.com/hashicorp/consul/command/troubleshoot/ports" troubleshootproxy "github.com/hashicorp/consul/command/troubleshoot/proxy" troubleshootupstreams "github.com/hashicorp/consul/command/troubleshoot/upstreams" "github.com/hashicorp/consul/command/validate" @@ -276,7 +275,6 @@ func RegisteredCommands(ui cli.Ui) map[string]mcli.CommandFactory { entry{"troubleshoot", func(ui cli.Ui) (cli.Command, error) { return troubleshoot.New(), nil }}, entry{"troubleshoot proxy", func(ui cli.Ui) (cli.Command, error) { return troubleshootproxy.New(ui), nil }}, entry{"troubleshoot upstreams", func(ui cli.Ui) (cli.Command, error) { return troubleshootupstreams.New(ui), nil }}, - entry{"troubleshoot ports", func(ui cli.Ui) (cli.Command, error) { return troubleshootports.New(ui), nil }}, entry{"validate", func(ui cli.Ui) (cli.Command, error) { return validate.New(ui), nil }}, entry{"version", func(ui cli.Ui) (cli.Command, error) { return version.New(ui), nil }}, entry{"watch", func(ui cli.Ui) (cli.Command, error) { return watch.New(ui, MakeShutdownCh()), nil }}, diff --git a/command/resource/client/client.go b/command/resource/client/client.go index e43bef014ce4f..0d0d59e2df996 100644 --- a/command/resource/client/client.go +++ b/command/resource/client/client.go @@ -19,11 +19,10 @@ import ( "sync" "time" + "github.com/hashicorp/consul/api" "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-rootcerts" - - "github.com/hashicorp/consul/api" ) // NOTE: This client is copied from the api module to temporarily facilitate the resource cli commands @@ -73,6 +72,12 @@ const ( // whether or not to disable certificate checking. HTTPSSLVerifyEnvName = "CONSUL_HTTP_SSL_VERIFY" + // GRPCAddrEnvName defines an environment variable name which sets the gRPC + // address for consul connect envoy. Note this isn't actually used by the api + // client in this package but is defined here for consistency with all the + // other ENV names we use. + GRPCAddrEnvName = "CONSUL_GRPC_ADDR" + // GRPCCAFileEnvName defines an environment variable name which sets the // CA file to use for talking to Consul gRPC over TLS. GRPCCAFileEnvName = "CONSUL_GRPC_CACERT" diff --git a/command/resource/client/grpc-client.go b/command/resource/client/grpc-client.go deleted file mode 100644 index d9f71488adbf2..0000000000000 --- a/command/resource/client/grpc-client.go +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package client - -import ( - "fmt" - - "google.golang.org/grpc" - "google.golang.org/grpc/credentials/insecure" - - "github.com/hashicorp/consul/proto-public/pbresource" -) - -type GRPCClient struct { - Client pbresource.ResourceServiceClient - Config *GRPCConfig - Conn *grpc.ClientConn -} - -func NewGRPCClient(config *GRPCConfig) (*GRPCClient, error) { - conn, err := dial(config) - if err != nil { - return nil, fmt.Errorf("**** error dialing grpc: %+v", err) - } - return &GRPCClient{ - Client: pbresource.NewResourceServiceClient(conn), - Config: config, - Conn: conn, - }, nil -} - -func dial(c *GRPCConfig) (*grpc.ClientConn, error) { - // TODO: decide if we use TLS mode based on the config - dialOpts := []grpc.DialOption{ - grpc.WithTransportCredentials(insecure.NewCredentials()), - } - return grpc.Dial(c.Address, dialOpts...) -} diff --git a/command/resource/client/grpc-client_test.go b/command/resource/client/grpc-client_test.go deleted file mode 100644 index c6fe8da15582e..0000000000000 --- a/command/resource/client/grpc-client_test.go +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package client - -import ( - "context" - "fmt" - "testing" - - "github.com/stretchr/testify/require" - "google.golang.org/protobuf/proto" - - "github.com/hashicorp/consul/agent" - "github.com/hashicorp/consul/internal/resource/demo" - "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/consul/proto/private/prototest" - "github.com/hashicorp/consul/sdk/testutil" - "github.com/hashicorp/consul/testrpc" -) - -func TestResourceRead(t *testing.T) { - t.Parallel() - - a := agent.NewTestAgent(t, "ports { grpc = 8502 }") - testrpc.WaitForTestAgent(t, a.RPC, "dc1") - grpcConfig := GetDefaultGRPCConfig() - gRPCClient, err := NewGRPCClient(grpcConfig) - - t.Cleanup(func() { - a.Shutdown() - gRPCClient.Conn.Close() - }) - - t.Run("test", func(t *testing.T) { - if err != nil { - fmt.Println("error when create new grpc client") - } - - v2Artist, err := demo.GenerateV2Artist() - require.NoError(t, err) - - writeRsp, err := gRPCClient.Client.Write(testutil.TestContext(t), &pbresource.WriteRequest{Resource: v2Artist}) - require.NoError(t, err) - - readRsp, err := gRPCClient.Client.Read(context.Background(), &pbresource.ReadRequest{Id: v2Artist.Id}) - require.NoError(t, err) - require.Equal(t, proto.Equal(readRsp.Resource.Id.Type, demo.TypeV2Artist), true) - prototest.AssertDeepEqual(t, writeRsp.Resource, readRsp.Resource) - }) -} diff --git a/command/resource/client/grpc-config.go b/command/resource/client/grpc-config.go deleted file mode 100644 index e6d990995c8dd..0000000000000 --- a/command/resource/client/grpc-config.go +++ /dev/null @@ -1,43 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package client - -import ( - "os" -) - -const ( - // GRPCAddrEnvName defines an environment variable name which sets the gRPC - // server address for the consul CLI. - GRPCAddrEnvName = "CONSUL_GRPC_ADDR" -) - -type GRPCConfig struct { - Address string -} - -func GetDefaultGRPCConfig() *GRPCConfig { - return &GRPCConfig{ - Address: "localhost:8502", - } -} - -func LoadGRPCConfig(defaultConfig *GRPCConfig) *GRPCConfig { - if defaultConfig == nil { - defaultConfig = GetDefaultGRPCConfig() - } - - overwrittenConfig := loadEnvToDefaultConfig(defaultConfig) - - return overwrittenConfig -} - -func loadEnvToDefaultConfig(config *GRPCConfig) *GRPCConfig { - - if addr := os.Getenv(GRPCAddrEnvName); addr != "" { - config.Address = addr - } - - return config -} diff --git a/command/resource/client/grpc-flags.go b/command/resource/client/grpc-flags.go deleted file mode 100644 index bc1d89c5a9482..0000000000000 --- a/command/resource/client/grpc-flags.go +++ /dev/null @@ -1,58 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package client - -import ( - "flag" -) - -type GRPCFlags struct { - address StringValue -} - -// mergeFlagsIntoGRPCConfig merges flag values into grpc config -// caller has to parse the CLI args before loading them into flag values -func (f *GRPCFlags) mergeFlagsIntoGRPCConfig(c *GRPCConfig) { - f.address.Merge(&c.Address) -} - -func (f *GRPCFlags) ClientFlags() *flag.FlagSet { - fs := flag.NewFlagSet("", flag.ContinueOnError) - fs.Var(&f.address, "grpc-addr", - "The `address` and port of the Consul GRPC agent. The value can be an IP "+ - "address or DNS address, but it must also include the port. This can "+ - "also be specified via the CONSUL_GRPC_ADDR environment variable. The "+ - "default value is 127.0.0.1:8502. It supports TLS communication "+ - "by setting the environment variable CONSUL_GRPC_TLS=true.") - return fs -} - -type StringValue struct { - v *string -} - -// Set implements the flag.Value interface. -func (s *StringValue) Set(v string) error { - if s.v == nil { - s.v = new(string) - } - *(s.v) = v - return nil -} - -// String implements the flag.Value interface. -func (s *StringValue) String() string { - var current string - if s.v != nil { - current = *(s.v) - } - return current -} - -// Merge will overlay this value if it has been set. -func (s *StringValue) Merge(onto *string) { - if s.v != nil { - *onto = *(s.v) - } -} diff --git a/command/resource/read/read.go b/command/resource/read/read.go index a38889ad14b87..fe35521056ba4 100644 --- a/command/resource/read/read.go +++ b/command/resource/read/read.go @@ -86,6 +86,10 @@ func (c *cmd) Run(args []string) int { return 1 } } else { + if len(args) < 2 { + c.UI.Error("Incorrect argument format: Must specify two arguments: resource type and resource name") + return 1 + } var err error gvk, resourceName, err = resource.GetTypeAndResourceName(args) if err != nil { diff --git a/command/resource/read/read_test.go b/command/resource/read/read_test.go index 5c5e854e8d9b6..ee78acdd19602 100644 --- a/command/resource/read/read_test.go +++ b/command/resource/read/read_test.go @@ -149,7 +149,7 @@ func TestResourceRead(t *testing.T) { c := New(ui) cliArgs := append(tc.args, defaultCmdArgs...) code := c.Run(cliArgs) - require.Equal(t, tc.errMsg, ui.ErrorWriter.String()) + require.Equal(t, ui.ErrorWriter.String(), tc.errMsg) require.Equal(t, tc.expectedCode, code) }) } diff --git a/command/troubleshoot/ports/troubleshoot_ports.go b/command/troubleshoot/ports/troubleshoot_ports.go deleted file mode 100644 index 1088703051101..0000000000000 --- a/command/troubleshoot/ports/troubleshoot_ports.go +++ /dev/null @@ -1,89 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package ports - -import ( - "flag" - "fmt" - "github.com/hashicorp/consul/troubleshoot/ports" - "os" - - "github.com/hashicorp/consul/command/cli" - "github.com/hashicorp/consul/command/flags" -) - -func New(ui cli.Ui) *cmd { - c := &cmd{UI: ui} - c.init() - return c -} - -type cmd struct { - UI cli.Ui - flags *flag.FlagSet - help string - - // flags - host string - ports string -} - -func (c *cmd) init() { - c.flags = flag.NewFlagSet("", flag.ContinueOnError) - - c.flags.StringVar(&c.host, "host", os.Getenv("CONSUL_HTTP_ADDR"), "The consul server host") - - c.flags.StringVar(&c.ports, "ports", "", "Custom ports to troubleshoot") - - c.help = flags.Usage(help, c.flags) -} - -func (c *cmd) Run(args []string) int { - - if err := c.flags.Parse(args); err != nil { - c.UI.Error(fmt.Sprintf("Failed to parse args: %v", err)) - return 1 - } - - if c.host == "" { - c.UI.Error("-host is required. or set environment variable CONSUL_HTTP_ADDR") - return 1 - } - - if c.ports == "" { - ports.TroubleshootDefaultPorts(c.host) - } else { - ports.TroubleShootCustomPorts(c.host, c.ports) - } - return 0 -} - -func (c *cmd) Synopsis() string { - return synopsis -} - -func (c *cmd) Help() string { - return c.help -} - -const ( - synopsis = "Prints open and closed ports on the Consul server" - help = ` -Usage: consul troubleshoot ports [options] - Checks ports for TCP connectivity. Add the -ports flag to check specific ports or omit the -ports flag to check default ports. - Refer to the following reference for default ports: https://developer.hashicorp.com/consul/docs/install/ports - - consul troubleshoot ports -host localhost - - or - export CONSUL_HTTP_ADDR=localhost - consul troubleshoot ports - - Use the -ports flag to check non-default ports, for example: - consul troubleshoot ports -host localhost -ports 1023,1024 - or - export CONSUL_HTTP_ADDR=localhost - consul troubleshoot ports -ports 1234,8500 -` -) diff --git a/connect/proxy/proxy_test.go b/connect/proxy/proxy_test.go index 73d65b82c6c27..20b4cdd55efef 100644 --- a/connect/proxy/proxy_test.go +++ b/connect/proxy/proxy_test.go @@ -98,7 +98,7 @@ func TestProxy_public(t *testing.T) { retry.Run(t, func(r *retry.R) { conn, err = svc.Dial(context.Background(), &connect.StaticResolver{ Addr: TestLocalAddr(ports[0]), - CertURI: agConnect.TestSpiffeIDService(r, "echo"), + CertURI: agConnect.TestSpiffeIDService(t, "echo"), }) if err != nil { r.Fatalf("err: %s", err) diff --git a/connect/service_test.go b/connect/service_test.go index 88543a4145da8..0f6ed51a8b458 100644 --- a/connect/service_test.go +++ b/connect/service_test.go @@ -246,7 +246,7 @@ func TestService_HTTPClient(t *testing.T) { //require.Equal(t,"https://backend.service.consul:443", addr) return &StaticResolver{ Addr: testSvr.Addr, - CertURI: connect.TestSpiffeIDService(r, "backend"), + CertURI: connect.TestSpiffeIDService(t, "backend"), }, nil } diff --git a/docs/README.md b/docs/README.md index 72bd17d6d7ae7..0d61b30fa5778 100644 --- a/docs/README.md +++ b/docs/README.md @@ -25,7 +25,7 @@ be found in the public [user documentation]. 1. [Agent Configuration](./config) 1. [RPC](./rpc) 1. [Cluster Persistence](./persistence) -1. [V2 Architecture](v2-architecture) +1. [Resources and Controllers](./resources) 1. [Client Agent](./client-agent) 1. [Service Discovery](./service-discovery) 1. [Service Mesh (Connect)](./service-mesh) diff --git a/docs/persistence/README.md b/docs/persistence/README.md index 68df1addc89c7..c8ca1089d807d 100644 --- a/docs/persistence/README.md +++ b/docs/persistence/README.md @@ -3,7 +3,7 @@ > **Note** > While the content of this document is still accurate, it doesn't cover the new > generic resource-oriented storage layer introduced in Consul 1.16. Please see -> [Resources](../v2-architecture/controller-architecture) for more information. +> [Resources](../resources) for more information. The cluser persistence subsystem runs entirely in Server Agents. It handles both read and write requests from the [RPC] subsystem. See the [Consul Architecture Guide] for an diff --git a/docs/v2-architecture/controller-architecture/README.md b/docs/resources/README.md similarity index 77% rename from docs/v2-architecture/controller-architecture/README.md rename to docs/resources/README.md index d781a63cc098e..b2a05744ad563 100644 --- a/docs/v2-architecture/controller-architecture/README.md +++ b/docs/resources/README.md @@ -1,14 +1,14 @@ -# Overview +# Resources > **Note** > Looking for guidance on adding new resources and controllers to Consul? Check -> out the [developer guide](guide.md). +> out the [developer guide](./guide.md). Consul 1.16 introduced a set of [generic APIs] for managing resources, and a [controller runtime] for building functionality on top of them. -[generic APIs]: ../../../proto-public/pbresource/resource.proto -[controller runtime]: ../../../internal/controller +[generic APIs]: ../../proto-public/pbresource/resource.proto +[controller runtime]: ../../internal/controller Previously, adding features to Consul involved making changes at every layer of the stack, including: HTTP handlers, RPC handlers, MemDB tables, Raft @@ -25,7 +25,7 @@ of a shared platform and own their resource types and controllers. ## Architecture Overview -![architecture diagram](architecture-overview.png) +![architecture diagram](./architecture-overview.png) [source](https://whimsical.com/state-store-v2-UKE6SaEPXNc4UrZBrZj4Kg) @@ -33,20 +33,20 @@ Our resource-oriented architecture comprises the following components: #### Resource Service -[Resource Service](../../../proto-public/pbresource/resource.proto) is a gRPC +[Resource Service](../../proto-public/pbresource/resource.proto) is a gRPC service that contains the shared logic for creating, reading, updating, deleting, and watching resources. It will be consumed by controllers, our Kubernetes integration, the CLI, and mapped to an HTTP+JSON API. #### Type Registry -[Type Registry](../../../internal/resource/registry.go) is where teams register +[Type Registry](../../internal/resource/registry.go) is where teams register their resource types, along with hooks for performing structural validation, authorization, etc. #### Storage Backend -[Storage Backend](../../../internal/storage/storage.go) is an abstraction over +[Storage Backend](../../internal/storage/storage.go) is an abstraction over low-level storage primitives. Today, there are two implementations (Raft and an in-memory backend for tests) but in the future, we envisage external storage systems such as the Kubernetes API or an RDBMS could be supported which would @@ -54,13 +54,12 @@ reduce operational complexity for our customers. #### Controllers -[Controllers](../../../internal/controller/api.go) implement Consul's business +[Controllers](../../internal/controller/api.go) implement Consul's business logic using asynchronous control loops that respond to changes in resources. -Please see [Controller docs](controllers.md) for more details about controllers ## Raft Storage Backend -Our [Raft Storage Backend](../../../internal/storage/raft/backend.go) integrates +Our [Raft Storage Backend](../../internal/storage/raft/backend.go) integrates with the existing Raft machinery (e.g. FSM) used by the [old state store]. It also transparently forwards writes and strongly consistent reads to the leader over gRPC. @@ -70,7 +69,7 @@ at how a write operation is handled. [old state store]: ../persistence/ -![raft storage backend diagram](raft-backend.png) +![raft storage backend diagram](./raft-backend.png) [source](https://whimsical.com/state-store-v2-UKE6SaEPXNc4UrZBrZj4Kg) @@ -85,24 +84,24 @@ The storage backend determines that the current server is a Raft follower, and forwards the operation to the leader via a gRPC [forwarding service] listening on the multiplexed RPC port ([`ports.server`]). -[forwarding service]: ../../../proto/private/pbstorage/raft.proto +[forwarding service]: ../../proto/private/pbstorage/raft.proto [`ports.server`]: https://developer.hashicorp.com/consul/docs/agent/config/config-files#server_rpc_port #### Step 5 The leader's storage backend serializes the operation to protobuf and applies it to the Raft log. As we need to share the Raft log with the old state store, we go -through the [`consul.raftHandle`](../../../agent/consul/raft_handle.go) and +through the [`consul.raftHandle`](../../agent/consul/raft_handle.go) and [`consul.Server`](../../agent/consul/server/server.go) which applies a msgpack envelope and type byte prefix. #### Step 6 Raft consensus happens! Once the log has been committed, it is applied to the -[FSM](../../../agent/consul/fsm/fsm.go) which calls the storage backend's `Apply` +[FSM](../../agent/consul/fsm/fsm.go) which calls the storage backend's `Apply` method to apply the protobuf-encoded operation to the [`inmem.Store`]. -[`inmem.Store`]: ../../../internal/storage/inmem/store.go +[`inmem.Store`]: ../../internal/storage/inmem/store.go #### Steps 7, 8, 9 diff --git a/docs/v2-architecture/controller-architecture/architecture-overview.png b/docs/resources/architecture-overview.png similarity index 100% rename from docs/v2-architecture/controller-architecture/architecture-overview.png rename to docs/resources/architecture-overview.png diff --git a/docs/v2-architecture/controller-architecture/guide.md b/docs/resources/guide.md similarity index 97% rename from docs/v2-architecture/controller-architecture/guide.md rename to docs/resources/guide.md index 91ae2f494e58c..aaecdecef07df 100644 --- a/docs/v2-architecture/controller-architecture/guide.md +++ b/docs/resources/guide.md @@ -6,7 +6,7 @@ Consul 🚂 ## Resource Schema Adding a new resource type begins with defining the object schema as a protobuf -message, in the appropriate package under [`proto-public`](../../../proto-public). +message, in the appropriate package under [`proto-public`](../../proto-public). ```shell $ mkdir proto-public/pbfoo/v1alpha1 @@ -34,7 +34,7 @@ $ make proto ``` Next, we must add our resource type to the registry. At this point, it's useful -to add a package (e.g. under [`internal`](../../../internal)) to contain the logic +to add a package (e.g. under [`internal`](../../internal)) to contain the logic associated with this resource type. The convention is to have this package export variables for its type identifiers @@ -65,7 +65,7 @@ and a partition. Update the `NewTypeRegistry` method in [`type_registry.go`] to call your package's type registration method: -[`type_registry.go`]: ../../../agent/consul/type_registry.go +[`type_registry.go`]: ../../agent/consul/type_registry.go ```Go import ( @@ -90,7 +90,7 @@ $ consul agent -dev ``` You can now use [grpcurl](https://github.com/fullstorydev/grpcurl) to interact -with the [resource service](../../../proto-public/pbresource/resource.proto): +with the [resource service](../../proto-public/pbresource/resource.proto): ```shell $ grpcurl -d @ \ @@ -283,7 +283,7 @@ Next, register your controller with the controller manager. Another common pattern is to have your package expose a method for registering controllers, which is called from `registerControllers` in [`server.go`]. -[`server.go`]: ../../../agent/consul/server.go +[`server.go`]: ../../agent/consul/server.go ```Go package foo diff --git a/docs/v2-architecture/controller-architecture/raft-backend.png b/docs/resources/raft-backend.png similarity index 100% rename from docs/v2-architecture/controller-architecture/raft-backend.png rename to docs/resources/raft-backend.png diff --git a/docs/v2-architecture/controller-architecture/controllers.md b/docs/v2-architecture/controller-architecture/controllers.md deleted file mode 100644 index d346dfeacff94..0000000000000 --- a/docs/v2-architecture/controller-architecture/controllers.md +++ /dev/null @@ -1,223 +0,0 @@ -# Controllers - -This page describes how to write controllers in Consul's new controller architecture. - --> **Note**: This information is valid as of Consul 1.17 but some portions may change in future releases. - -## Controller Basics - -A controller consists of several parts: - -1. **The watched type** - This is the main type a controller is watching and reconciling. -2. **Additional watched types** - These are additional types a controller may care about in addition to the main watched type. -3. **Additional custom watches** - These are the watches for things that aren't resources in Consul. -4. **Reconciler** - This is the instance that's responsible for reconciling requests whenever there's an event for the main watched type or for any of the watched types. - -A basic controller setup could look like this: - -```go -func barController() controller.Controller { - return controller.ForType(pbexample.BarType). - WithReconciler(barReconciler{}) -} -``` - -barReconciler needs to implement the `Reconcile` method of the `Reconciler` interface. -It's important to note that the `Reconcile` method only gets the request with the `ID` of the main -watched resource and so it's up to the reconcile implementation to fetch the resource and any relevant information needed -to perform the reconciliation. The most basic reconciler could look as follows: - -```go -type barReconciler struct {} - -func (b *barReconciler) Reconcile(ctx context.Context, rt Runtime, req Request) error { - ... -} -``` - -## Watching Additional Resources - -Most of the time, controllers will need to watch more resources in addition to the main watched type. -To set up an additional watch, the main thing we need to figure out is how to map additional watched resource to the main -watched resource. Controller-runtime allows us to implement a mapper function that can take the additional watched resource -as the input and produce reconcile `Requests` for our main watched type. - -To figure out how to map the two resources together, we need to think about the relationship between the two resources. - -There are several common relationship types between resources that are being used currently: -1. Name-alignment: this relationship means that resources are named the same and live in the same tenancy, but have different data. Examples: `Service` and `ServiceEndpoints`, `Workload` and `ProxyStateTemplate`. -2. Selector: this relationship happens when one resource selects another by name or name prefix. Examples: `Service` and `Workload`, `ProxyConfiguration` and `Workload`. -3. Owner: in this relationship, one resource is the owner of another resource. Examples: `Service` and `ServiceEndpoints`, `HealthStatus` and `Workload`. -4. Arbitrary reference: in this relationship, one resource may reference another by some sort of reference. This reference could be a single string in the resource data or a more composite reference containing name, tenancy, and type. Examples: `Workload` and `WorkloadIdentity`, `HTTPRoute` and `Service`. - -Note that it's possible for the two watched resources to have more than one relationship type simultaneously. -For example, `FailoverPolicy` type is name-aligned with a service to which it applies, however, it also contains -references to destination services, and for a controller that reconciles `FailoverPolicy` and watches `Service` -we need to account for both type 1 and type 4 relationship whenever we get an event for a `Service`. - -### Simple Mappers - -Let's look at some simple mapping examples. - -#### Name-aligned resources -If our resources only have a name-aligned relationship, we can map them with a built-in function: - -```go -func barController() controller.Controller { - return controller.ForType(pbexample.BarType). - WithWatch(pbexample.FooType, controller.ReplaceType(pbexample.BarType)). - WithReconciler(barReconciler{}) -} -``` - -Here, all we need to do is replace the type of the `Foo` resource whenever we get an event for it. - -#### Owned resources - -Let's say our `Foo` resource owns `Bar` resources, where any `Foo` resource can own multiple `Bar` resources. -In this case, whenever we see a new event for `Foo`, all we need to do is get all `Bar` resources that `Foo` currently owns. -For this, we can also use a built-in function to set up our watch: - -```go -func MapOwned(ctx context.Context, rt controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) { - resp, err := rt.Client.ListByOwner(ctx, &pbresource.ListByOwnerRequest{Owner: res.Id}) - if err != nil { - return nil, err - } - - var result []controller.Request - for _, r := range resp.Resources { - result = append(result, controller.Request{ID: r.Id}) - } - - return result, nil -} - -func barController() controller.Controller { - return controller.ForType(pbexample.BarType). - WithWatch(pbexample.FooType, MapOwned). - WithReconciler(barReconciler{}) -} -``` - -### Advanced Mappers and Caches - -For selector or arbitrary reference relationships, the mapping that we choose may need to be more advanced. - -#### Naive mapper implementation - -Let's first consider what a naive mapping function could look like in this case. Let's say that the `Bar` resource -references `Foo` resource by name in the data. Now to watch and map `Foo` resources, we need to be able to find all relevant `Bar` resources -whenever we get an event for a `Foo` resource. - -```go -func MapFoo(ctx context.Context, rt controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) { - resp, err := rt.Client.List(ctx, &pbresource.ListRequest{Type: pbexample.BarType, Tenancy: res.Id.Tenancy}) - if err != nil { - return nil, err - } - - var result []controller.Request - for _, r := range resp.Resources { - decodedResource, err := resource.Decode[*pbexample.Bar](r) - if err != nil { - return nil, err - } - - // Only add Bar resources that match Foo by name. - if decodedResource.GetData().GetFooName() == res.Id.Name { - result = append(result, controller.Request{ID: r.Id}) - } - } -} -``` - -This approach is fine for cases when the number of `Bar` resources in a cluster is relatively small. If it's not, -then we'd be doing a large `O(N)` search on each `Bar` event which could be too expensive. - -#### Caching mappers - -For cases when `N` is too large, we'd want to use a caching layer to help us make lookups more efficient so that they -don't require an `O(N)` search of potentially all cluster resources. - -Caching mappers need to be kept up-to-date by individual controllers and because of their added complexity, it's important -to carefully consider whether these mappers are strictly necessary for any given controller implementation. - -For reference-relationships, we recommend using the `bimapper` to track relationships, while for the workload selector relationships, -we recommend using the `workloadselectionmapper.Mapper` or the underlying `selectiontracker.WorkloadSelectionTracker`. -These two mappers types can be combined into more complex mappers such as the ones used by the `routes-controller` -or the `sidecar-proxy-controller`. - -In our example, because we `Foo` and `Bar` are using name-reference relationship, we'll use a `bimapper`. - -```go -func barController() controller.Controller { - mapper := bimapper.New(pbexample.Bar, pbexample.Foo) - - return controller.ForType(pbexample.BarType). - WithWatch(pbexample.FooType, mapper.MapLink). - WithReconciler(barReconciler{mapper: mapper}) -} -``` - -Now we need to make sure that we populate and clear the mapper as necessary. Generally, this should happen when the data -is fetched in the reconcile. - -```go -func (b *barReconciler) Reconcile(ctx context.Context, rt Runtime, req Request) error { - // Fetch the `Bar` resource we're reconciling. - barResource, err := resource.GetDecodedResource[*pbexample.Bar](ctx, rt.Client, req.ID) - if err != nil { - return err - } - - // If the resource is not found, we should make sure to untrack it from mapper. - if barResource == nil { - b.mapper.UntrackItem(req.ID) - } - - // Fetch our referenced `Foo` resource. - fooID := &pbresource.ID{ - Type: pbexample.FooType, - Name: barResource.GetData().GetFooName(), - Tenancy: req.Id.Tenancy, - } - res, err := resource.GetDecodedResource[*pbexample.Foo](ctx, rt.Client, fooID) - if err != nil { - return err - } - // If the referenced Foo resource is not found, we should not untrack it in case it comes back. - if res == nil { - // no-op - } - // Otherwise, we need to track it. - b.mapper.TrackItem(req.ID, []resource.ReferenceOrID{fooID}) -} -``` - -TODO: bound ref problem - -### Custom Watches - -In some cases, we may want to trigger reconciles for events that aren't generated from CRUD operations on resources, for example -when Envoy proxy connects or disconnects to a server. Controller-runtime allows us to setup watches from -events that come from a custom event channel. Please see [xds-controller](https://github.com/hashicorp/consul/blob/ecfeb7aac51df8730064d869bb1f2c633a531522/internal/mesh/internal/controllers/xds/controller.go#L40-L41) for examples of custom watches. - -## Statuses - -In many cases, controllers would need to update statuses on resources to let the user know about the successful or unsuccessful -state of a resource. - -These are the guidelines that we recommend for statuses: - -* While status conditions is a list, the Condition type should be treated as a key in a map, meaning a resource should not have two status conditions with the same type. -* Controllers need to both update successful and unsuccessful conditions states. This is because we need to make sure that we clear any failed status conditions. -* Status conditions should be named such that the `True` state is a successful state and `False` state is a failed state. - -## Best Practices - -Below is a list of controller best practices that we've learned so far. Many of them are inspired by [kubebuilder](https://book.kubebuilder.io/reference/good-practices). - -* Avoid monolithic controllers as much as possible. A single controller should only manage a single resource to avoid complexity and race conditions. -* If using cached mappers, aim to write (update or delete entries) to mappers in the `Reconcile` method and read from them in the mapper functions used by watches. -* Fetch all data in the `Reconcile` method and avoid caching it from the mapper functions. This ensures that we get the latest data for each reconciliation. diff --git a/docs/v2-architecture/service-mesh/README.md b/docs/v2-architecture/service-mesh/README.md deleted file mode 100644 index 4d0b6e9ff279d..0000000000000 --- a/docs/v2-architecture/service-mesh/README.md +++ /dev/null @@ -1,47 +0,0 @@ -# V2 Service Mesh Architecture - -In Consul 1.16 and 1.17 releases, Consul's service mesh has been rewritten to use the controller architecture and the -resource APIs. - -At a high level, the service mesh consists of resources and controllers living in three groups: `catalog`, `mesh`, -and `auth`. - -![controllers diagram](controllers.png) - -The controllers in each groups are responsible for producing an output that may then be used by other controllers. - --> **Note:** This diagram is valid as of Consul 1.17. It may change in the future releases. - -## Catalog controllers - -Catalog controllers are responsible for reconciling resources in the `catalog` API group. - -1. **FailoverPolicy** controller validates `FailoverPolicy` resource has valid service references and updating the - status the `FailoverPolicy` resource with the result. -2. **WorkloadHealth** controller takes in workloads and any relevant health statuses and updates the status of a - workload with the combined health status. -3. **NodeHealth** controller takes in nodes and any relevant health statuses and updates the status of a node with the - combined health status. -4. **ServiceEndpoints** controller generates a `ServiceEndpoints` object that is name-aligned with a service and - contains workload addresses and ports that constitute a service. - -## Mesh Controllers - -1. **ProxyConfiguration** controller generates a `ComputedProxyConfiguration` resource that is name-aligned with a - workload. `ComputedProxyConfiguration` contains all merged `ProxyConfiguration` resources that apply to a specific - workload. -2. **Routes** controller generates a `ComputedRoutes` resource that is name-aligned with a service. It contains merged - configuration from all xRoutes objects as well as `FailoverPolicy` and `DestinationPolicy`. -3. **ExplicitDestinations** controller generates a `ComputedExplicitDestinations` resource that is name-aligned with a - workload. It contains merged `Destinations` resources that apply to a specific workload. -4. **SidecarProxy** controller takes in the results of the previous three controllers as well as some user-provided - resources and generates `ProxyStateTemplate` resource which serves as the representation of Envoy configuration for - sidecar proxies. -5. **XDSController** takes in `ProxyStateTemplate` resources, fills in missing endpoints references as well as - certificates and CA roots and sends them over to another component that sends this information over to Envoy. - -## Auth Controllers - -1. **TrafficPermissions** controller generates `ComputedTrafficPermissions` resource that is name-aligned - with `WorkloadIdentity`. This computed resource contains all traffic permissions that apply to a specific workload - identity. \ No newline at end of file diff --git a/docs/v2-architecture/service-mesh/controllers.png b/docs/v2-architecture/service-mesh/controllers.png deleted file mode 100644 index 76efac1d059cd..0000000000000 Binary files a/docs/v2-architecture/service-mesh/controllers.png and /dev/null differ diff --git a/go.mod b/go.mod index f5044715eda14..88a2eb86a5b32 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,6 @@ require ( github.com/aws/aws-sdk-go v1.44.289 github.com/coredns/coredns v1.10.1 github.com/coreos/go-oidc v2.1.0+incompatible - github.com/deckarep/golang-set/v2 v2.3.1 github.com/docker/go-connections v0.4.0 github.com/envoyproxy/go-control-plane v0.11.1 github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e @@ -276,10 +275,10 @@ require ( gopkg.in/resty.v1 v1.12.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.100.1 // indirect + k8s.io/klog/v2 v2.90.1 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect + sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 4f226d0d74c69..bca1359dadc77 100644 --- a/go.sum +++ b/go.sum @@ -208,8 +208,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/deckarep/golang-set/v2 v2.3.1 h1:vjmkvJt/IV27WXPyYQpAh4bRyWJc5Y435D17XQ9QU5A= -github.com/deckarep/golang-set/v2 v2.3.1/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4= github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661 h1:lrWnAyy/F72MbxIxFUzKmcMCdt9Oi8RzpAxzTNQHD7o= github.com/denverdino/aliyungo v0.0.0-20170926055100-d3308649c661/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= @@ -1566,19 +1564,19 @@ k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8 k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= +k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk= +k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= diff --git a/internal/auth/internal/controllers/trafficpermissions/controller_test.go b/internal/auth/internal/controllers/trafficpermissions/controller_test.go index 8f0fd99860136..910a6fb88e71e 100644 --- a/internal/auth/internal/controllers/trafficpermissions/controller_test.go +++ b/internal/auth/internal/controllers/trafficpermissions/controller_test.go @@ -5,7 +5,6 @@ package trafficpermissions import ( "context" - "fmt" "testing" "github.com/stretchr/testify/require" @@ -16,13 +15,11 @@ import ( "github.com/hashicorp/consul/internal/auth/internal/types" "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/resource/resourcetest" rtest "github.com/hashicorp/consul/internal/resource/resourcetest" pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/proto/private/prototest" "github.com/hashicorp/consul/sdk/testutil" - "github.com/hashicorp/consul/version/versiontest" ) type controllerSuite struct { @@ -31,21 +28,13 @@ type controllerSuite struct { client *rtest.Client rt controller.Runtime - mapper *trafficpermissionsmapper.TrafficPermissionsMapper - reconciler *reconciler - tenancies []*pbresource.Tenancy - isEnterprise bool + mapper *trafficpermissionsmapper.TrafficPermissionsMapper + reconciler *reconciler } func (suite *controllerSuite) SetupTest() { - suite.isEnterprise = versiontest.IsEnterprise() - suite.tenancies = resourcetest.TestTenancies() suite.ctx = testutil.TestContext(suite.T()) - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register). - WithTenancies(suite.tenancies...). - Run(suite.T()) - + client := svctest.RunResourceService(suite.T(), types.Register) suite.client = rtest.NewClient(client) suite.rt = controller.Runtime{ Client: suite.client, @@ -77,514 +66,371 @@ func (suite *controllerSuite) requireCTP(resource *pbresource.Resource, allowExp } func (suite *controllerSuite) TestReconcile_CTPCreate_NoReferencingTrafficPermissionsExist() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").WithTenancy(tenancy).Write(suite.T(), suite.client) - require.NotNil(suite.T(), wi) - id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(tenancy).WithOwner(wi.Id).ID() - require.NotNil(suite.T(), id) - - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - // Ensure that the CTP was created - ctp := suite.client.RequireResourceExists(suite.T(), id) - suite.requireCTP(ctp, []*pbauth.Permission{}, []*pbauth.Permission{}) - }) + wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").Write(suite.T(), suite.client) + require.NotNil(suite.T(), wi) + id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(resource.DefaultNamespacedTenancy()).WithOwner(wi.Id).ID() + require.NotNil(suite.T(), id) + + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) + + // Ensure that the CTP was created + ctp := suite.client.RequireResourceExists(suite.T(), id) + suite.requireCTP(ctp, []*pbauth.Permission{}, []*pbauth.Permission{}) } func (suite *controllerSuite) TestReconcile_CTPCreate_ReferencingTrafficPermissionsExist() { // create dead-end traffic permissions - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - p1 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "foo", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_DENY, - Permissions: []*pbauth.Permission{p1}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - wi1ID := &pbresource.ID{ - Name: "wi1", - Type: pbauth.ComputedTrafficPermissionsType, - Tenancy: tp1.Id.Tenancy, - } - suite.requireTrafficPermissionsTracking(tp1, wi1ID) - p2 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "wi2", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p2}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.requireTrafficPermissionsTracking(tp2, wi1ID) - - // create the workload identity that they reference - wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").WithTenancy(tenancy).Write(suite.T(), suite.client) - id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(tenancy).WithOwner(wi.Id).ID() - - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - // Ensure that the CTP was created - ctp := suite.client.RequireResourceExists(suite.T(), id) - suite.requireCTP(ctp, []*pbauth.Permission{p2}, []*pbauth.Permission{p1}) - rtest.RequireOwner(suite.T(), ctp, wi.Id, true) - }) + p1 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "foo", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + } + tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_DENY, + Permissions: []*pbauth.Permission{p1}, + }).Write(suite.T(), suite.client) + wi1ID := &pbresource.ID{ + Name: "wi1", + Type: pbauth.ComputedTrafficPermissionsType, + Tenancy: tp1.Id.Tenancy, + } + suite.requireTrafficPermissionsTracking(tp1, wi1ID) + p2 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "wi2", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + } + tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{p2}, + }).Write(suite.T(), suite.client) + suite.requireTrafficPermissionsTracking(tp2, wi1ID) + + // create the workload identity that they reference + wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").Write(suite.T(), suite.client) + id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(resource.DefaultNamespacedTenancy()).WithOwner(wi.Id).ID() + + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) + + // Ensure that the CTP was created + ctp := suite.client.RequireResourceExists(suite.T(), id) + suite.requireCTP(ctp, []*pbauth.Permission{p2}, []*pbauth.Permission{p1}) + rtest.RequireOwner(suite.T(), ctp, wi.Id, true) } func (suite *controllerSuite) TestReconcile_WorkloadIdentityDelete_ReferencingTrafficPermissionsExist() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - p1 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "foo", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_DENY, - Permissions: []*pbauth.Permission{p1}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - wi1ID := &pbresource.ID{ - Name: "wi1", - Type: pbauth.ComputedTrafficPermissionsType, - Tenancy: tp1.Id.Tenancy, - } - suite.requireTrafficPermissionsTracking(tp1, wi1ID) - p2 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "wi2", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p2}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.requireTrafficPermissionsTracking(tp2, wi1ID) - - // create the workload identity that they reference - wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").WithTenancy(tenancy).Write(suite.T(), suite.client) - id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(tenancy).WithOwner(wi.Id).ID() - - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - // delete the workload identity - suite.client.MustDelete(suite.T(), wi.Id) - - // re-reconcile: should untrack the CTP - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - }) + p1 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "foo", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + } + tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_DENY, + Permissions: []*pbauth.Permission{p1}, + }).Write(suite.T(), suite.client) + wi1ID := &pbresource.ID{ + Name: "wi1", + Type: pbauth.ComputedTrafficPermissionsType, + Tenancy: tp1.Id.Tenancy, + } + suite.requireTrafficPermissionsTracking(tp1, wi1ID) + p2 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "wi2", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + } + tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{p2}, + }).Write(suite.T(), suite.client) + suite.requireTrafficPermissionsTracking(tp2, wi1ID) + + // create the workload identity that they reference + wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").Write(suite.T(), suite.client) + id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(resource.DefaultNamespacedTenancy()).WithOwner(wi.Id).ID() + + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) + + // delete the workload identity + suite.client.MustDelete(suite.T(), wi.Id) + + // re-reconcile: should untrack the CTP + err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) } func (suite *controllerSuite) TestReconcile_WorkloadIdentityDelete_NoReferencingTrafficPermissionsExist() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // create the workload identity that they reference - wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").WithTenancy(tenancy).Write(suite.T(), suite.client) - id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(tenancy).WithOwner(wi.Id).ID() + // create the workload identity that they reference + wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").Write(suite.T(), suite.client) + id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(resource.DefaultNamespacedTenancy()).WithOwner(wi.Id).ID() - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) - // delete the workload identity - suite.client.MustDelete(suite.T(), wi.Id) + // delete the workload identity + suite.client.MustDelete(suite.T(), wi.Id) - // re-reconcile: should untrack the CTP - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) + // re-reconcile: should untrack the CTP + err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) - // there should not be any traffic permissions to compute - tps := suite.mapper.GetTrafficPermissionsForCTP(id) - require.Len(suite.T(), tps, 0) - }) + // there should not be any traffic permissions to compute + tps := suite.mapper.GetTrafficPermissionsForCTP(id) + require.Len(suite.T(), tps, 0) } func (suite *controllerSuite) TestReconcile_TrafficPermissionsCreate_DestinationWorkloadIdentityExists() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // create the workload identity to be referenced - wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").WithTenancy(tenancy).Write(suite.T(), suite.client) - id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(tenancy).WithOwner(wi.Id).ID() - - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - ctpResource := suite.client.RequireResourceExists(suite.T(), id) - assertCTPDefaultStatus(suite.T(), ctpResource, true) - - // create traffic permissions - p1 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "foo", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithTenancy(tenancy).WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_DENY, - Permissions: []*pbauth.Permission{p1}, - }).Write(suite.T(), suite.client) - suite.requireTrafficPermissionsTracking(tp1, id) - - p2 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "wi2", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithTenancy(tenancy).WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p2}, - }).Write(suite.T(), suite.client) - suite.requireTrafficPermissionsTracking(tp2, id) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - // Ensure that the CTP was updated - ctpResource = suite.client.RequireResourceExists(suite.T(), id) - suite.requireCTP(ctpResource, []*pbauth.Permission{p2}, []*pbauth.Permission{p1}) - rtest.RequireOwner(suite.T(), ctpResource, wi.Id, true) - assertCTPDefaultStatus(suite.T(), ctpResource, false) - - // Add another TP - p3 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "wi3", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp3 := rtest.Resource(pbauth.TrafficPermissionsType, "tp3").WithTenancy(tenancy).WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_DENY, - Permissions: []*pbauth.Permission{p3}, - }).Write(suite.T(), suite.client) - suite.requireTrafficPermissionsTracking(tp3, id) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - // Ensure that the CTP was updated - ctpResource = suite.client.RequireResourceExists(suite.T(), id) - suite.requireCTP(ctpResource, []*pbauth.Permission{p2}, []*pbauth.Permission{p1, p3}) - rtest.RequireOwner(suite.T(), ctpResource, wi.Id, true) - assertCTPDefaultStatus(suite.T(), ctpResource, false) - - // Delete the traffic permissions without updating the caches. Ensure is default is right even when the caches contain stale data. - suite.client.MustDelete(suite.T(), tp1.Id) - suite.client.MustDelete(suite.T(), tp2.Id) - suite.client.MustDelete(suite.T(), tp3.Id) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - ctpResource = suite.client.RequireResourceExists(suite.T(), id) - suite.requireCTP(ctpResource, []*pbauth.Permission{}, []*pbauth.Permission{}) - rtest.RequireOwner(suite.T(), ctpResource, wi.Id, true) - assertCTPDefaultStatus(suite.T(), ctpResource, true) - }) + // create the workload identity to be referenced + wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").Write(suite.T(), suite.client) + id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(resource.DefaultNamespacedTenancy()).WithOwner(wi.Id).ID() + + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) + + ctpResource := suite.client.RequireResourceExists(suite.T(), id) + assertCTPDefaultStatus(suite.T(), ctpResource, true) + + // create traffic permissions + p1 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "foo", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + } + tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_DENY, + Permissions: []*pbauth.Permission{p1}, + }).Write(suite.T(), suite.client) + suite.requireTrafficPermissionsTracking(tp1, id) + + p2 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "wi2", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + } + tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{p2}, + }).Write(suite.T(), suite.client) + suite.requireTrafficPermissionsTracking(tp2, id) + + err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) + + // Ensure that the CTP was updated + ctpResource = suite.client.RequireResourceExists(suite.T(), id) + suite.requireCTP(ctpResource, []*pbauth.Permission{p2}, []*pbauth.Permission{p1}) + rtest.RequireOwner(suite.T(), ctpResource, wi.Id, true) + assertCTPDefaultStatus(suite.T(), ctpResource, false) + + // Add another TP + p3 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "wi3", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + } + tp3 := rtest.Resource(pbauth.TrafficPermissionsType, "tp3").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_DENY, + Permissions: []*pbauth.Permission{p3}, + }).Write(suite.T(), suite.client) + suite.requireTrafficPermissionsTracking(tp3, id) + + err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) + + // Ensure that the CTP was updated + ctpResource = suite.client.RequireResourceExists(suite.T(), id) + suite.requireCTP(ctpResource, []*pbauth.Permission{p2}, []*pbauth.Permission{p1, p3}) + rtest.RequireOwner(suite.T(), ctpResource, wi.Id, true) + assertCTPDefaultStatus(suite.T(), ctpResource, false) + + // Delete the traffic permissions without updating the caches. Ensure is default is right even when the caches contain stale data. + suite.client.MustDelete(suite.T(), tp1.Id) + suite.client.MustDelete(suite.T(), tp2.Id) + suite.client.MustDelete(suite.T(), tp3.Id) + + err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) + + ctpResource = suite.client.RequireResourceExists(suite.T(), id) + suite.requireCTP(ctpResource, []*pbauth.Permission{}, []*pbauth.Permission{}) + rtest.RequireOwner(suite.T(), ctpResource, wi.Id, true) + assertCTPDefaultStatus(suite.T(), ctpResource, true) } func (suite *controllerSuite) TestReconcile_TrafficPermissionsDelete_DestinationWorkloadIdentityExists() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // create the workload identity to be referenced - wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").WithTenancy(tenancy).Write(suite.T(), suite.client) - id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(tenancy).WithOwner(wi.Id).ID() - - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - // create traffic permissions - p1 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "foo", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_DENY, - Permissions: []*pbauth.Permission{p1}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.requireTrafficPermissionsTracking(tp1, id) - p2 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "wi2", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p2}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.requireTrafficPermissionsTracking(tp2, id) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - ctp := suite.client.RequireResourceExists(suite.T(), id) - suite.requireCTP(ctp, []*pbauth.Permission{p2}, []*pbauth.Permission{p1}) - rtest.RequireOwner(suite.T(), ctp, wi.Id, true) - - // Delete TP2 - suite.client.MustDelete(suite.T(), tp2.Id) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - // Ensure that the CTP was updated - ctp = suite.client.RequireResourceExists(suite.T(), id) - suite.requireCTP(ctp, []*pbauth.Permission{}, []*pbauth.Permission{p1}) - - // Ensure TP2 is untracked - newTps := suite.mapper.GetTrafficPermissionsForCTP(ctp.Id) - require.Len(suite.T(), newTps, 1) - require.Equal(suite.T(), newTps[0].Name, tp1.Id.Name) - }) -} + // create the workload identity to be referenced + wi := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").Write(suite.T(), suite.client) + id := rtest.Resource(pbauth.ComputedTrafficPermissionsType, wi.Id.Name).WithTenancy(resource.DefaultNamespacedTenancy()).WithOwner(wi.Id).ID() -func (suite *controllerSuite) TestReconcile_TrafficPermissionsDelete_DestinationWorkloadIdentityDoesNotExist() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // create traffic permissions - p1 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "foo", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_DENY, - Permissions: []*pbauth.Permission{p1}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - wi1ID := &pbresource.ID{ - Name: "wi1", - Type: pbauth.ComputedTrafficPermissionsType, - Tenancy: tp1.Id.Tenancy, - } - suite.requireTrafficPermissionsTracking(tp1, wi1ID) - p2 := &pbauth.Permission{ - Sources: []*pbauth.Source{ - { - IdentityName: "wi2", - Namespace: "default", - Partition: "default", - Peer: "local", - }}, - } - tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{ - IdentityName: "wi1", - }, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p2}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.requireTrafficPermissionsTracking(tp2, wi1ID) - - // Delete TP2 - suite.client.MustDelete(suite.T(), tp2.Id) - - // Ensure that no CTPs exist - rsp, err := suite.client.List(suite.ctx, &pbresource.ListRequest{ - Type: pbauth.ComputedTrafficPermissionsType, - Tenancy: resource.DefaultNamespacedTenancy(), - }) - require.NoError(suite.T(), err) - require.Empty(suite.T(), rsp.Resources) - }) -} + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) -func (suite *controllerSuite) TestControllerBasic() { - // TODO: refactor this - // In this test we check basic operations for a workload identity and referencing traffic permission - mgr := controller.NewManager(suite.client, suite.rt.Logger) - mgr.Register(Controller(suite.mapper)) - mgr.SetRaftLeader(true) - go mgr.Run(suite.ctx) + // create traffic permissions + p1 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "foo", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + } + tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_DENY, + Permissions: []*pbauth.Permission{p1}, + }).Write(suite.T(), suite.client) + suite.requireTrafficPermissionsTracking(tp1, id) + p2 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "wi2", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + } + tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{p2}, + }).Write(suite.T(), suite.client) + suite.requireTrafficPermissionsTracking(tp2, id) - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Add a workload identity - workloadIdentity := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").WithTenancy(tenancy).Write(suite.T(), suite.client) + err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) - // Wait for the controller to record that the CTP has been computed - res := suite.client.WaitForReconciliation(suite.T(), resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity.Id), StatusKey) - // Check that the status was updated - rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionComputed("wi1", true)) + ctp := suite.client.RequireResourceExists(suite.T(), id) + suite.requireCTP(ctp, []*pbauth.Permission{p2}, []*pbauth.Permission{p1}) + rtest.RequireOwner(suite.T(), ctp, wi.Id, true) - // Check that the CTP resource exists and contains no permissions - ctpID := rtest.Resource(pbauth.ComputedTrafficPermissionsType, "wi1").WithTenancy(tenancy).ID() - ctpObject := suite.client.RequireResourceExists(suite.T(), ctpID) - suite.requireCTP(ctpObject, nil, nil) + // Delete TP2 + suite.client.MustDelete(suite.T(), tp2.Id) - // add a traffic permission that references wi1 - p1 := &pbauth.Permission{ - Sources: []*pbauth.Source{{ - IdentityName: "wi2", + err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) + + // Ensure that the CTP was updated + ctp = suite.client.RequireResourceExists(suite.T(), id) + suite.requireCTP(ctp, []*pbauth.Permission{}, []*pbauth.Permission{p1}) + + // Ensure TP2 is untracked + newTps := suite.mapper.GetTrafficPermissionsForCTP(ctp.Id) + require.Len(suite.T(), newTps, 1) + require.Equal(suite.T(), newTps[0].Name, tp1.Id.Name) +} + +func (suite *controllerSuite) TestReconcile_TrafficPermissionsDelete_DestinationWorkloadIdentityDoesNotExist() { + // create traffic permissions + p1 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "foo", Namespace: "default", Partition: "default", Peer: "local", }}, - DestinationRules: nil, - } - tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{IdentityName: "wi1"}, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p1}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.client.RequireResourceExists(suite.T(), tp1.Id) - // Wait for the controller to record that the CTP has been re-computed - suite.client.WaitForReconciliation(suite.T(), resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity.Id), StatusKey) - // Check that the ctp has been regenerated - ctpObject = suite.client.WaitForNewVersion(suite.T(), ctpID, ctpObject.Version) - rtest.RequireStatusCondition(suite.T(), ctpObject, StatusKey, ConditionComputed("wi1", false)) - // check wi1 - suite.requireCTP(ctpObject, []*pbauth.Permission{p1}, nil) - - // add a traffic permission that references wi2 - p2 := &pbauth.Permission{ - Sources: []*pbauth.Source{{ - IdentityName: "wi1", + } + tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_DENY, + Permissions: []*pbauth.Permission{p1}, + }).Write(suite.T(), suite.client) + wi1ID := &pbresource.ID{ + Name: "wi1", + Type: pbauth.ComputedTrafficPermissionsType, + Tenancy: tp1.Id.Tenancy, + } + suite.requireTrafficPermissionsTracking(tp1, wi1ID) + p2 := &pbauth.Permission{ + Sources: []*pbauth.Source{ + { + IdentityName: "wi2", Namespace: "default", Partition: "default", Peer: "local", }}, - DestinationRules: nil, - } - tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{IdentityName: "wi2"}, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p2}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.client.RequireResourceExists(suite.T(), tp2.Id) - // check wi1 is the same - ctpObject = suite.client.RequireResourceExists(suite.T(), ctpID) - suite.requireCTP(ctpObject, []*pbauth.Permission{p1}, nil) - // check no ctp2 - ctpID2 := rtest.Resource(pbauth.ComputedTrafficPermissionsType, "wi2").WithTenancy(tenancy).ID() - suite.client.RequireResourceNotFound(suite.T(), ctpID2) - - // delete tp1 - suite.client.MustDelete(suite.T(), tp1.Id) - suite.client.WaitForDeletion(suite.T(), tp1.Id) - // check wi1 has no permissions - ctpObject = suite.client.WaitForNewVersion(suite.T(), ctpID, ctpObject.Version) - suite.requireCTP(ctpObject, nil, nil) - - // edit tp2 to point to wi1 - rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{IdentityName: "wi1"}, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p2}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - // check wi1 has tp2's permissions - ctpObject = suite.client.WaitForNewVersion(suite.T(), ctpID, ctpObject.Version) - suite.requireCTP(ctpObject, []*pbauth.Permission{p2}, nil) - // check no ctp2 - ctpID2 = rtest.Resource(pbauth.ComputedTrafficPermissionsType, "wi2").WithTenancy(tenancy).ID() - suite.client.RequireResourceNotFound(suite.T(), ctpID2) + } + tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{p2}, + }).Write(suite.T(), suite.client) + suite.requireTrafficPermissionsTracking(tp2, wi1ID) + + // Delete TP2 + suite.client.MustDelete(suite.T(), tp2.Id) + + // Ensure that no CTPs exist + rsp, err := suite.client.List(suite.ctx, &pbresource.ListRequest{ + Type: pbauth.ComputedTrafficPermissionsType, + Tenancy: resource.DefaultNamespacedTenancy(), }) + require.NoError(suite.T(), err) + require.Empty(suite.T(), rsp.Resources) } -// This test tests the behaviour of the Controller when dealing with near identical -// resources present in different tenancies. On a high level here is what the test does -// -// 1. Register two workload identities with the same name in two different tenancies (default+default, foo+bar) -// 2. Register traffic permissions separately in both of those tenants and verify if the CTPs -// get computed as expected. -// 3. Delete the traffic permission present in the default namespace and partition and verify the -// changes occurred to the CTP in the same tenant. -// 4. Delete the traffic permission present in the custom namespace and partition and verify the -// changes occurred to the CTP in the same tenant. -// 5. Add back the traffic permission tp2 to the default namespace and partition and verify the -// computed CTP in the same tenant -func (suite *controllerSuite) TestControllerBasicWithMultipleTenancyLevels() { - if !suite.isEnterprise { - suite.T().Skip("this test should only run against the enterprise build") - } - +func (suite *controllerSuite) TestControllerBasic() { // TODO: refactor this // In this test we check basic operations for a workload identity and referencing traffic permission mgr := controller.NewManager(suite.client, suite.rt.Logger) @@ -592,44 +438,25 @@ func (suite *controllerSuite) TestControllerBasicWithMultipleTenancyLevels() { mgr.SetRaftLeader(true) go mgr.Run(suite.ctx) - customTenancy := &pbresource.Tenancy{Partition: "foo", Namespace: "bar"} - - // Add a workload identity in a default namespace and partition - workloadIdentity1 := rtest.Resource(pbauth.WorkloadIdentityType, "wi1"). - WithTenancy(resource.DefaultNamespacedTenancy()). - Write(suite.T(), suite.client) - - // Wait for the controller to record that the CTP has been computed - res := suite.client.WaitForReconciliation(suite.T(), resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity1.Id), StatusKey) - // Check that the status was updated - rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionComputed("wi1", true)) - - // Check that the CTP resource exists and contains no permissions - ctpID1 := rtest.Resource(pbauth.ComputedTrafficPermissionsType, "wi1").WithTenancy(resource.DefaultNamespacedTenancy()).ID() - ctpObject1 := suite.client.RequireResourceExists(suite.T(), ctpID1) - suite.requireCTP(ctpObject1, nil, nil) - - // Add a workload identity with the same name in a custom namespace and partition - workloadIdentity2 := rtest.Resource(pbauth.WorkloadIdentityType, "wi1"). - WithTenancy(customTenancy). - Write(suite.T(), suite.client) + // Add a workload identity + workloadIdentity := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").Write(suite.T(), suite.client) // Wait for the controller to record that the CTP has been computed - res = suite.client.WaitForReconciliation(suite.T(), resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity2.Id), StatusKey) + res := suite.client.WaitForReconciliation(suite.T(), resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity.Id), StatusKey) // Check that the status was updated rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionComputed("wi1", true)) // Check that the CTP resource exists and contains no permissions - ctpID2 := rtest.Resource(pbauth.ComputedTrafficPermissionsType, "wi1").WithTenancy(customTenancy).ID() - ctpObject2 := suite.client.RequireResourceExists(suite.T(), ctpID2) - suite.requireCTP(ctpObject2, nil, nil) + ctpID := rtest.Resource(pbauth.ComputedTrafficPermissionsType, "wi1").ID() + ctpObject := suite.client.RequireResourceExists(suite.T(), ctpID) + suite.requireCTP(ctpObject, nil, nil) - // add a traffic permission that references wi1 present in the default namespace and partition + // add a traffic permission that references wi1 p1 := &pbauth.Permission{ Sources: []*pbauth.Source{{ IdentityName: "wi2", - Namespace: "bar", - Partition: "foo", + Namespace: "default", + Partition: "default", Peer: "local", }}, DestinationRules: nil, @@ -638,22 +465,20 @@ func (suite *controllerSuite) TestControllerBasicWithMultipleTenancyLevels() { Destination: &pbauth.Destination{IdentityName: "wi1"}, Action: pbauth.Action_ACTION_ALLOW, Permissions: []*pbauth.Permission{p1}, - }). - WithTenancy(resource.DefaultNamespacedTenancy()). - Write(suite.T(), suite.client) + }).Write(suite.T(), suite.client) suite.client.RequireResourceExists(suite.T(), tp1.Id) // Wait for the controller to record that the CTP has been re-computed - suite.client.WaitForReconciliation(suite.T(), resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity1.Id), StatusKey) + suite.client.WaitForReconciliation(suite.T(), resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity.Id), StatusKey) // Check that the ctp has been regenerated - ctpObject1 = suite.client.WaitForNewVersion(suite.T(), ctpID1, ctpObject1.Version) - rtest.RequireStatusCondition(suite.T(), ctpObject1, StatusKey, ConditionComputed("wi1", false)) + ctpObject = suite.client.WaitForNewVersion(suite.T(), ctpID, ctpObject.Version) + rtest.RequireStatusCondition(suite.T(), ctpObject, StatusKey, ConditionComputed("wi1", false)) // check wi1 - suite.requireCTP(ctpObject1, []*pbauth.Permission{p1}, nil) + suite.requireCTP(ctpObject, []*pbauth.Permission{p1}, nil) - // add a traffic permission that references wi1 present in the custom namespace and partition + // add a traffic permission that references wi2 p2 := &pbauth.Permission{ Sources: []*pbauth.Source{{ - IdentityName: "wi2", + IdentityName: "wi1", Namespace: "default", Partition: "default", Peer: "local", @@ -661,47 +486,37 @@ func (suite *controllerSuite) TestControllerBasicWithMultipleTenancyLevels() { DestinationRules: nil, } tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{IdentityName: "wi1"}, + Destination: &pbauth.Destination{IdentityName: "wi2"}, Action: pbauth.Action_ACTION_ALLOW, Permissions: []*pbauth.Permission{p2}, - }). - WithTenancy(customTenancy). - Write(suite.T(), suite.client) + }).Write(suite.T(), suite.client) suite.client.RequireResourceExists(suite.T(), tp2.Id) - // Wait for the controller to record that the CTP has been re-computed - suite.client.WaitForReconciliation(suite.T(), resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity2.Id), StatusKey) - // Check that the ctp has been regenerated - ctpObject2 = suite.client.WaitForNewVersion(suite.T(), ctpID2, ctpObject2.Version) - rtest.RequireStatusCondition(suite.T(), ctpObject2, StatusKey, ConditionComputed("wi1", false)) - // check wi1 - suite.requireCTP(ctpObject2, []*pbauth.Permission{p2}, nil) + // check wi1 is the same + ctpObject = suite.client.RequireResourceExists(suite.T(), ctpID) + suite.requireCTP(ctpObject, []*pbauth.Permission{p1}, nil) + // check no ctp2 + ctpID2 := rtest.Resource(pbauth.ComputedTrafficPermissionsType, "wi2").ID() + suite.client.RequireResourceNotFound(suite.T(), ctpID2) // delete tp1 suite.client.MustDelete(suite.T(), tp1.Id) suite.client.WaitForDeletion(suite.T(), tp1.Id) - // check that the CTP in default tenancy has no permissions - ctpObject1 = suite.client.WaitForNewVersion(suite.T(), ctpID1, ctpObject1.Version) - suite.requireCTP(ctpObject1, nil, nil) + // check wi1 has no permissions + ctpObject = suite.client.WaitForNewVersion(suite.T(), ctpID, ctpObject.Version) + suite.requireCTP(ctpObject, nil, nil) - // delete tp2 in the custom partition and namespace - suite.client.MustDelete(suite.T(), tp2.Id) - suite.client.WaitForDeletion(suite.T(), tp2.Id) - // check that the CTP in custom tenancy has no permissions - ctpObject2 = suite.client.WaitForNewVersion(suite.T(), ctpID2, ctpObject2.Version) - suite.requireCTP(ctpObject2, nil, nil) - - // Add tp2 to point to wi1 in the default partition and namespace - tp2 = rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ + // edit tp2 to point to wi1 + rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ Destination: &pbauth.Destination{IdentityName: "wi1"}, Action: pbauth.Action_ACTION_ALLOW, Permissions: []*pbauth.Permission{p2}, - }). - WithTenancy(resource.DefaultNamespacedTenancy()). - Write(suite.T(), suite.client) - suite.client.RequireResourceExists(suite.T(), tp2.Id) - // check wi1 in the default partition and namespace has tp2's permissions - ctpObject1 = suite.client.WaitForNewVersion(suite.T(), ctpID1, ctpObject1.Version) - suite.requireCTP(ctpObject1, []*pbauth.Permission{p2}, nil) + }).Write(suite.T(), suite.client) + // check wi1 has tp2's permissions + ctpObject = suite.client.WaitForNewVersion(suite.T(), ctpID, ctpObject.Version) + suite.requireCTP(ctpObject, []*pbauth.Permission{p2}, nil) + // check no ctp2 + ctpID2 = rtest.Resource(pbauth.ComputedTrafficPermissionsType, "wi2").ID() + suite.client.RequireResourceNotFound(suite.T(), ctpID2) } func (suite *controllerSuite) TestControllerMultipleTrafficPermissions() { @@ -713,173 +528,147 @@ func (suite *controllerSuite) TestControllerMultipleTrafficPermissions() { mgr.SetRaftLeader(true) go mgr.Run(suite.ctx) - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - wi1ID := &pbresource.ID{ - Name: "wi1", - Type: pbauth.ComputedTrafficPermissionsType, - Tenancy: tenancy, - } - // add tp1 and tp2 - p1 := &pbauth.Permission{ - Sources: []*pbauth.Source{{ - IdentityName: "wi2", - Namespace: tenancy.Namespace, - Partition: tenancy.Partition, - Peer: "local", - }}, - DestinationRules: nil, - } - tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{IdentityName: "wi1"}, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p1}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.client.RequireResourceExists(suite.T(), tp1.Id) - suite.requireTrafficPermissionsTracking(tp1, wi1ID) - p2 := &pbauth.Permission{ - Sources: []*pbauth.Source{{ - IdentityName: "wi3", - Namespace: tenancy.Namespace, - Partition: tenancy.Partition, - Peer: "local", - }}, - DestinationRules: nil, - } - tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{IdentityName: "wi1"}, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p2}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.client.RequireResourceExists(suite.T(), tp2.Id) - suite.requireTrafficPermissionsTracking(tp1, wi1ID) - - // Add a workload identity - workloadIdentity := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").WithTenancy(tenancy).Write(suite.T(), suite.client) - ctpID := resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity.Id) - // Wait for the controller to record that the CTP has been computed - res := suite.client.WaitForReconciliation(suite.T(), ctpID, StatusKey) - rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionComputed("wi1", false)) - // check ctp1 has tp1 and tp2 - ctpObject := suite.client.RequireResourceExists(suite.T(), res.Id) - suite.requireCTP(ctpObject, []*pbauth.Permission{p1, p2}, nil) - - // add tp3 - p3 := &pbauth.Permission{ - Sources: []*pbauth.Source{{ - IdentityName: "wi4", - Namespace: tenancy.Namespace, - Partition: tenancy.Partition, - Peer: "local", - }}, - DestinationRules: nil, - } - tp3 := rtest.Resource(pbauth.TrafficPermissionsType, "tp3").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{IdentityName: "wi1"}, - Action: pbauth.Action_ACTION_DENY, - Permissions: []*pbauth.Permission{p3}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.client.RequireResourceExists(suite.T(), tp3.Id) - // check ctp1 has tp3 - ctpObject = suite.client.WaitForReconciliation(suite.T(), ctpObject.Id, StatusKey) - ctpObject = suite.client.WaitForNewVersion(suite.T(), ctpObject.Id, ctpObject.Version) - suite.requireCTP(ctpObject, []*pbauth.Permission{p1, p2}, []*pbauth.Permission{p3}) - - // delete ctp - suite.client.MustDelete(suite.T(), ctpObject.Id) - suite.client.WaitForDeletion(suite.T(), ctpObject.Id) - // check ctp regenerated, has all permissions - res = suite.client.WaitForReconciliation(suite.T(), ctpID, StatusKey) - rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionComputed("wi1", false)) - ctpObject = suite.client.RequireResourceExists(suite.T(), res.Id) - suite.requireCTP(ctpObject, []*pbauth.Permission{p1, p2}, []*pbauth.Permission{p3}) - - // delete wi1 - suite.client.MustDelete(suite.T(), workloadIdentity.Id) - suite.client.WaitForDeletion(suite.T(), workloadIdentity.Id) - - // recreate wi1 - rtest.Resource(pbauth.WorkloadIdentityType, "wi1").WithTenancy(tenancy).Write(suite.T(), suite.client) - // check ctp regenerated, has all permissions - res = suite.client.WaitForReconciliation(suite.T(), ctpID, StatusKey) - rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionComputed("wi1", false)) - ctpObject = suite.client.RequireResourceExists(suite.T(), res.Id) - suite.requireCTP(ctpObject, []*pbauth.Permission{p1, p2}, []*pbauth.Permission{p3}) - - // delete tp3 - suite.client.MustDelete(suite.T(), tp3.Id) - suite.client.WaitForDeletion(suite.T(), tp3.Id) - suite.client.RequireResourceNotFound(suite.T(), tp3.Id) - // check ctp1 has tp1 and tp2, and not tp3 - res = suite.client.WaitForReconciliation(suite.T(), ctpObject.Id, StatusKey) - ctpObject = suite.client.WaitForNewVersion(suite.T(), res.Id, ctpObject.Version) - suite.requireCTP(ctpObject, []*pbauth.Permission{p1, p2}, nil) - - // add wi2 - workloadIdentity2 := rtest.Resource(pbauth.WorkloadIdentityType, "wi2").WithTenancy(tenancy).Write(suite.T(), suite.client) - // Wait for the controller to record that the CTP has been computed - res2 := suite.client.WaitForReconciliation(suite.T(), resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity2.Id), StatusKey) - rtest.RequireStatusCondition(suite.T(), res2, StatusKey, ConditionComputed("wi2", false)) - // check ctp2 has no permissions - ctpObject2 := suite.client.RequireResourceExists(suite.T(), res2.Id) - suite.requireCTP(ctpObject2, nil, nil) - - // edit all traffic permissions to point to wi2 - tp1 = rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{IdentityName: "wi2"}, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p1}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - tp2 = rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{IdentityName: "wi2"}, - Action: pbauth.Action_ACTION_ALLOW, - Permissions: []*pbauth.Permission{p2}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - tp3 = rtest.Resource(pbauth.TrafficPermissionsType, "tp3").WithData(suite.T(), &pbauth.TrafficPermissions{ - Destination: &pbauth.Destination{IdentityName: "wi2"}, - Action: pbauth.Action_ACTION_DENY, - Permissions: []*pbauth.Permission{p3}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - suite.client.RequireResourceExists(suite.T(), tp1.Id) - suite.client.RequireResourceExists(suite.T(), tp2.Id) - suite.client.RequireResourceExists(suite.T(), tp3.Id) - - // check wi2 has updated with all permissions after 6 reconciles - ctpObject2 = suite.client.WaitForReconciliation(suite.T(), ctpObject2.Id, StatusKey) - res2 = suite.client.WaitForReconciliation(suite.T(), ctpObject2.Id, StatusKey) - suite.client.WaitForResourceState(suite.T(), res2.Id, func(t rtest.T, res *pbresource.Resource) { - suite.requireCTP(res, []*pbauth.Permission{p1, p2}, []*pbauth.Permission{p3}) - }) - // check wi1 has no permissions after 6 reconciles - ctpObject = suite.client.WaitForReconciliation(suite.T(), ctpObject.Id, StatusKey) - res = suite.client.WaitForReconciliation(suite.T(), ctpObject.Id, StatusKey) - suite.client.WaitForResourceState(suite.T(), res.Id, func(t rtest.T, res *pbresource.Resource) { - suite.requireCTP(res, nil, nil) - }) - }) -} + wi1ID := &pbresource.ID{ + Name: "wi1", + Type: pbauth.ComputedTrafficPermissionsType, + Tenancy: resource.DefaultNamespacedTenancy(), + } + // add tp1 and tp2 + p1 := &pbauth.Permission{ + Sources: []*pbauth.Source{{ + IdentityName: "wi2", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + DestinationRules: nil, + } + tp1 := rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{IdentityName: "wi1"}, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{p1}, + }).Write(suite.T(), suite.client) + suite.client.RequireResourceExists(suite.T(), tp1.Id) + suite.requireTrafficPermissionsTracking(tp1, wi1ID) + p2 := &pbauth.Permission{ + Sources: []*pbauth.Source{{ + IdentityName: "wi3", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + DestinationRules: nil, + } + tp2 := rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{IdentityName: "wi1"}, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{p2}, + }).Write(suite.T(), suite.client) + suite.client.RequireResourceExists(suite.T(), tp2.Id) + suite.requireTrafficPermissionsTracking(tp1, wi1ID) -func (suite *controllerSuite) runTestCaseWithTenancies(testFunc func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - testFunc(tenancy) - }) + // Add a workload identity + workloadIdentity := rtest.Resource(pbauth.WorkloadIdentityType, "wi1").Write(suite.T(), suite.client) + ctpID := resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity.Id) + // Wait for the controller to record that the CTP has been computed + res := suite.client.WaitForReconciliation(suite.T(), ctpID, StatusKey) + rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionComputed("wi1", false)) + // check ctp1 has tp1 and tp2 + ctpObject := suite.client.RequireResourceExists(suite.T(), res.Id) + suite.requireCTP(ctpObject, []*pbauth.Permission{p1, p2}, nil) + + // add tp3 + p3 := &pbauth.Permission{ + Sources: []*pbauth.Source{{ + IdentityName: "wi4", + Namespace: "default", + Partition: "default", + Peer: "local", + }}, + DestinationRules: nil, } -} + tp3 := rtest.Resource(pbauth.TrafficPermissionsType, "tp3").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{IdentityName: "wi1"}, + Action: pbauth.Action_ACTION_DENY, + Permissions: []*pbauth.Permission{p3}, + }).Write(suite.T(), suite.client) + suite.client.RequireResourceExists(suite.T(), tp3.Id) + // check ctp1 has tp3 + ctpObject = suite.client.WaitForReconciliation(suite.T(), ctpObject.Id, StatusKey) + ctpObject = suite.client.WaitForNewVersion(suite.T(), ctpObject.Id, ctpObject.Version) + suite.requireCTP(ctpObject, []*pbauth.Permission{p1, p2}, []*pbauth.Permission{p3}) + + // delete ctp + suite.client.MustDelete(suite.T(), ctpObject.Id) + suite.client.WaitForDeletion(suite.T(), ctpObject.Id) + // check ctp regenerated, has all permissions + res = suite.client.WaitForReconciliation(suite.T(), ctpID, StatusKey) + rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionComputed("wi1", false)) + ctpObject = suite.client.RequireResourceExists(suite.T(), res.Id) + suite.requireCTP(ctpObject, []*pbauth.Permission{p1, p2}, []*pbauth.Permission{p3}) + + // delete wi1 + suite.client.MustDelete(suite.T(), workloadIdentity.Id) + suite.client.WaitForDeletion(suite.T(), workloadIdentity.Id) + + // recreate wi1 + rtest.Resource(pbauth.WorkloadIdentityType, "wi1").Write(suite.T(), suite.client) + // check ctp regenerated, has all permissions + res = suite.client.WaitForReconciliation(suite.T(), ctpID, StatusKey) + rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionComputed("wi1", false)) + ctpObject = suite.client.RequireResourceExists(suite.T(), res.Id) + suite.requireCTP(ctpObject, []*pbauth.Permission{p1, p2}, []*pbauth.Permission{p3}) + + // delete tp3 + suite.client.MustDelete(suite.T(), tp3.Id) + suite.client.WaitForDeletion(suite.T(), tp3.Id) + suite.client.RequireResourceNotFound(suite.T(), tp3.Id) + // check ctp1 has tp1 and tp2, and not tp3 + res = suite.client.WaitForReconciliation(suite.T(), ctpObject.Id, StatusKey) + ctpObject = suite.client.WaitForNewVersion(suite.T(), res.Id, ctpObject.Version) + suite.requireCTP(ctpObject, []*pbauth.Permission{p1, p2}, nil) + + // add wi2 + workloadIdentity2 := rtest.Resource(pbauth.WorkloadIdentityType, "wi2").Write(suite.T(), suite.client) + // Wait for the controller to record that the CTP has been computed + res2 := suite.client.WaitForReconciliation(suite.T(), resource.ReplaceType(pbauth.ComputedTrafficPermissionsType, workloadIdentity2.Id), StatusKey) + rtest.RequireStatusCondition(suite.T(), res2, StatusKey, ConditionComputed("wi2", false)) + // check ctp2 has no permissions + ctpObject2 := suite.client.RequireResourceExists(suite.T(), res2.Id) + suite.requireCTP(ctpObject2, nil, nil) + + // edit all traffic permissions to point to wi2 + tp1 = rtest.Resource(pbauth.TrafficPermissionsType, "tp1").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{IdentityName: "wi2"}, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{p1}, + }).Write(suite.T(), suite.client) + tp2 = rtest.Resource(pbauth.TrafficPermissionsType, "tp2").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{IdentityName: "wi2"}, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{p2}, + }).Write(suite.T(), suite.client) + tp3 = rtest.Resource(pbauth.TrafficPermissionsType, "tp3").WithData(suite.T(), &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{IdentityName: "wi2"}, + Action: pbauth.Action_ACTION_DENY, + Permissions: []*pbauth.Permission{p3}, + }).Write(suite.T(), suite.client) + suite.client.RequireResourceExists(suite.T(), tp1.Id) + suite.client.RequireResourceExists(suite.T(), tp2.Id) + suite.client.RequireResourceExists(suite.T(), tp3.Id) -func (suite *controllerSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) + // check wi2 has updated with all permissions after 6 reconciles + ctpObject2 = suite.client.WaitForReconciliation(suite.T(), ctpObject2.Id, StatusKey) + res2 = suite.client.WaitForReconciliation(suite.T(), ctpObject2.Id, StatusKey) + suite.client.WaitForResourceState(suite.T(), res2.Id, func(t rtest.T, res *pbresource.Resource) { + suite.requireCTP(res, []*pbauth.Permission{p1, p2}, []*pbauth.Permission{p3}) + }) + // check wi1 has no permissions after 6 reconciles + ctpObject = suite.client.WaitForReconciliation(suite.T(), ctpObject.Id, StatusKey) + res = suite.client.WaitForReconciliation(suite.T(), ctpObject.Id, StatusKey) + suite.client.WaitForResourceState(suite.T(), res.Id, func(t rtest.T, res *pbresource.Resource) { + suite.requireCTP(res, nil, nil) + }) } func TestController(t *testing.T) { diff --git a/internal/auth/internal/types/computed_traffic_permissions.go b/internal/auth/internal/types/computed_traffic_permissions.go index 800d2a8fb66f4..0a32e13d29267 100644 --- a/internal/auth/internal/types/computed_traffic_permissions.go +++ b/internal/auth/internal/types/computed_traffic_permissions.go @@ -12,8 +12,6 @@ import ( "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedComputedTrafficPermissions = resource.DecodedResource[*pbauth.ComputedTrafficPermissions] - func RegisterComputedTrafficPermission(r resource.Registry) { r.Register(resource.Registration{ Type: pbauth.ComputedTrafficPermissionsType, @@ -28,12 +26,16 @@ func RegisterComputedTrafficPermission(r resource.Registry) { }) } -var ValidateComputedTrafficPermissions = resource.DecodeAndValidate(validateComputedTrafficPermissions) +func ValidateComputedTrafficPermissions(res *pbresource.Resource) error { + var ctp pbauth.ComputedTrafficPermissions + + if err := res.Data.UnmarshalTo(&ctp); err != nil { + return resource.NewErrDataParse(&ctp, err) + } -func validateComputedTrafficPermissions(res *DecodedComputedTrafficPermissions) error { var merr error - for i, permission := range res.Data.AllowPermissions { + for i, permission := range ctp.AllowPermissions { wrapErr := func(err error) error { return resource.ErrInvalidListElement{ Name: "allow_permissions", @@ -46,7 +48,7 @@ func validateComputedTrafficPermissions(res *DecodedComputedTrafficPermissions) } } - for i, permission := range res.Data.DenyPermissions { + for i, permission := range ctp.DenyPermissions { wrapErr := func(err error) error { return resource.ErrInvalidListElement{ Name: "deny_permissions", diff --git a/internal/auth/internal/types/traffic_permissions.go b/internal/auth/internal/types/traffic_permissions.go index acf2655371697..84a30a46e2f60 100644 --- a/internal/auth/internal/types/traffic_permissions.go +++ b/internal/auth/internal/types/traffic_permissions.go @@ -12,15 +12,13 @@ import ( "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedTrafficPermissions = resource.DecodedResource[*pbauth.TrafficPermissions] - func RegisterTrafficPermissions(r resource.Registry) { r.Register(resource.Registration{ Type: pbauth.TrafficPermissionsType, Proto: &pbauth.TrafficPermissions{}, ACLs: &resource.ACLHooks{ - Read: resource.DecodeAndAuthorizeRead(aclReadHookTrafficPermissions), - Write: resource.DecodeAndAuthorizeWrite(aclWriteHookTrafficPermissions), + Read: aclReadHookTrafficPermissions, + Write: aclWriteHookTrafficPermissions, List: resource.NoOpACLListHook, }, Validate: ValidateTrafficPermissions, @@ -29,12 +27,16 @@ func RegisterTrafficPermissions(r resource.Registry) { }) } -var MutateTrafficPermissions = resource.DecodeAndMutate(mutateTrafficPermissions) +func MutateTrafficPermissions(res *pbresource.Resource) error { + var tp pbauth.TrafficPermissions + + if err := res.Data.UnmarshalTo(&tp); err != nil { + return resource.NewErrDataParse(&tp, err) + } -func mutateTrafficPermissions(res *DecodedTrafficPermissions) (bool, error) { var changed bool - for _, p := range res.Data.Permissions { + for _, p := range tp.Permissions { for _, s := range p.Sources { if updated := normalizedTenancyForSource(s, res.Id.Tenancy); updated { changed = true @@ -42,7 +44,11 @@ func mutateTrafficPermissions(res *DecodedTrafficPermissions) (bool, error) { } } - return changed, nil + if !changed { + return nil + } + + return res.Data.MarshalFrom(&tp) } func normalizedTenancyForSource(src *pbauth.Source, parentTenancy *pbresource.Tenancy) bool { @@ -104,13 +110,17 @@ func firstNonEmptyString(a, b, c string) (string, bool) { return c, true } -var ValidateTrafficPermissions = resource.DecodeAndValidate(validateTrafficPermissions) +func ValidateTrafficPermissions(res *pbresource.Resource) error { + var tp pbauth.TrafficPermissions + + if err := res.Data.UnmarshalTo(&tp); err != nil { + return resource.NewErrDataParse(&tp, err) + } -func validateTrafficPermissions(res *DecodedTrafficPermissions) error { var merr error // enumcover:pbauth.Action - switch res.Data.Action { + switch tp.Action { case pbauth.Action_ACTION_ALLOW: case pbauth.Action_ACTION_DENY: case pbauth.Action_ACTION_UNSPECIFIED: @@ -122,14 +132,14 @@ func validateTrafficPermissions(res *DecodedTrafficPermissions) error { }) } - if res.Data.Destination == nil || (len(res.Data.Destination.IdentityName) == 0) { + if tp.Destination == nil || (len(tp.Destination.IdentityName) == 0) { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "data.destination", Wrapped: resource.ErrEmpty, }) } // Validate permissions - for i, permission := range res.Data.Permissions { + for i, permission := range tp.Permissions { wrapErr := func(err error) error { return resource.ErrInvalidListElement{ Name: "permissions", @@ -275,10 +285,30 @@ func isLocalPeer(p string) bool { return p == "local" || p == "" } -func aclReadHookTrafficPermissions(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *DecodedTrafficPermissions) error { - return authorizer.ToAllowAuthorizer().TrafficPermissionsReadAllowed(res.Data.Destination.IdentityName, authzContext) +func aclReadHookTrafficPermissions(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { + if res == nil { + return resource.ErrNeedResource + } + return authorizeDestination(res, func(dest string) error { + return authorizer.ToAllowAuthorizer().TrafficPermissionsReadAllowed(dest, authzContext) + }) } -func aclWriteHookTrafficPermissions(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *DecodedTrafficPermissions) error { - return authorizer.ToAllowAuthorizer().TrafficPermissionsWriteAllowed(res.Data.Destination.IdentityName, authzContext) +func aclWriteHookTrafficPermissions(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + return authorizeDestination(res, func(dest string) error { + return authorizer.ToAllowAuthorizer().TrafficPermissionsWriteAllowed(dest, authzContext) + }) +} + +func authorizeDestination(res *pbresource.Resource, intentionAllowed func(string) error) error { + tp, err := resource.Decode[*pbauth.TrafficPermissions](res) + if err != nil { + return err + } + // Check intention:x permissions for identity + err = intentionAllowed(tp.Data.Destination.IdentityName) + if err != nil { + return err + } + return nil } diff --git a/internal/auth/internal/types/workload_identity.go b/internal/auth/internal/types/workload_identity.go index a15fd5bf5b2dd..17334e66099ef 100644 --- a/internal/auth/internal/types/workload_identity.go +++ b/internal/auth/internal/types/workload_identity.go @@ -10,8 +10,6 @@ import ( "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedWorkloadIdentity = resource.DecodedResource[*pbauth.WorkloadIdentity] - func RegisterWorkloadIdentity(r resource.Registry) { r.Register(resource.Registration{ Type: pbauth.WorkloadIdentityType, @@ -22,17 +20,10 @@ func RegisterWorkloadIdentity(r resource.Registry) { Write: aclWriteHookWorkloadIdentity, List: resource.NoOpACLListHook, }, - Validate: ValidateWorkloadIdentity, + Validate: nil, }) } -var ValidateWorkloadIdentity = resource.DecodeAndValidate(validateWorkloadIdentity) - -func validateWorkloadIdentity(res *DecodedWorkloadIdentity) error { - // currently the WorkloadIdentity type has no fields. - return nil -} - func aclReadHookWorkloadIdentity( authorizer acl.Authorizer, authzCtx *acl.AuthorizerContext, diff --git a/internal/auth/internal/types/workload_identity_test.go b/internal/auth/internal/types/workload_identity_test.go index 19ed4cbeea87e..8dfb22bc74a2e 100644 --- a/internal/auth/internal/types/workload_identity_test.go +++ b/internal/auth/internal/types/workload_identity_test.go @@ -144,13 +144,3 @@ func TestWorkloadIdentityACLs(t *testing.T) { }) } } - -func TestWorkloadIdentity_ParseError(t *testing.T) { - rsc := resourcetest.Resource(pbauth.WorkloadIdentityType, "example"). - WithData(t, &pbauth.TrafficPermissions{}). - Build() - - err := ValidateWorkloadIdentity(rsc) - var parseErr resource.ErrDataParse - require.ErrorAs(t, err, &parseErr) -} diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1-health.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1-health.json index 45cf1503012c0..705eeb6ced262 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1-health.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1-health.json @@ -3,10 +3,11 @@ "type": { "group": "catalog", "group_version": "v2beta1", - "kind": "NodeHealthStatus" + "kind": "HealthStatus" }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-1-health" @@ -19,12 +20,13 @@ }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-1" }, "data": { - "@type": "hashicorp.consul.catalog.v2beta1.NodeHealthStatus", + "@type": "hashicorp.consul.catalog.v2beta1.HealthStatus", "type": "synthetic", "status": "HEALTH_PASSING" } diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1.json index e9f78a033664d..a190e5bc1ab1e 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1.json @@ -7,6 +7,7 @@ }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-1" diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2-health.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2-health.json index ed1958e644a2f..1e9baaefde5ec 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2-health.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2-health.json @@ -3,10 +3,11 @@ "type": { "group": "catalog", "group_version": "v2beta1", - "kind": "NodeHealthStatus" + "kind": "HealthStatus" }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-2-health" @@ -19,12 +20,13 @@ }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-2" }, "data": { - "@type": "hashicorp.consul.catalog.v2beta1.NodeHealthStatus", + "@type": "hashicorp.consul.catalog.v2beta1.HealthStatus", "type": "synthetic", "status": "HEALTH_WARNING" } diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2.json index f51b598c7b097..218f8d1ae35bb 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2.json @@ -7,6 +7,7 @@ }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-2" diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3-health.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3-health.json index 0257dc2f0c37c..5e2df1a13f8b1 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3-health.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3-health.json @@ -3,10 +3,11 @@ "type": { "group": "catalog", "group_version": "v2beta1", - "kind": "NodeHealthStatus" + "kind": "HealthStatus" }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-3-health" @@ -19,12 +20,13 @@ }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-3" }, "data": { - "@type": "hashicorp.consul.catalog.v2beta1.NodeHealthStatus", + "@type": "hashicorp.consul.catalog.v2beta1.HealthStatus", "type": "synthetic", "status": "HEALTH_CRITICAL" } diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3.json index 6fb149e2cebf2..f02361cd58faa 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3.json @@ -7,6 +7,7 @@ }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-3" diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4-health.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4-health.json index 2da46f58cb354..f403c929b4eae 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4-health.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4-health.json @@ -3,10 +3,11 @@ "type": { "group": "catalog", "group_version": "v2beta1", - "kind": "NodeHealthStatus" + "kind": "HealthStatus" }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-4-health" @@ -19,12 +20,13 @@ }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-4" }, "data": { - "@type": "hashicorp.consul.catalog.v2beta1.NodeHealthStatus", + "@type": "hashicorp.consul.catalog.v2beta1.HealthStatus", "type": "synthetic", "status": "HEALTH_MAINTENANCE" } diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4.json index bea561ace54e4..c66e70fd0c64e 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4.json @@ -7,6 +7,7 @@ }, "tenancy": { "partition": "default", + "namespace": "default", "peer_name": "local" }, "name": "node-4" diff --git a/internal/catalog/catalogtest/run_test.go b/internal/catalog/catalogtest/run_test.go index f6e9610e0b693..554900559e464 100644 --- a/internal/catalog/catalogtest/run_test.go +++ b/internal/catalog/catalogtest/run_test.go @@ -26,9 +26,7 @@ func runInMemResourceServiceAndControllers(t *testing.T, deps controllers.Depend ctx := testutil.TestContext(t) // Create the in-mem resource service - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(catalog.RegisterTypes). - Run(t) + client := svctest.RunResourceService(t, catalog.RegisterTypes) // Setup/Run the controller manager mgr := controller.NewManager(client, testutil.Logger(t)) diff --git a/internal/catalog/catalogtest/test_integration_v2beta1.go b/internal/catalog/catalogtest/test_integration_v2beta1.go index d88692e910a80..6d5c5854d7b00 100644 --- a/internal/catalog/catalogtest/test_integration_v2beta1.go +++ b/internal/catalog/catalogtest/test_integration_v2beta1.go @@ -26,7 +26,7 @@ var ( testData embed.FS ) -// RunCatalogV2Beta1IntegrationTest will push up a bunch of catalog related data and then +// RunCatalogV1Alpha1IntegrationTest will push up a bunch of catalog related data and then // verify that all the expected reconciliations happened correctly. This test is // intended to exercise a large swathe of behavior of the overall catalog package. // Besides just controller reconciliation behavior, the intent is also to verify @@ -68,10 +68,10 @@ func VerifyCatalogV2Beta1IntegrationTestResults(t *testing.T, client pbresource. c.RequireResourceExists(t, rtest.Resource(pbcatalog.ServiceType, "foo").ID()) for i := 1; i < 5; i++ { - nodeId := rtest.Resource(pbcatalog.NodeType, fmt.Sprintf("node-%d", i)).WithTenancy(resource.DefaultPartitionedTenancy()).ID() + nodeId := rtest.Resource(pbcatalog.NodeType, fmt.Sprintf("node-%d", i)).WithTenancy(resource.DefaultNamespacedTenancy()).ID() c.RequireResourceExists(t, nodeId) - res := c.RequireResourceExists(t, rtest.Resource(pbcatalog.NodeHealthStatusType, fmt.Sprintf("node-%d-health", i)).ID()) + res := c.RequireResourceExists(t, rtest.Resource(pbcatalog.HealthStatusType, fmt.Sprintf("node-%d-health", i)).ID()) rtest.RequireOwner(t, res, nodeId, true) } @@ -85,10 +85,10 @@ func VerifyCatalogV2Beta1IntegrationTestResults(t *testing.T, client pbresource. }) testutil.RunStep(t, "node-health-reconciliation", func(t *testing.T) { - c.WaitForStatusCondition(t, rtest.Resource(pbcatalog.NodeType, "node-1").WithTenancy(resource.DefaultPartitionedTenancy()).ID(), nodehealth.StatusKey, nodehealth.ConditionPassing) - c.WaitForStatusCondition(t, rtest.Resource(pbcatalog.NodeType, "node-2").WithTenancy(resource.DefaultPartitionedTenancy()).ID(), nodehealth.StatusKey, nodehealth.ConditionWarning) - c.WaitForStatusCondition(t, rtest.Resource(pbcatalog.NodeType, "node-3").WithTenancy(resource.DefaultPartitionedTenancy()).ID(), nodehealth.StatusKey, nodehealth.ConditionCritical) - c.WaitForStatusCondition(t, rtest.Resource(pbcatalog.NodeType, "node-4").WithTenancy(resource.DefaultPartitionedTenancy()).ID(), nodehealth.StatusKey, nodehealth.ConditionMaintenance) + c.WaitForStatusCondition(t, rtest.Resource(pbcatalog.NodeType, "node-1").ID(), nodehealth.StatusKey, nodehealth.ConditionPassing) + c.WaitForStatusCondition(t, rtest.Resource(pbcatalog.NodeType, "node-2").ID(), nodehealth.StatusKey, nodehealth.ConditionWarning) + c.WaitForStatusCondition(t, rtest.Resource(pbcatalog.NodeType, "node-3").ID(), nodehealth.StatusKey, nodehealth.ConditionCritical) + c.WaitForStatusCondition(t, rtest.Resource(pbcatalog.NodeType, "node-4").ID(), nodehealth.StatusKey, nodehealth.ConditionMaintenance) }) testutil.RunStep(t, "workload-health-reconciliation", func(t *testing.T) { diff --git a/internal/catalog/catalogtest/test_lifecycle_v2beta1.go b/internal/catalog/catalogtest/test_lifecycle_v2beta1.go index 0c7fd1343546d..5093b516cf421 100644 --- a/internal/catalog/catalogtest/test_lifecycle_v2beta1.go +++ b/internal/catalog/catalogtest/test_lifecycle_v2beta1.go @@ -7,7 +7,6 @@ import ( "testing" "github.com/hashicorp/consul/internal/catalog" - "github.com/hashicorp/consul/internal/resource" rtest "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -50,7 +49,6 @@ func RunCatalogV2Beta1NodeLifecycleIntegrationTest(t *testing.T, client pbresour // initial node creation node := rtest.Resource(pbcatalog.NodeType, nodeName). - WithTenancy(resource.DefaultPartitionedTenancy()). WithData(t, &pbcatalog.Node{ Addresses: []*pbcatalog.NodeAddress{ {Host: "172.16.2.3"}, @@ -88,7 +86,7 @@ func RunCatalogV2Beta1NodeLifecycleIntegrationTest(t *testing.T, client pbresour // reconciliation at each point for _, health := range healthChanges { // update the health check - nodeHealth = setNodeHealthStatus(t, c, node.Id, nodeHealthName, health) + nodeHealth = setHealthStatus(t, c, node.Id, nodeHealthName, health) // wait for reconciliation to kick in and put the node into the right // health status. @@ -108,7 +106,7 @@ func RunCatalogV2Beta1NodeLifecycleIntegrationTest(t *testing.T, client pbresour // Add the health status back once more, the actual status doesn't matter. // It just must be owned by the node so that we can show cascading // deletions of owned health statuses working. - healthStatus := setNodeHealthStatus(t, c, node.Id, nodeHealthName, pbcatalog.Health_HEALTH_CRITICAL) + healthStatus := setHealthStatus(t, c, node.Id, nodeHealthName, pbcatalog.Health_HEALTH_CRITICAL) // Delete the node and wait for the health status to be deleted. c.MustDelete(t, node.Id) @@ -248,13 +246,11 @@ func runV2Beta1NodeAssociatedWorkloadLifecycleIntegrationTest(t *testing.T, c *r // Insert a some nodes to link the workloads to at various points throughout the test node1 := rtest.Resource(pbcatalog.NodeType, nodeName1). - WithTenancy(resource.DefaultPartitionedTenancy()). WithData(t, &pbcatalog.Node{ Addresses: []*pbcatalog.NodeAddress{{Host: "172.17.9.10"}}, }). Write(t, c) node2 := rtest.Resource(pbcatalog.NodeType, nodeName2). - WithTenancy(resource.DefaultPartitionedTenancy()). WithData(t, &pbcatalog.Node{ Addresses: []*pbcatalog.NodeAddress{{Host: "172.17.9.11"}}, }). @@ -263,8 +259,8 @@ func runV2Beta1NodeAssociatedWorkloadLifecycleIntegrationTest(t *testing.T, c *r // Set some non-passing health statuses for those nodes. Using non-passing will make // it easy to see that changing a passing workloads node association appropriately // impacts the overall workload health. - setNodeHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_CRITICAL) - setNodeHealthStatus(t, c, node2.Id, nodeHealthName2, pbcatalog.Health_HEALTH_WARNING) + setHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_CRITICAL) + setHealthStatus(t, c, node2.Id, nodeHealthName2, pbcatalog.Health_HEALTH_WARNING) // Add the workload but don't immediately associate with any node. workload := rtest.Resource(pbcatalog.WorkloadType, workloadName). @@ -337,7 +333,7 @@ func runV2Beta1NodeAssociatedWorkloadLifecycleIntegrationTest(t *testing.T, c *r Write(t, c) // Also set node 1 health down to WARNING - setNodeHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_WARNING) + setHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_WARNING) // Wait for the workload health controller to mark the workload as warning (due to node 1 having warning health now) c.WaitForStatusCondition(t, workload.Id, @@ -718,13 +714,3 @@ func setHealthStatus(t *testing.T, client *rtest.Client, owner *pbresource.ID, n WithOwner(owner). Write(t, client) } - -func setNodeHealthStatus(t *testing.T, client *rtest.Client, owner *pbresource.ID, name string, health pbcatalog.Health) *pbresource.Resource { - return rtest.Resource(pbcatalog.NodeHealthStatusType, name). - WithData(t, &pbcatalog.NodeHealthStatus{ - Type: "synthetic", - Status: health, - }). - WithOwner(owner). - Write(t, client) -} diff --git a/internal/catalog/internal/controllers/endpoints/controller_test.go b/internal/catalog/internal/controllers/endpoints/controller_test.go index 35c235260181a..5a0155ef76837 100644 --- a/internal/catalog/internal/controllers/endpoints/controller_test.go +++ b/internal/catalog/internal/controllers/endpoints/controller_test.go @@ -5,7 +5,6 @@ package endpoints import ( "context" - "fmt" "testing" "github.com/stretchr/testify/require" @@ -16,7 +15,6 @@ import ( "github.com/hashicorp/consul/internal/catalog/internal/types" "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/resource/mappers/selectiontracker" - "github.com/hashicorp/consul/internal/resource/resourcetest" rtest "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -443,16 +441,11 @@ type controllerSuite struct { tracker *selectiontracker.WorkloadSelectionTracker reconciler *serviceEndpointsReconciler - tenancies []*pbresource.Tenancy } func (suite *controllerSuite) SetupTest() { - suite.tenancies = resourcetest.TestTenancies() suite.ctx = testutil.TestContext(suite.T()) - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register). - WithTenancies(suite.tenancies...). - Run(suite.T()) + client := svctest.RunResourceService(suite.T(), types.Register) suite.rt = controller.Runtime{ Client: client, Logger: testutil.Logger(suite.T()), @@ -485,28 +478,25 @@ func (suite *controllerSuite) TestReconcile_ServiceNotFound() { // generate a workload resource to use for checking if it maps // to a service endpoints object + workload := rtest.Resource(pbcatalog.WorkloadType, "foo").Build() - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - workload := rtest.Resource(pbcatalog.WorkloadType, "foo").WithTenancy(tenancy).Build() + // ensure that the tracker knows about the service prior to + // calling reconcile so that we can ensure it removes tracking + id := rtest.Resource(pbcatalog.ServiceEndpointsType, "not-found").ID() + suite.tracker.TrackIDForSelector(id, &pbcatalog.WorkloadSelector{Prefixes: []string{""}}) - // ensure that the tracker knows about the service prior to - // calling reconcile so that we can ensure it removes tracking - id := rtest.Resource(pbcatalog.ServiceEndpointsType, "not-found").WithTenancy(tenancy).ID() - suite.tracker.TrackIDForSelector(id, &pbcatalog.WorkloadSelector{Prefixes: []string{""}}) + // verify that mapping the workload to service endpoints returns a + // non-empty list prior to reconciliation which should remove the + // tracking. + suite.requireTracking(workload, id) - // verify that mapping the workload to service endpoints returns a - // non-empty list prior to reconciliation which should remove the - // tracking. - suite.requireTracking(workload, id) - - // Because the endpoints don't exist, this reconcile call should - // cause tracking of the endpoints to be removed - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) + // Because the endpoints don't exist, this reconcile call should + // cause tracking of the endpoints to be removed + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) + require.NoError(suite.T(), err) - // Now ensure that the tracking was removed - suite.requireTracking(workload) - }) + // Now ensure that the tracking was removed + suite.requireTracking(workload) } func (suite *controllerSuite) TestReconcile_NoSelector_NoEndpoints() { @@ -515,23 +505,20 @@ func (suite *controllerSuite) TestReconcile_NoSelector_NoEndpoints() { // managed. Additionally, with no endpoints pre-existing it will // not attempt to delete them. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - service := rtest.Resource(pbcatalog.ServiceType, "test"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) + service := rtest.Resource(pbcatalog.ServiceType, "test"). + WithData(suite.T(), &pbcatalog.Service{ + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }). + Write(suite.T(), suite.client) - endpointsID := rtest.Resource(pbcatalog.ServiceEndpointsType, "test").WithTenancy(tenancy).ID() + endpointsID := rtest.Resource(pbcatalog.ServiceEndpointsType, "test").ID() - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: endpointsID}) - require.NoError(suite.T(), err) + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: endpointsID}) + require.NoError(suite.T(), err) - suite.client.RequireStatusCondition(suite.T(), service.Id, StatusKey, ConditionUnmanaged) - }) + suite.client.RequireStatusCondition(suite.T(), service.Id, StatusKey, ConditionUnmanaged) } func (suite *controllerSuite) TestReconcile_NoSelector_ManagedEndpoints() { @@ -539,30 +526,26 @@ func (suite *controllerSuite) TestReconcile_NoSelector_ManagedEndpoints() { // to unmanaged endpoints for a service, any already generated managed endpoints // get deleted. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - service := rtest.Resource(pbcatalog.ServiceType, "test"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) - - endpoints := rtest.Resource(pbcatalog.ServiceEndpointsType, "test"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.ServiceEndpoints{}). - // this marks these endpoints as under management - WithMeta(endpointsMetaManagedBy, StatusKey). - Write(suite.T(), suite.client) - - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: endpoints.Id}) - require.NoError(suite.T(), err) - // the status should indicate the services endpoints are not being managed - suite.client.RequireStatusCondition(suite.T(), service.Id, StatusKey, ConditionUnmanaged) - // endpoints under management should be deleted - suite.client.RequireResourceNotFound(suite.T(), endpoints.Id) - }) + service := rtest.Resource(pbcatalog.ServiceType, "test"). + WithData(suite.T(), &pbcatalog.Service{ + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }). + Write(suite.T(), suite.client) + + endpoints := rtest.Resource(pbcatalog.ServiceEndpointsType, "test"). + WithData(suite.T(), &pbcatalog.ServiceEndpoints{}). + // this marks these endpoints as under management + WithMeta(endpointsMetaManagedBy, StatusKey). + Write(suite.T(), suite.client) + + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: endpoints.Id}) + require.NoError(suite.T(), err) + // the status should indicate the services endpoints are not being managed + suite.client.RequireStatusCondition(suite.T(), service.Id, StatusKey, ConditionUnmanaged) + // endpoints under management should be deleted + suite.client.RequireResourceNotFound(suite.T(), endpoints.Id) } func (suite *controllerSuite) TestReconcile_NoSelector_UnmanagedEndpoints() { @@ -570,73 +553,65 @@ func (suite *controllerSuite) TestReconcile_NoSelector_UnmanagedEndpoints() { // doesn't have its endpoints managed, that we do not delete any unmanaged // ServiceEndpoints resource that the user would have manually written. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - service := rtest.Resource(pbcatalog.ServiceType, "test"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) - - endpoints := rtest.Resource(pbcatalog.ServiceEndpointsType, "test"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.ServiceEndpoints{}). - Write(suite.T(), suite.client) - - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: endpoints.Id}) - require.NoError(suite.T(), err) - // the status should indicate the services endpoints are not being managed - suite.client.RequireStatusCondition(suite.T(), service.Id, StatusKey, ConditionUnmanaged) - // unmanaged endpoints should not be deleted when the service is unmanaged - suite.client.RequireResourceExists(suite.T(), endpoints.Id) - }) + service := rtest.Resource(pbcatalog.ServiceType, "test"). + WithData(suite.T(), &pbcatalog.Service{ + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }). + Write(suite.T(), suite.client) + + endpoints := rtest.Resource(pbcatalog.ServiceEndpointsType, "test"). + WithData(suite.T(), &pbcatalog.ServiceEndpoints{}). + Write(suite.T(), suite.client) + + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: endpoints.Id}) + require.NoError(suite.T(), err) + // the status should indicate the services endpoints are not being managed + suite.client.RequireStatusCondition(suite.T(), service.Id, StatusKey, ConditionUnmanaged) + // unmanaged endpoints should not be deleted when the service is unmanaged + suite.client.RequireResourceExists(suite.T(), endpoints.Id) } func (suite *controllerSuite) TestReconcile_Managed_NoPreviousEndpoints() { // This test's purpose is to ensure the managed endpoint generation occurs // as expected when there are no pre-existing endpoints. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - service := rtest.Resource(pbcatalog.ServiceType, "test"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{""}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) + service := rtest.Resource(pbcatalog.ServiceType, "test"). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{""}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }). + Write(suite.T(), suite.client) - endpointsID := rtest.Resource(pbcatalog.ServiceEndpointsType, "test").WithTenancy(tenancy).ID() + endpointsID := rtest.Resource(pbcatalog.ServiceEndpointsType, "test").ID() - rtest.Resource(pbcatalog.WorkloadType, "test-workload"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{{Host: "127.0.0.1"}}, - Ports: map[string]*pbcatalog.WorkloadPort{ - "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) + rtest.Resource(pbcatalog.WorkloadType, "test-workload"). + WithData(suite.T(), &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{{Host: "127.0.0.1"}}, + Ports: map[string]*pbcatalog.WorkloadPort{ + "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }). + Write(suite.T(), suite.client) - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: endpointsID}) - require.NoError(suite.T(), err) + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: endpointsID}) + require.NoError(suite.T(), err) - // Verify that the services status has been set to indicate endpoints are automatically managed. - suite.client.RequireStatusCondition(suite.T(), service.Id, StatusKey, ConditionManaged) + // Verify that the services status has been set to indicate endpoints are automatically managed. + suite.client.RequireStatusCondition(suite.T(), service.Id, StatusKey, ConditionManaged) - // The service endpoints metadata should include our tag to indcate it was generated by this controller - res := suite.client.RequireResourceMeta(suite.T(), endpointsID, endpointsMetaManagedBy, StatusKey) + // The service endpoints metadata should include our tag to indcate it was generated by this controller + res := suite.client.RequireResourceMeta(suite.T(), endpointsID, endpointsMetaManagedBy, StatusKey) - var endpoints pbcatalog.ServiceEndpoints - err = res.Data.UnmarshalTo(&endpoints) - require.NoError(suite.T(), err) - require.Len(suite.T(), endpoints.Endpoints, 1) - }) + var endpoints pbcatalog.ServiceEndpoints + err = res.Data.UnmarshalTo(&endpoints) + require.NoError(suite.T(), err) + require.Len(suite.T(), endpoints.Endpoints, 1) // We are not going to retest that the workloads to endpoints conversion process // The length check should be sufficient to prove the endpoints are being // converted. The unit tests for the workloadsToEndpoints functions prove that @@ -647,46 +622,41 @@ func (suite *controllerSuite) TestReconcile_Managed_ExistingEndpoints() { // This test's purpose is to ensure that when the current set of endpoints // differs from any prior set of endpoints that the resource gets rewritten. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - service := rtest.Resource(pbcatalog.ServiceType, "test"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{""}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) - - endpoints := rtest.Resource(pbcatalog.ServiceEndpointsType, "test"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.ServiceEndpoints{}). - WithOwner(service.Id). - Write(suite.T(), suite.client) - - rtest.Resource(pbcatalog.WorkloadType, "test-workload"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{{Host: "127.0.0.1"}}, - Ports: map[string]*pbcatalog.WorkloadPort{ - "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) + service := rtest.Resource(pbcatalog.ServiceType, "test"). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{""}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }). + Write(suite.T(), suite.client) - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: endpoints.Id}) - require.NoError(suite.T(), err) + endpoints := rtest.Resource(pbcatalog.ServiceEndpointsType, "test"). + WithData(suite.T(), &pbcatalog.ServiceEndpoints{}). + WithOwner(service.Id). + Write(suite.T(), suite.client) - suite.client.RequireStatusCondition(suite.T(), service.Id, StatusKey, ConditionManaged) - res := suite.client.RequireResourceMeta(suite.T(), endpoints.Id, endpointsMetaManagedBy, StatusKey) + rtest.Resource(pbcatalog.WorkloadType, "test-workload"). + WithData(suite.T(), &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{{Host: "127.0.0.1"}}, + Ports: map[string]*pbcatalog.WorkloadPort{ + "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }). + Write(suite.T(), suite.client) - var newEndpoints pbcatalog.ServiceEndpoints - err = res.Data.UnmarshalTo(&newEndpoints) - require.NoError(suite.T(), err) - require.Len(suite.T(), newEndpoints.Endpoints, 1) - }) + err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: endpoints.Id}) + require.NoError(suite.T(), err) + + suite.client.RequireStatusCondition(suite.T(), service.Id, StatusKey, ConditionManaged) + res := suite.client.RequireResourceMeta(suite.T(), endpoints.Id, endpointsMetaManagedBy, StatusKey) + + var newEndpoints pbcatalog.ServiceEndpoints + err = res.Data.UnmarshalTo(&newEndpoints) + require.NoError(suite.T(), err) + require.Len(suite.T(), newEndpoints.Endpoints, 1) } func (suite *controllerSuite) TestController() { @@ -703,202 +673,184 @@ func (suite *controllerSuite) TestController() { mgr.SetRaftLeader(true) go mgr.Run(suite.ctx) - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Add a service - there are no workloads so an empty endpoints - // object should be created. - service := rtest.Resource(pbcatalog.ServiceType, "api"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) - - // Wait for the controller to record that the endpoints are being managed - res := suite.client.WaitForReconciliation(suite.T(), service.Id, StatusKey) - // Check that the services status was updated accordingly - rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionManaged) - rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionIdentitiesNotFound) - - // Check that the endpoints resource exists and contains 0 endpoints - endpointsID := rtest.Resource(pbcatalog.ServiceEndpointsType, "api").WithTenancy(tenancy).ID() - endpoints := suite.client.RequireResourceExists(suite.T(), endpointsID) - suite.requireEndpoints(endpoints) - - // Now add a workload that would be selected by the service. Leave - // the workload in a state where its health has not been reconciled - workload := rtest.Resource(pbcatalog.WorkloadType, "api-1"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{{Host: "127.0.0.1"}}, - Ports: map[string]*pbcatalog.WorkloadPort{ - "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - "grpc": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - }, - Identity: "api", - }). - Write(suite.T(), suite.client) - - suite.client.WaitForStatusCondition(suite.T(), service.Id, StatusKey, - ConditionIdentitiesFound([]string{"api"})) - - // Wait for the endpoints to be regenerated - endpoints = suite.client.WaitForNewVersion(suite.T(), endpointsID, endpoints.Version) - - // Verify that the generated endpoints now contain the workload - suite.requireEndpoints(endpoints, &pbcatalog.Endpoint{ - TargetRef: workload.Id, - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: "127.0.0.1", Ports: []string{"http"}}, + // Add a service - there are no workloads so an empty endpoints + // object should be created. + service := rtest.Resource(pbcatalog.ServiceType, "api"). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, }, + }). + Write(suite.T(), suite.client) + + // Wait for the controller to record that the endpoints are being managed + res := suite.client.WaitForReconciliation(suite.T(), service.Id, StatusKey) + // Check that the services status was updated accordingly + rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionManaged) + rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionIdentitiesNotFound) + + // Check that the endpoints resource exists and contains 0 endpoints + endpointsID := rtest.Resource(pbcatalog.ServiceEndpointsType, "api").ID() + endpoints := suite.client.RequireResourceExists(suite.T(), endpointsID) + suite.requireEndpoints(endpoints) + + // Now add a workload that would be selected by the service. Leave + // the workload in a state where its health has not been reconciled + workload := rtest.Resource(pbcatalog.WorkloadType, "api-1"). + WithData(suite.T(), &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{{Host: "127.0.0.1"}}, Ports: map[string]*pbcatalog.WorkloadPort{ "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + "grpc": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, }, - HealthStatus: pbcatalog.Health_HEALTH_CRITICAL, - Identity: "api", - }) + Identity: "api", + }). + Write(suite.T(), suite.client) - // Update the health status of the workload - suite.client.WriteStatus(suite.ctx, &pbresource.WriteStatusRequest{ - Id: workload.Id, - Key: workloadhealth.StatusKey, - Status: &pbresource.Status{ - ObservedGeneration: workload.Generation, - Conditions: []*pbresource.Condition{ - { - Type: workloadhealth.StatusConditionHealthy, - State: pbresource.Condition_STATE_TRUE, - Reason: "HEALTH_PASSING", - }, + suite.client.WaitForStatusCondition(suite.T(), service.Id, StatusKey, + ConditionIdentitiesFound([]string{"api"})) + + // Wait for the endpoints to be regenerated + endpoints = suite.client.WaitForNewVersion(suite.T(), endpointsID, endpoints.Version) + + // Verify that the generated endpoints now contain the workload + suite.requireEndpoints(endpoints, &pbcatalog.Endpoint{ + TargetRef: workload.Id, + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "127.0.0.1", Ports: []string{"http"}}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + HealthStatus: pbcatalog.Health_HEALTH_CRITICAL, + Identity: "api", + }) + + // Update the health status of the workload + suite.client.WriteStatus(suite.ctx, &pbresource.WriteStatusRequest{ + Id: workload.Id, + Key: workloadhealth.StatusKey, + Status: &pbresource.Status{ + ObservedGeneration: workload.Generation, + Conditions: []*pbresource.Condition{ + { + Type: workloadhealth.StatusConditionHealthy, + State: pbresource.Condition_STATE_TRUE, + Reason: "HEALTH_PASSING", }, }, - }) + }, + }) - // Wait for the endpoints to be regenerated - endpoints = suite.client.WaitForNewVersion(suite.T(), endpointsID, endpoints.Version) + // Wait for the endpoints to be regenerated + endpoints = suite.client.WaitForNewVersion(suite.T(), endpointsID, endpoints.Version) - // ensure the endpoint was put into the passing state - suite.requireEndpoints(endpoints, &pbcatalog.Endpoint{ - TargetRef: workload.Id, - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: "127.0.0.1", Ports: []string{"http"}}, - }, + // ensure the endpoint was put into the passing state + suite.requireEndpoints(endpoints, &pbcatalog.Endpoint{ + TargetRef: workload.Id, + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "127.0.0.1", Ports: []string{"http"}}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + HealthStatus: pbcatalog.Health_HEALTH_PASSING, + Identity: "api", + }) + + // Update workload identity and check that the status on the service is updated + workload = rtest.Resource(pbcatalog.WorkloadType, "api-1"). + WithData(suite.T(), &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{{Host: "127.0.0.1"}}, Ports: map[string]*pbcatalog.WorkloadPort{ "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + "grpc": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, }, - HealthStatus: pbcatalog.Health_HEALTH_PASSING, - Identity: "api", - }) + Identity: "endpoints-api-identity", + }). + Write(suite.T(), suite.client) - // Update workload identity and check that the status on the service is updated - workload = rtest.Resource(pbcatalog.WorkloadType, "api-1").WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{{Host: "127.0.0.1"}}, - Ports: map[string]*pbcatalog.WorkloadPort{ - "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - "grpc": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - }, - Identity: "endpoints-api-identity", - }). - Write(suite.T(), suite.client) - - suite.client.WaitForStatusCondition(suite.T(), service.Id, StatusKey, ConditionIdentitiesFound([]string{"endpoints-api-identity"})) - - // Verify that the generated endpoints now contain the workload - endpoints = suite.client.WaitForNewVersion(suite.T(), endpointsID, endpoints.Version) - suite.requireEndpoints(endpoints, &pbcatalog.Endpoint{ - TargetRef: workload.Id, - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: "127.0.0.1", Ports: []string{"http"}}, + suite.client.WaitForStatusCondition(suite.T(), service.Id, StatusKey, ConditionIdentitiesFound([]string{"endpoints-api-identity"})) + + // Verify that the generated endpoints now contain the workload + endpoints = suite.client.WaitForNewVersion(suite.T(), endpointsID, endpoints.Version) + suite.requireEndpoints(endpoints, &pbcatalog.Endpoint{ + TargetRef: workload.Id, + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "127.0.0.1", Ports: []string{"http"}}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + HealthStatus: pbcatalog.Health_HEALTH_PASSING, + Identity: "endpoints-api-identity", + }) + + // rewrite the service to add more selection criteria. This should trigger + // reconciliation but shouldn't result in updating the endpoints because + // the actual list of currently selected workloads has not changed + rtest.Resource(pbcatalog.ServiceType, "api"). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + Names: []string{"doesnt-matter"}, }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, }, - HealthStatus: pbcatalog.Health_HEALTH_PASSING, - Identity: "endpoints-api-identity", - }) - - // rewrite the service to add more selection criteria. This should trigger - // reconciliation but shouldn't result in updating the endpoints because - // the actual list of currently selected workloads has not changed - rtest.Resource(pbcatalog.ServiceType, "api").WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - Names: []string{"doesnt-matter"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) + }). + Write(suite.T(), suite.client) - // Wait for the service status' observed generation to get bumped - service = suite.client.WaitForReconciliation(suite.T(), service.Id, StatusKey) + // Wait for the service status' observed generation to get bumped + service = suite.client.WaitForReconciliation(suite.T(), service.Id, StatusKey) - // Verify that the endpoints were not regenerated - suite.client.RequireVersionUnchanged(suite.T(), endpointsID, endpoints.Version) + // Verify that the endpoints were not regenerated + suite.client.RequireVersionUnchanged(suite.T(), endpointsID, endpoints.Version) - // Update the service. - updatedService := rtest.Resource(pbcatalog.ServiceType, "api"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - }, - }). - Write(suite.T(), suite.client) + // Update the service. + updatedService := rtest.Resource(pbcatalog.ServiceType, "api"). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + }, + }). + Write(suite.T(), suite.client) - // Wait for the endpoints to be regenerated - endpoints = suite.client.WaitForNewVersion(suite.T(), endpointsID, endpoints.Version) - rtest.RequireOwner(suite.T(), endpoints, updatedService.Id, false) + // Wait for the endpoints to be regenerated + endpoints = suite.client.WaitForNewVersion(suite.T(), endpointsID, endpoints.Version) + rtest.RequireOwner(suite.T(), endpoints, updatedService.Id, false) - // Delete the endpoints. The controller should bring these back momentarily - suite.client.Delete(suite.ctx, &pbresource.DeleteRequest{Id: endpointsID}) + // Delete the endpoints. The controller should bring these back momentarily + suite.client.Delete(suite.ctx, &pbresource.DeleteRequest{Id: endpointsID}) - // Wait for controller to recreate the endpoints - retry.Run(suite.T(), func(r *retry.R) { - suite.client.RequireResourceExists(r, endpointsID) - }) + // Wait for controller to recreate the endpoints + retry.Run(suite.T(), func(r *retry.R) { + suite.client.RequireResourceExists(r, endpointsID) + }) - // Move the service to having unmanaged endpoints - rtest.Resource(pbcatalog.ServiceType, "api"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) + // Move the service to having unmanaged endpoints + rtest.Resource(pbcatalog.ServiceType, "api"). + WithData(suite.T(), &pbcatalog.Service{ + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }). + Write(suite.T(), suite.client) - res = suite.client.WaitForReconciliation(suite.T(), service.Id, StatusKey) - rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionUnmanaged) + res = suite.client.WaitForReconciliation(suite.T(), service.Id, StatusKey) + rtest.RequireStatusCondition(suite.T(), res, StatusKey, ConditionUnmanaged) - // Verify that the endpoints were deleted - suite.client.RequireResourceNotFound(suite.T(), endpointsID) - }) + // Verify that the endpoints were deleted + suite.client.RequireResourceNotFound(suite.T(), endpointsID) } func TestController(t *testing.T) { suite.Run(t, new(controllerSuite)) } - -func (suite *controllerSuite) runTestCaseWithTenancies(testFunc func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - testFunc(tenancy) - }) - } -} - -func (suite *controllerSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) -} diff --git a/internal/catalog/internal/controllers/endpoints/reconciliation_data.go b/internal/catalog/internal/controllers/endpoints/reconciliation_data.go index 186354eda9e0d..320ad47470d5b 100644 --- a/internal/catalog/internal/controllers/endpoints/reconciliation_data.go +++ b/internal/catalog/internal/controllers/endpoints/reconciliation_data.go @@ -34,7 +34,7 @@ type workloadData struct { // getServiceData will read the service with the given ID and unmarshal the // Data field. The return value is a struct that contains the retrieved -// resource as well as the unmarshalled form. If the resource doesn't +// resource as well as the unmsashalled form. If the resource doesn't // exist, nil will be returned. Any other error either with retrieving // the resource or unmarshalling it will cause the error to be returned // to the caller diff --git a/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go b/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go index 14c729e2cfa37..d855c710f6c28 100644 --- a/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go +++ b/internal/catalog/internal/controllers/endpoints/reconciliation_data_test.go @@ -5,7 +5,6 @@ package endpoints import ( "context" - "fmt" "testing" "github.com/stretchr/testify/require" @@ -18,7 +17,6 @@ import ( "github.com/hashicorp/consul/internal/catalog/internal/types" "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/resource/resourcetest" rtest "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -30,7 +28,7 @@ type reconciliationDataSuite struct { suite.Suite ctx context.Context - client *resourcetest.Client + client pbresource.ResourceServiceClient rt controller.Runtime apiServiceData *pbcatalog.Service @@ -43,18 +41,11 @@ type reconciliationDataSuite struct { api123Workload *pbresource.Resource web1Workload *pbresource.Resource web2Workload *pbresource.Resource - - tenancies []*pbresource.Tenancy } func (suite *reconciliationDataSuite) SetupTest() { suite.ctx = testutil.TestContext(suite.T()) - suite.tenancies = rtest.TestTenancies() - resourceClient := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register). - WithTenancies(suite.tenancies...). - Run(suite.T()) - suite.client = resourcetest.NewClient(resourceClient) + suite.client = svctest.RunResourceService(suite.T(), types.Register) suite.rt = controller.Runtime{ Client: suite.client, Logger: testutil.Logger(suite.T()), @@ -76,174 +67,16 @@ func (suite *reconciliationDataSuite) SetupTest() { } suite.apiServiceSubsetData = proto.Clone(suite.apiServiceData).(*pbcatalog.Service) suite.apiServiceSubsetData.Workloads.Filter = "(zim in metadata) and (metadata.zim matches `^g.`)" -} - -func (suite *reconciliationDataSuite) TestGetServiceData_NotFound() { - // This test's purposes is to ensure that NotFound errors when retrieving - // the service data are ignored properly. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - data, err := getServiceData(suite.ctx, suite.rt, rtest.Resource(pbcatalog.ServiceType, "not-found").WithTenancy(tenancy).ID()) - require.NoError(suite.T(), err) - require.Nil(suite.T(), data) - }) -} - -func (suite *reconciliationDataSuite) TestGetServiceData_ReadError() { - // This test's purpose is to ensure that Read errors other than NotFound - // are propagated back to the caller. Specifying a resource ID with an - // unregistered type is the easiest way to force a resource service error. - badType := &pbresource.Type{ - Group: "not", - Kind: "found", - GroupVersion: "vfake", - } - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - data, err := getServiceData(suite.ctx, suite.rt, rtest.Resource(badType, "foo").WithTenancy(tenancy).ID()) - require.Error(suite.T(), err) - require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) - require.Nil(suite.T(), data) - }) -} -func (suite *reconciliationDataSuite) TestGetServiceData_UnmarshalError() { - // This test's purpose is to ensure that unmarshlling errors are returned - // to the caller. We are using a resource id that points to an endpoints - // object instead of a service to ensure that the data will be unmarshallable. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - data, err := getServiceData(suite.ctx, suite.rt, rtest.Resource(pbcatalog.ServiceEndpointsType, "api").WithTenancy(tenancy).ID()) - require.Error(suite.T(), err) - var parseErr resource.ErrDataParse - require.ErrorAs(suite.T(), err, &parseErr) - require.Nil(suite.T(), data) - }) -} - -func (suite *reconciliationDataSuite) TestGetServiceData_Ok() { - // This test's purpose is to ensure that the happy path for - // retrieving a service works as expected. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - data, err := getServiceData(suite.ctx, suite.rt, suite.apiService.Id) - require.NoError(suite.T(), err) - require.NotNil(suite.T(), data) - require.NotNil(suite.T(), data.resource) - prototest.AssertDeepEqual(suite.T(), suite.apiService.Id, data.resource.Id) - require.Len(suite.T(), data.service.Ports, 1) - }) -} - -func (suite *reconciliationDataSuite) TestGetEndpointsData_NotFound() { - // This test's purposes is to ensure that NotFound errors when retrieving - // the endpoint data are ignored properly. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - data, err := getEndpointsData(suite.ctx, suite.rt, rtest.Resource(pbcatalog.ServiceEndpointsType, "not-found").WithTenancy(tenancy).ID()) - require.NoError(suite.T(), err) - require.Nil(suite.T(), data) - }) -} - -func (suite *reconciliationDataSuite) TestGetEndpointsData_ReadError() { - // This test's purpose is to ensure that Read errors other than NotFound - // are propagated back to the caller. Specifying a resource ID with an - // unregistered type is the easiest way to force a resource service error. - badType := &pbresource.Type{ - Group: "not", - Kind: "found", - GroupVersion: "vfake", - } - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - data, err := getEndpointsData(suite.ctx, suite.rt, rtest.Resource(badType, "foo").WithTenancy(tenancy).ID()) - require.Error(suite.T(), err) - require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) - require.Nil(suite.T(), data) - }) -} - -func (suite *reconciliationDataSuite) TestGetEndpointsData_UnmarshalError() { - // This test's purpose is to ensure that unmarshlling errors are returned - // to the caller. We are using a resource id that points to a service object - // instead of an endpoints object to ensure that the data will be unmarshallable. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - data, err := getEndpointsData(suite.ctx, suite.rt, rtest.Resource(pbcatalog.ServiceType, "api").WithTenancy(tenancy).ID()) - require.Error(suite.T(), err) - var parseErr resource.ErrDataParse - require.ErrorAs(suite.T(), err, &parseErr) - require.Nil(suite.T(), data) - }) -} - -func (suite *reconciliationDataSuite) TestGetEndpointsData_Ok() { - // This test's purpose is to ensure that the happy path for - // retrieving an endpoints object works as expected. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - data, err := getEndpointsData(suite.ctx, suite.rt, suite.apiEndpoints.Id) - require.NoError(suite.T(), err) - require.NotNil(suite.T(), data) - require.NotNil(suite.T(), data.resource) - prototest.AssertDeepEqual(suite.T(), suite.apiEndpoints.Id, data.resource.Id) - require.Len(suite.T(), data.endpoints.Endpoints, 1) - }) -} - -func (suite *reconciliationDataSuite) TestGetWorkloadData() { - // This test's purpose is to ensure that gather workloads for - // a service work as expected. The services selector was crafted - // to exercise the deduplication behavior as well as the sorting - // behavior. The assertions in this test will verify that only - // unique workloads are returned and that they are ordered. - - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - require.NotNil(suite.T(), suite.apiService) - - data, err := getWorkloadData(suite.ctx, suite.rt, &serviceData{ - resource: suite.apiService, - service: suite.apiServiceData, - }) - - require.NoError(suite.T(), err) - require.Len(suite.T(), data, 5) - prototest.AssertDeepEqual(suite.T(), suite.api1Workload, data[0].resource) - prototest.AssertDeepEqual(suite.T(), suite.api123Workload, data[1].resource) - prototest.AssertDeepEqual(suite.T(), suite.api2Workload, data[2].resource) - prototest.AssertDeepEqual(suite.T(), suite.web1Workload, data[3].resource) - prototest.AssertDeepEqual(suite.T(), suite.web2Workload, data[4].resource) - }) -} - -func (suite *reconciliationDataSuite) TestGetWorkloadDataWithFilter() { - // This is like TestGetWorkloadData except it exercises the post-read - // filter on the selector. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - require.NotNil(suite.T(), suite.apiServiceSubset) - - data, err := getWorkloadData(suite.ctx, suite.rt, &serviceData{ - resource: suite.apiServiceSubset, - service: suite.apiServiceSubsetData, - }) - - require.NoError(suite.T(), err) - require.Len(suite.T(), data, 2) - prototest.AssertDeepEqual(suite.T(), suite.api123Workload, data[0].resource) - prototest.AssertDeepEqual(suite.T(), suite.web1Workload, data[1].resource) - }) -} - -func TestReconciliationData(t *testing.T) { - suite.Run(t, new(reconciliationDataSuite)) -} - -func (suite *reconciliationDataSuite) setupResourcesWithTenancy(tenancy *pbresource.Tenancy) { suite.apiService = rtest.Resource(pbcatalog.ServiceType, "api"). - WithTenancy(tenancy). WithData(suite.T(), suite.apiServiceData). Write(suite.T(), suite.client) suite.apiServiceSubset = rtest.Resource(pbcatalog.ServiceType, "api-subset"). - WithTenancy(tenancy). WithData(suite.T(), suite.apiServiceSubsetData). Write(suite.T(), suite.client) suite.api1Workload = rtest.Resource(pbcatalog.WorkloadType, "api-1"). - WithTenancy(tenancy). WithMeta("zim", "dib"). WithData(suite.T(), &pbcatalog.Workload{ Addresses: []*pbcatalog.WorkloadAddress{ @@ -257,7 +90,6 @@ func (suite *reconciliationDataSuite) setupResourcesWithTenancy(tenancy *pbresou Write(suite.T(), suite.client) suite.api2Workload = rtest.Resource(pbcatalog.WorkloadType, "api-2"). - WithTenancy(tenancy). WithData(suite.T(), &pbcatalog.Workload{ Addresses: []*pbcatalog.WorkloadAddress{ {Host: "127.0.0.1"}, @@ -270,7 +102,6 @@ func (suite *reconciliationDataSuite) setupResourcesWithTenancy(tenancy *pbresou Write(suite.T(), suite.client) suite.api123Workload = rtest.Resource(pbcatalog.WorkloadType, "api-123"). - WithTenancy(tenancy). WithMeta("zim", "gir"). WithData(suite.T(), &pbcatalog.Workload{ Addresses: []*pbcatalog.WorkloadAddress{ @@ -284,7 +115,6 @@ func (suite *reconciliationDataSuite) setupResourcesWithTenancy(tenancy *pbresou Write(suite.T(), suite.client) suite.web1Workload = rtest.Resource(pbcatalog.WorkloadType, "web-1"). - WithTenancy(tenancy). WithMeta("zim", "gaz"). WithData(suite.T(), &pbcatalog.Workload{ Addresses: []*pbcatalog.WorkloadAddress{ @@ -298,7 +128,6 @@ func (suite *reconciliationDataSuite) setupResourcesWithTenancy(tenancy *pbresou Write(suite.T(), suite.client) suite.web2Workload = rtest.Resource(pbcatalog.WorkloadType, "web-2"). - WithTenancy(tenancy). WithData(suite.T(), &pbcatalog.Workload{ Addresses: []*pbcatalog.WorkloadAddress{ {Host: "127.0.0.1"}, @@ -311,11 +140,10 @@ func (suite *reconciliationDataSuite) setupResourcesWithTenancy(tenancy *pbresou Write(suite.T(), suite.client) suite.apiEndpoints = rtest.Resource(pbcatalog.ServiceEndpointsType, "api"). - WithTenancy(tenancy). WithData(suite.T(), &pbcatalog.ServiceEndpoints{ Endpoints: []*pbcatalog.Endpoint{ { - TargetRef: rtest.Resource(pbcatalog.WorkloadType, "api-1").WithTenancy(tenancy).ID(), + TargetRef: rtest.Resource(pbcatalog.WorkloadType, "api-1").WithTenancy(resource.DefaultNamespacedTenancy()).ID(), Addresses: []*pbcatalog.WorkloadAddress{ { Host: "127.0.0.1", @@ -332,27 +160,131 @@ func (suite *reconciliationDataSuite) setupResourcesWithTenancy(tenancy *pbresou Write(suite.T(), suite.client) } -func (suite *reconciliationDataSuite) cleanupResources() { - suite.client.MustDelete(suite.T(), suite.apiService.Id) - suite.client.MustDelete(suite.T(), suite.apiServiceSubset.Id) - suite.client.MustDelete(suite.T(), suite.api1Workload.Id) - suite.client.MustDelete(suite.T(), suite.api2Workload.Id) - suite.client.MustDelete(suite.T(), suite.api123Workload.Id) - suite.client.MustDelete(suite.T(), suite.web1Workload.Id) - suite.client.MustDelete(suite.T(), suite.web2Workload.Id) - suite.client.MustDelete(suite.T(), suite.apiEndpoints.Id) +func (suite *reconciliationDataSuite) TestGetServiceData_NotFound() { + // This test's purposes is to ensure that NotFound errors when retrieving + // the service data are ignored properly. + data, err := getServiceData(suite.ctx, suite.rt, rtest.Resource(pbcatalog.ServiceType, "not-found").WithTenancy(resource.DefaultNamespacedTenancy()).ID()) + require.NoError(suite.T(), err) + require.Nil(suite.T(), data) +} + +func (suite *reconciliationDataSuite) TestGetServiceData_ReadError() { + // This test's purpose is to ensure that Read errors other than NotFound + // are propagated back to the caller. Specifying a resource ID with an + // unregistered type is the easiest way to force a resource service error. + badType := &pbresource.Type{ + Group: "not", + Kind: "found", + GroupVersion: "vfake", + } + data, err := getServiceData(suite.ctx, suite.rt, rtest.Resource(badType, "foo").ID()) + require.Error(suite.T(), err) + require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) + require.Nil(suite.T(), data) +} + +func (suite *reconciliationDataSuite) TestGetServiceData_UnmarshalError() { + // This test's purpose is to ensure that unmarshlling errors are returned + // to the caller. We are using a resource id that points to an endpoints + // object instead of a service to ensure that the data will be unmarshallable. + data, err := getServiceData(suite.ctx, suite.rt, rtest.Resource(pbcatalog.ServiceEndpointsType, "api").ID()) + require.Error(suite.T(), err) + var parseErr resource.ErrDataParse + require.ErrorAs(suite.T(), err, &parseErr) + require.Nil(suite.T(), data) +} + +func (suite *reconciliationDataSuite) TestGetServiceData_Ok() { + // This test's purpose is to ensure that the happy path for + // retrieving a service works as expected. + data, err := getServiceData(suite.ctx, suite.rt, suite.apiService.Id) + require.NoError(suite.T(), err) + require.NotNil(suite.T(), data) + require.NotNil(suite.T(), data.resource) + prototest.AssertDeepEqual(suite.T(), suite.apiService.Id, data.resource.Id) + require.Len(suite.T(), data.service.Ports, 1) +} + +func (suite *reconciliationDataSuite) TestGetEndpointsData_NotFound() { + // This test's purposes is to ensure that NotFound errors when retrieving + // the endpoint data are ignored properly. + data, err := getEndpointsData(suite.ctx, suite.rt, rtest.Resource(pbcatalog.ServiceEndpointsType, "not-found").ID()) + require.NoError(suite.T(), err) + require.Nil(suite.T(), data) } -func (suite *reconciliationDataSuite) runTestCaseWithTenancies(testFunc func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - suite.setupResourcesWithTenancy(tenancy) - testFunc(tenancy) - suite.T().Cleanup(suite.cleanupResources) - }) +func (suite *reconciliationDataSuite) TestGetEndpointsData_ReadError() { + // This test's purpose is to ensure that Read errors other than NotFound + // are propagated back to the caller. Specifying a resource ID with an + // unregistered type is the easiest way to force a resource service error. + badType := &pbresource.Type{ + Group: "not", + Kind: "found", + GroupVersion: "vfake", } + data, err := getEndpointsData(suite.ctx, suite.rt, rtest.Resource(badType, "foo").ID()) + require.Error(suite.T(), err) + require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) + require.Nil(suite.T(), data) +} + +func (suite *reconciliationDataSuite) TestGetEndpointsData_UnmarshalError() { + // This test's purpose is to ensure that unmarshlling errors are returned + // to the caller. We are using a resource id that points to a service object + // instead of an endpoints object to ensure that the data will be unmarshallable. + data, err := getEndpointsData(suite.ctx, suite.rt, rtest.Resource(pbcatalog.ServiceType, "api").ID()) + require.Error(suite.T(), err) + var parseErr resource.ErrDataParse + require.ErrorAs(suite.T(), err, &parseErr) + require.Nil(suite.T(), data) +} + +func (suite *reconciliationDataSuite) TestGetEndpointsData_Ok() { + // This test's purpose is to ensure that the happy path for + // retrieving an endpoints object works as expected. + data, err := getEndpointsData(suite.ctx, suite.rt, suite.apiEndpoints.Id) + require.NoError(suite.T(), err) + require.NotNil(suite.T(), data) + require.NotNil(suite.T(), data.resource) + prototest.AssertDeepEqual(suite.T(), suite.apiEndpoints.Id, data.resource.Id) + require.Len(suite.T(), data.endpoints.Endpoints, 1) } -func (suite *reconciliationDataSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) +func (suite *reconciliationDataSuite) TestGetWorkloadData() { + // This test's purpose is to ensure that gather workloads for + // a service work as expected. The services selector was crafted + // to exercise the deduplication behavior as well as the sorting + // behavior. The assertions in this test will verify that only + // unique workloads are returned and that they are ordered. + + data, err := getWorkloadData(suite.ctx, suite.rt, &serviceData{ + resource: suite.apiService, + service: suite.apiServiceData, + }) + + require.NoError(suite.T(), err) + require.Len(suite.T(), data, 5) + prototest.AssertDeepEqual(suite.T(), suite.api1Workload, data[0].resource) + prototest.AssertDeepEqual(suite.T(), suite.api123Workload, data[1].resource) + prototest.AssertDeepEqual(suite.T(), suite.api2Workload, data[2].resource) + prototest.AssertDeepEqual(suite.T(), suite.web1Workload, data[3].resource) + prototest.AssertDeepEqual(suite.T(), suite.web2Workload, data[4].resource) +} + +func (suite *reconciliationDataSuite) TestGetWorkloadDataWithFilter() { + // This is like TestGetWorkloadData except it exercises the post-read + // filter on the selector. + data, err := getWorkloadData(suite.ctx, suite.rt, &serviceData{ + resource: suite.apiServiceSubset, + service: suite.apiServiceSubsetData, + }) + + require.NoError(suite.T(), err) + require.Len(suite.T(), data, 2) + prototest.AssertDeepEqual(suite.T(), suite.api123Workload, data[0].resource) + prototest.AssertDeepEqual(suite.T(), suite.web1Workload, data[1].resource) +} + +func TestReconciliationData(t *testing.T) { + suite.Run(t, new(reconciliationDataSuite)) } diff --git a/internal/catalog/internal/controllers/failover/controller_test.go b/internal/catalog/internal/controllers/failover/controller_test.go index 30e19b4a17fa6..a82a6f0fdee60 100644 --- a/internal/catalog/internal/controllers/failover/controller_test.go +++ b/internal/catalog/internal/controllers/failover/controller_test.go @@ -5,7 +5,6 @@ package failover import ( "context" - "fmt" "testing" "github.com/stretchr/testify/suite" @@ -17,7 +16,6 @@ import ( "github.com/hashicorp/consul/internal/resource" rtest "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/sdk/testutil" ) @@ -31,24 +29,18 @@ type controllerSuite struct { failoverMapper FailoverMapper ctl failoverPolicyReconciler - - tenancies []*pbresource.Tenancy } func (suite *controllerSuite) SetupTest() { - suite.tenancies = rtest.TestTenancies() - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, types.RegisterDNSPolicy). - WithTenancies(suite.tenancies...). - Run(suite.T()) - + suite.ctx = testutil.TestContext(suite.T()) + client := svctest.RunResourceService(suite.T(), types.Register) suite.rt = controller.Runtime{ Client: client, Logger: testutil.Logger(suite.T()), } suite.client = rtest.NewClient(client) + suite.failoverMapper = failovermapper.New() - suite.ctx = testutil.TestContext(suite.T()) } func (suite *controllerSuite) TestController() { @@ -61,279 +53,216 @@ func (suite *controllerSuite) TestController() { mgr.SetRaftLeader(true) go mgr.Run(suite.ctx) - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Create an advance pointer to some services. - apiServiceRef := resource.Reference(rtest.Resource(pbcatalog.ServiceType, "api").WithTenancy(tenancy).ID(), "") - otherServiceRef := resource.Reference(rtest.Resource(pbcatalog.ServiceType, "other").WithTenancy(tenancy).ID(), "") + // Create an advance pointer to some services. + apiServiceRef := resource.Reference(rtest.Resource(pbcatalog.ServiceType, "api").WithTenancy(resource.DefaultNamespacedTenancy()).ID(), "") + otherServiceRef := resource.Reference(rtest.Resource(pbcatalog.ServiceType, "other").WithTenancy(resource.DefaultNamespacedTenancy()).ID(), "") - // create a failover without any services - failoverData := &pbcatalog.FailoverPolicy{ - Config: &pbcatalog.FailoverConfig{ + // create a failover without any services + failoverData := &pbcatalog.FailoverPolicy{ + Config: &pbcatalog.FailoverConfig{ + Destinations: []*pbcatalog.FailoverDestination{{ + Ref: apiServiceRef, + }}, + }, + } + failover := rtest.Resource(pbcatalog.FailoverPolicyType, "api"). + WithData(suite.T(), failoverData). + Write(suite.T(), suite.client) + + suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionMissingService) + + // Provide the service. + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}}, + Ports: []*pbcatalog.ServicePort{{ + TargetPort: "http", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }}, + } + _ = rtest.Resource(pbcatalog.ServiceType, "api"). + WithData(suite.T(), apiServiceData). + Write(suite.T(), suite.client) + suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK) + + // Update the failover to reference an unknown port + failoverData = &pbcatalog.FailoverPolicy{ + PortConfigs: map[string]*pbcatalog.FailoverConfig{ + "http": { Destinations: []*pbcatalog.FailoverDestination{{ - Ref: apiServiceRef, + Ref: apiServiceRef, + Port: "http", }}, }, - } - failover := rtest.Resource(pbcatalog.FailoverPolicyType, "api"). - WithData(suite.T(), failoverData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(failover.Id)) - - suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionMissingService) - - // Provide the service. - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}}, - Ports: []*pbcatalog.ServicePort{{ + "admin": { + Destinations: []*pbcatalog.FailoverDestination{{ + Ref: apiServiceRef, + Port: "admin", + }}, + }, + }, + } + _ = rtest.Resource(pbcatalog.FailoverPolicyType, "api"). + WithData(suite.T(), failoverData). + Write(suite.T(), suite.client) + suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownPort("admin")) + + // update the service to fix the stray reference, but point to a mesh port + apiServiceData = &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}}, + Ports: []*pbcatalog.ServicePort{ + { TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }}, - } - svc := rtest.Resource(pbcatalog.ServiceType, "api"). - WithData(suite.T(), apiServiceData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - - suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK) - - // Update the failover to reference an unknown port - failoverData = &pbcatalog.FailoverPolicy{ - PortConfigs: map[string]*pbcatalog.FailoverConfig{ - "http": { - Destinations: []*pbcatalog.FailoverDestination{{ - Ref: apiServiceRef, - Port: "http", - }}, - }, - "admin": { - Destinations: []*pbcatalog.FailoverDestination{{ - Ref: apiServiceRef, - Port: "admin", - }}, - }, - }, - } - svc = rtest.Resource(pbcatalog.FailoverPolicyType, "api"). - WithData(suite.T(), failoverData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - - suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownPort("admin")) - - // update the service to fix the stray reference, but point to a mesh port - apiServiceData = &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}}, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "http", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, - { - TargetPort: "admin", - Protocol: pbcatalog.Protocol_PROTOCOL_MESH, - }, }, - } - svc = rtest.Resource(pbcatalog.ServiceType, "api"). - WithData(suite.T(), apiServiceData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - - suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUsingMeshDestinationPort(apiServiceRef, "admin")) - - // update the service to fix the stray reference to not be a mesh port - apiServiceData = &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}}, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "http", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, - { - TargetPort: "admin", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, + { + TargetPort: "admin", + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, }, - } - svc = rtest.Resource(pbcatalog.ServiceType, "api"). - WithData(suite.T(), apiServiceData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - - suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK) - - // change failover leg to point to missing service - failoverData = &pbcatalog.FailoverPolicy{ - PortConfigs: map[string]*pbcatalog.FailoverConfig{ - "http": { - Destinations: []*pbcatalog.FailoverDestination{{ - Ref: apiServiceRef, - Port: "http", - }}, - }, - "admin": { - Destinations: []*pbcatalog.FailoverDestination{{ - Ref: otherServiceRef, - Port: "admin", - }}, - }, - }, - } - svc = rtest.Resource(pbcatalog.FailoverPolicyType, "api"). - WithData(suite.T(), failoverData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - - suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionMissingDestinationService(otherServiceRef)) - - // Create the missing service, but forget the port. - otherServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}}, - Ports: []*pbcatalog.ServicePort{{ + }, + } + _ = rtest.Resource(pbcatalog.ServiceType, "api"). + WithData(suite.T(), apiServiceData). + Write(suite.T(), suite.client) + suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUsingMeshDestinationPort(apiServiceRef, "admin")) + + // update the service to fix the stray reference to not be a mesh port + apiServiceData = &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}}, + Ports: []*pbcatalog.ServicePort{ + { TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }}, - } - svc = rtest.Resource(pbcatalog.ServiceType, "other"). - WithData(suite.T(), otherServiceData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - - suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownDestinationPort(otherServiceRef, "admin")) - - // fix the destination leg's port - otherServiceData = &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}}, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "http", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, - { - TargetPort: "admin", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, }, - } - svc = rtest.Resource(pbcatalog.ServiceType, "other"). - WithData(suite.T(), otherServiceData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - - suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK) - - // Update the two services to use differnet port names so the easy path doesn't work - apiServiceData = &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}}, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "foo", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, - { - TargetPort: "bar", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, + { + TargetPort: "admin", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, }, - } - svc = rtest.Resource(pbcatalog.ServiceType, "api"). - WithData(suite.T(), apiServiceData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - - otherServiceData = &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}}, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "foo", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, - { - TargetPort: "baz", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, + }, + } + _ = rtest.Resource(pbcatalog.ServiceType, "api"). + WithData(suite.T(), apiServiceData). + Write(suite.T(), suite.client) + suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK) + + // change failover leg to point to missing service + failoverData = &pbcatalog.FailoverPolicy{ + PortConfigs: map[string]*pbcatalog.FailoverConfig{ + "http": { + Destinations: []*pbcatalog.FailoverDestination{{ + Ref: apiServiceRef, + Port: "http", + }}, }, - } - svc = rtest.Resource(pbcatalog.ServiceType, "other"). - WithData(suite.T(), otherServiceData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - - failoverData = &pbcatalog.FailoverPolicy{ - Config: &pbcatalog.FailoverConfig{ + "admin": { Destinations: []*pbcatalog.FailoverDestination{{ - Ref: otherServiceRef, + Ref: otherServiceRef, + Port: "admin", }}, }, - } - failover = rtest.Resource(pbcatalog.FailoverPolicyType, "api"). - WithData(suite.T(), failoverData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(failover.Id)) - - suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownDestinationPort(otherServiceRef, "bar")) - - // and fix it the silly way by removing it from api+failover - apiServiceData = &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}}, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "foo", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, + }, + } + _ = rtest.Resource(pbcatalog.FailoverPolicyType, "api"). + WithData(suite.T(), failoverData). + Write(suite.T(), suite.client) + suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionMissingDestinationService(otherServiceRef)) + + // Create the missing service, but forget the port. + otherServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}}, + Ports: []*pbcatalog.ServicePort{{ + TargetPort: "http", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }}, + } + _ = rtest.Resource(pbcatalog.ServiceType, "other"). + WithData(suite.T(), otherServiceData). + Write(suite.T(), suite.client) + suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownDestinationPort(otherServiceRef, "admin")) + + // fix the destination leg's port + otherServiceData = &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}}, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "http", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, }, - } - svc = rtest.Resource(pbcatalog.ServiceType, "api"). - WithData(suite.T(), apiServiceData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) + { + TargetPort: "admin", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }, + }, + } + _ = rtest.Resource(pbcatalog.ServiceType, "other"). + WithData(suite.T(), otherServiceData). + Write(suite.T(), suite.client) + suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK) + + // Update the two services to use differnet port names so the easy path doesn't work + apiServiceData = &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}}, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "foo", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }, + { + TargetPort: "bar", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }, + }, + } + _ = rtest.Resource(pbcatalog.ServiceType, "api"). + WithData(suite.T(), apiServiceData). + Write(suite.T(), suite.client) + + otherServiceData = &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"other-"}}, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "foo", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }, + { + TargetPort: "baz", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }, + }, + } + _ = rtest.Resource(pbcatalog.ServiceType, "other"). + WithData(suite.T(), otherServiceData). + Write(suite.T(), suite.client) + + failoverData = &pbcatalog.FailoverPolicy{ + Config: &pbcatalog.FailoverConfig{ + Destinations: []*pbcatalog.FailoverDestination{{ + Ref: otherServiceRef, + }}, + }, + } + failover = rtest.Resource(pbcatalog.FailoverPolicyType, "api"). + WithData(suite.T(), failoverData). + Write(suite.T(), suite.client) + + suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionUnknownDestinationPort(otherServiceRef, "bar")) + + // and fix it the silly way by removing it from api+failover + apiServiceData = &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Prefixes: []string{"api-"}}, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "foo", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }, + }, + } + _ = rtest.Resource(pbcatalog.ServiceType, "api"). + WithData(suite.T(), apiServiceData). + Write(suite.T(), suite.client) - suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK) - }) + suite.client.WaitForStatusCondition(suite.T(), failover.Id, StatusKey, ConditionOK) } func TestFailoverController(t *testing.T) { suite.Run(t, new(controllerSuite)) } - -func (suite *controllerSuite) runTestCaseWithTenancies(testCase func(tenancy *pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - testCase(tenancy) - }) - } -} - -func (suite *controllerSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) -} - -func (suite *controllerSuite) deleteResourceFunc(id *pbresource.ID) func() { - return func() { - suite.client.MustDelete(suite.T(), id) - } -} diff --git a/internal/catalog/internal/controllers/nodehealth/controller.go b/internal/catalog/internal/controllers/nodehealth/controller.go index f28bb7a134a14..9ef656b6a8bb9 100644 --- a/internal/catalog/internal/controllers/nodehealth/controller.go +++ b/internal/catalog/internal/controllers/nodehealth/controller.go @@ -18,7 +18,7 @@ import ( func NodeHealthController() controller.Controller { return controller.ForType(pbcatalog.NodeType). - WithWatch(pbcatalog.NodeHealthStatusType, controller.MapOwnerFiltered(pbcatalog.NodeType)). + WithWatch(pbcatalog.HealthStatusType, controller.MapOwnerFiltered(pbcatalog.NodeType)). WithReconciler(&nodeHealthReconciler{}) } @@ -89,8 +89,8 @@ func getNodeHealth(ctx context.Context, rt controller.Runtime, nodeRef *pbresour health := pbcatalog.Health_HEALTH_PASSING for _, res := range rsp.Resources { - if resource.EqualType(res.Id.Type, pbcatalog.NodeHealthStatusType) { - var hs pbcatalog.NodeHealthStatus + if resource.EqualType(res.Id.Type, pbcatalog.HealthStatusType) { + var hs pbcatalog.HealthStatus if err := res.Data.UnmarshalTo(&hs); err != nil { // This should be impossible as the resource service + type validations the // catalog is performing will ensure that no data gets written where unmarshalling diff --git a/internal/catalog/internal/controllers/nodehealth/controller_test.go b/internal/catalog/internal/controllers/nodehealth/controller_test.go index 33814b82431f3..b21c52e521f84 100644 --- a/internal/catalog/internal/controllers/nodehealth/controller_test.go +++ b/internal/catalog/internal/controllers/nodehealth/controller_test.go @@ -23,7 +23,6 @@ import ( "github.com/hashicorp/consul/proto/private/prototest" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" - "github.com/hashicorp/consul/version/versiontest" ) var ( @@ -46,18 +45,22 @@ var ( } ) -func resourceID(rtype *pbresource.Type, name string, tenancy *pbresource.Tenancy) *pbresource.ID { +func resourceID(rtype *pbresource.Type, name string) *pbresource.ID { return &pbresource.ID{ - Type: rtype, - Tenancy: tenancy, - Name: name, + Type: rtype, + Tenancy: &pbresource.Tenancy{ + Partition: "default", + Namespace: "default", + PeerName: "local", + }, + Name: name, } } type nodeHealthControllerTestSuite struct { suite.Suite - resourceClient *resourcetest.Client + resourceClient pbresource.ResourceServiceClient runtime controller.Runtime ctl nodeHealthReconciler @@ -67,144 +70,159 @@ type nodeHealthControllerTestSuite struct { nodeWarning *pbresource.ID nodeCritical *pbresource.ID nodeMaintenance *pbresource.ID - isEnterprise bool - tenancies []*pbresource.Tenancy } -func (suite *nodeHealthControllerTestSuite) writeNode(name string, tenancy *pbresource.Tenancy) *pbresource.ID { - return resourcetest.Resource(pbcatalog.NodeType, name). +func (suite *nodeHealthControllerTestSuite) SetupTest() { + suite.resourceClient = svctest.RunResourceService(suite.T(), types.Register, types.RegisterDNSPolicy) + suite.runtime = controller.Runtime{Client: suite.resourceClient, Logger: testutil.Logger(suite.T())} + + // The rest of the setup will be to prime the resource service with some data + suite.nodeNoHealth = resourcetest.Resource(pbcatalog.NodeType, "test-node-no-health"). WithData(suite.T(), nodeData). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - }). Write(suite.T(), suite.resourceClient).Id -} -func (suite *nodeHealthControllerTestSuite) SetupTest() { - suite.tenancies = resourcetest.TestTenancies() - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, types.RegisterDNSPolicy). - WithTenancies(suite.tenancies...). - Run(suite.T()) + suite.nodePassing = resourcetest.Resource(pbcatalog.NodeType, "test-node-passing"). + WithData(suite.T(), nodeData). + Write(suite.T(), suite.resourceClient).Id - suite.resourceClient = resourcetest.NewClient(client) - suite.runtime = controller.Runtime{Client: suite.resourceClient, Logger: testutil.Logger(suite.T())} - suite.isEnterprise = versiontest.IsEnterprise() + suite.nodeWarning = resourcetest.Resource(pbcatalog.NodeType, "test-node-warning"). + WithData(suite.T(), nodeData). + Write(suite.T(), suite.resourceClient).Id + + suite.nodeCritical = resourcetest.Resource(pbcatalog.NodeType, "test-node-critical"). + WithData(suite.T(), nodeData). + Write(suite.T(), suite.resourceClient).Id + + suite.nodeMaintenance = resourcetest.Resource(pbcatalog.NodeType, "test-node-maintenance"). + WithData(suite.T(), nodeData). + Write(suite.T(), suite.resourceClient).Id + + nodeHealthDesiredStatus := map[string]pbcatalog.Health{ + suite.nodePassing.Name: pbcatalog.Health_HEALTH_PASSING, + suite.nodeWarning.Name: pbcatalog.Health_HEALTH_WARNING, + suite.nodeCritical.Name: pbcatalog.Health_HEALTH_CRITICAL, + suite.nodeMaintenance.Name: pbcatalog.Health_HEALTH_MAINTENANCE, + } + + // In order to exercise the behavior to ensure that its not a last-status-wins sort of thing + // we are strategically naming health statuses so that they will be returned in an order with + // the most precedent status being in the middle of the list. This will ensure that statuses + // seen later can overide a previous status and that statuses seen later do not override if + // they would lower the overall status such as going from critical -> warning. + precedenceHealth := []pbcatalog.Health{ + pbcatalog.Health_HEALTH_PASSING, + pbcatalog.Health_HEALTH_WARNING, + pbcatalog.Health_HEALTH_CRITICAL, + pbcatalog.Health_HEALTH_MAINTENANCE, + pbcatalog.Health_HEALTH_CRITICAL, + pbcatalog.Health_HEALTH_WARNING, + pbcatalog.Health_HEALTH_PASSING, + } + + for _, node := range []*pbresource.ID{suite.nodePassing, suite.nodeWarning, suite.nodeCritical, suite.nodeMaintenance} { + for idx, health := range precedenceHealth { + if nodeHealthDesiredStatus[node.Name] >= health { + resourcetest.Resource(pbcatalog.HealthStatusType, fmt.Sprintf("test-check-%s-%d", node.Name, idx)). + WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: health}). + WithOwner(node). + Write(suite.T(), suite.resourceClient) + } + } + } + + // create a DNSPolicy to be owned by the node. The type doesn't really matter it just needs + // to be something that doesn't care about its owner. All we want to prove is that we are + // filtering out non-HealthStatus types appropriately. + resourcetest.Resource(pbcatalog.DNSPolicyType, "test-policy"). + WithData(suite.T(), dnsPolicyData). + WithOwner(suite.nodeNoHealth). + Write(suite.T(), suite.resourceClient) } func (suite *nodeHealthControllerTestSuite) TestGetNodeHealthListError() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // This resource id references a resource type that will not be - // registered with the resource service. The ListByOwner call - // should produce an InvalidArgument error. This test is meant - // to validate how that error is handled (its propagated back - // to the caller) - ref := resourceID( - &pbresource.Type{Group: "not", GroupVersion: "v1", Kind: "found"}, - "irrelevant", - tenancy, - ) - health, err := getNodeHealth(context.Background(), suite.runtime, ref) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) - require.Error(suite.T(), err) - require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) - }) + // This resource id references a resource type that will not be + // registered with the resource service. The ListByOwner call + // should produce an InvalidArgument error. This test is meant + // to validate how that error is handled (its propagated back + // to the caller) + ref := resourceID( + &pbresource.Type{Group: "not", GroupVersion: "v1", Kind: "found"}, + "irrelevant", + ) + health, err := getNodeHealth(context.Background(), suite.runtime, ref) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) + require.Error(suite.T(), err) + require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) } func (suite *nodeHealthControllerTestSuite) TestGetNodeHealthNoNode() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // This test is meant to ensure that when the node doesn't exist - // no error is returned but also no data is. The default passing - // status should then be returned in the same manner as the node - // existing but with no associated HealthStatus resources. - ref := resourceID(pbcatalog.NodeType, "foo", &pbresource.Tenancy{ - Partition: tenancy.Partition, - }) - ref.Uid = ulid.Make().String() - health, err := getNodeHealth(context.Background(), suite.runtime, ref) + // This test is meant to ensure that when the node doesn't exist + // no error is returned but also no data is. The default passing + // status should then be returned in the same manner as the node + // existing but with no associated HealthStatus resources. + ref := resourceID(pbcatalog.NodeType, "foo") + ref.Uid = ulid.Make().String() + health, err := getNodeHealth(context.Background(), suite.runtime, ref) - require.NoError(suite.T(), err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_PASSING, health) - }) + require.NoError(suite.T(), err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_PASSING, health) } func (suite *nodeHealthControllerTestSuite) TestGetNodeHealthNoStatus() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - health, err := getNodeHealth(context.Background(), suite.runtime, suite.nodeNoHealth) - require.NoError(suite.T(), err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_PASSING, health) - }) + health, err := getNodeHealth(context.Background(), suite.runtime, suite.nodeNoHealth) + require.NoError(suite.T(), err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_PASSING, health) } func (suite *nodeHealthControllerTestSuite) TestGetNodeHealthPassingStatus() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - health, err := getNodeHealth(context.Background(), suite.runtime, suite.nodePassing) - require.NoError(suite.T(), err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_PASSING, health) - }) + health, err := getNodeHealth(context.Background(), suite.runtime, suite.nodePassing) + require.NoError(suite.T(), err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_PASSING, health) } func (suite *nodeHealthControllerTestSuite) TestGetNodeHealthCriticalStatus() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - health, err := getNodeHealth(context.Background(), suite.runtime, suite.nodeCritical) - require.NoError(suite.T(), err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) - }) + health, err := getNodeHealth(context.Background(), suite.runtime, suite.nodeCritical) + require.NoError(suite.T(), err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) } func (suite *nodeHealthControllerTestSuite) TestGetNodeHealthWarningStatus() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - health, err := getNodeHealth(context.Background(), suite.runtime, suite.nodeWarning) - require.NoError(suite.T(), err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_WARNING, health) - }) + health, err := getNodeHealth(context.Background(), suite.runtime, suite.nodeWarning) + require.NoError(suite.T(), err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_WARNING, health) } func (suite *nodeHealthControllerTestSuite) TestGetNodeHealthMaintenanceStatus() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - health, err := getNodeHealth(context.Background(), suite.runtime, suite.nodeMaintenance) - require.NoError(suite.T(), err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_MAINTENANCE, health) - }) + health, err := getNodeHealth(context.Background(), suite.runtime, suite.nodeMaintenance) + require.NoError(suite.T(), err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_MAINTENANCE, health) } func (suite *nodeHealthControllerTestSuite) TestReconcileNodeNotFound() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // This test ensures that removed nodes are ignored. In particular we don't - // want to propagate the error and indefinitely keep re-reconciling in this case. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: resourceID(pbcatalog.NodeType, "not-found", &pbresource.Tenancy{ - Partition: tenancy.Partition, - }), - }) - require.NoError(suite.T(), err) + // This test ensures that removed nodes are ignored. In particular we don't + // want to propagate the error and indefinitely keep re-reconciling in this case. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: resourceID(pbcatalog.NodeType, "not-found"), }) + require.NoError(suite.T(), err) } func (suite *nodeHealthControllerTestSuite) TestReconcilePropagateReadError() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // This test aims to ensure that errors other than NotFound errors coming - // from the initial resource read get propagated. This case is very unrealistic - // as the controller should not have given us a request ID for a resource type - // that doesn't exist but this was the easiest way I could think of to synthesize - // a Read error. - ref := resourceID( - &pbresource.Type{Group: "not", GroupVersion: "v1", Kind: "found"}, - "irrelevant", - tenancy, - ) - - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: ref, - }) - require.Error(suite.T(), err) - require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) + // This test aims to ensure that errors other than NotFound errors coming + // from the initial resource read get propagated. This case is very unrealistic + // as the controller should not have given us a request ID for a resource type + // that doesn't exist but this was the easiest way I could think of to synthesize + // a Read error. + ref := resourceID( + &pbresource.Type{Group: "not", GroupVersion: "v1", Kind: "found"}, + "irrelevant", + ) + + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: ref, }) + require.Error(suite.T(), err) + require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) } func (suite *nodeHealthControllerTestSuite) testReconcileStatus(id *pbresource.ID, expectedStatus *pbresource.Condition) *pbresource.Resource { @@ -232,75 +250,60 @@ func (suite *nodeHealthControllerTestSuite) testReconcileStatus(id *pbresource.I } func (suite *nodeHealthControllerTestSuite) TestReconcile_StatusPassing() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - suite.testReconcileStatus(suite.nodePassing, &pbresource.Condition{ - Type: StatusConditionHealthy, - State: pbresource.Condition_STATE_TRUE, - Reason: "HEALTH_PASSING", - Message: NodeHealthyMessage, - }) + suite.testReconcileStatus(suite.nodePassing, &pbresource.Condition{ + Type: StatusConditionHealthy, + State: pbresource.Condition_STATE_TRUE, + Reason: "HEALTH_PASSING", + Message: NodeHealthyMessage, }) } func (suite *nodeHealthControllerTestSuite) TestReconcile_StatusWarning() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - suite.testReconcileStatus(suite.nodeWarning, &pbresource.Condition{ - Type: StatusConditionHealthy, - State: pbresource.Condition_STATE_FALSE, - Reason: "HEALTH_WARNING", - Message: NodeUnhealthyMessage, - }) + suite.testReconcileStatus(suite.nodeWarning, &pbresource.Condition{ + Type: StatusConditionHealthy, + State: pbresource.Condition_STATE_FALSE, + Reason: "HEALTH_WARNING", + Message: NodeUnhealthyMessage, }) } func (suite *nodeHealthControllerTestSuite) TestReconcile_StatusCritical() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - suite.testReconcileStatus(suite.nodeCritical, &pbresource.Condition{ - Type: StatusConditionHealthy, - State: pbresource.Condition_STATE_FALSE, - Reason: "HEALTH_CRITICAL", - Message: NodeUnhealthyMessage, - }) + suite.testReconcileStatus(suite.nodeCritical, &pbresource.Condition{ + Type: StatusConditionHealthy, + State: pbresource.Condition_STATE_FALSE, + Reason: "HEALTH_CRITICAL", + Message: NodeUnhealthyMessage, }) } func (suite *nodeHealthControllerTestSuite) TestReconcile_StatusMaintenance() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - suite.testReconcileStatus(suite.nodeMaintenance, &pbresource.Condition{ - Type: StatusConditionHealthy, - State: pbresource.Condition_STATE_FALSE, - Reason: "HEALTH_MAINTENANCE", - Message: NodeUnhealthyMessage, - }) + suite.testReconcileStatus(suite.nodeMaintenance, &pbresource.Condition{ + Type: StatusConditionHealthy, + State: pbresource.Condition_STATE_FALSE, + Reason: "HEALTH_MAINTENANCE", + Message: NodeUnhealthyMessage, }) } func (suite *nodeHealthControllerTestSuite) TestReconcile_AvoidRereconciliationWrite() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - res1 := suite.testReconcileStatus(suite.nodeWarning, &pbresource.Condition{ - Type: StatusConditionHealthy, - State: pbresource.Condition_STATE_FALSE, - Reason: "HEALTH_WARNING", - Message: NodeUnhealthyMessage, - }) - - res2 := suite.testReconcileStatus(suite.nodeWarning, &pbresource.Condition{ - Type: StatusConditionHealthy, - State: pbresource.Condition_STATE_FALSE, - Reason: "HEALTH_WARNING", - Message: NodeUnhealthyMessage, - }) + res1 := suite.testReconcileStatus(suite.nodeWarning, &pbresource.Condition{ + Type: StatusConditionHealthy, + State: pbresource.Condition_STATE_FALSE, + Reason: "HEALTH_WARNING", + Message: NodeUnhealthyMessage, + }) - // If another status write was performed then the versions would differ. This - // therefore proves that after a second reconciliation without any change in status - // that we are not making subsequent status writes. - require.Equal(suite.T(), res1.Version, res2.Version) + res2 := suite.testReconcileStatus(suite.nodeWarning, &pbresource.Condition{ + Type: StatusConditionHealthy, + State: pbresource.Condition_STATE_FALSE, + Reason: "HEALTH_WARNING", + Message: NodeUnhealthyMessage, }) + + // If another status write was performed then the versions would differ. This + // therefore proves that after a second reconciliation without any change in status + // that we are not making subsequent status writes. + require.Equal(suite.T(), res1.Version, res2.Version) } func (suite *nodeHealthControllerTestSuite) waitForReconciliation(id *pbresource.ID, reason string) { @@ -319,131 +322,45 @@ func (suite *nodeHealthControllerTestSuite) waitForReconciliation(id *pbresource require.Equal(r, reason, nodeHealthStatus.Conditions[0].Reason) }) } - func (suite *nodeHealthControllerTestSuite) TestController() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - // create the controller manager - mgr := controller.NewManager(suite.resourceClient, testutil.Logger(suite.T())) - - // register our controller - mgr.Register(NodeHealthController()) - mgr.SetRaftLeader(true) - ctx, cancel := context.WithCancel(context.Background()) - suite.T().Cleanup(cancel) - - // run the manager - go mgr.Run(ctx) - - // ensure that the node health eventually gets set. - suite.waitForReconciliation(suite.nodePassing, "HEALTH_PASSING") - - // rewrite the resource - this will cause the nodes health - // to be rereconciled but wont result in any health change - resourcetest.Resource(pbcatalog.NodeType, suite.nodePassing.Name). - WithData(suite.T(), &pbcatalog.Node{ - Addresses: []*pbcatalog.NodeAddress{ - { - Host: "198.18.0.1", - }, + // create the controller manager + mgr := controller.NewManager(suite.resourceClient, testutil.Logger(suite.T())) + + // register our controller + mgr.Register(NodeHealthController()) + mgr.SetRaftLeader(true) + ctx, cancel := context.WithCancel(context.Background()) + suite.T().Cleanup(cancel) + + // run the manager + go mgr.Run(ctx) + + // ensure that the node health eventually gets set. + suite.waitForReconciliation(suite.nodePassing, "HEALTH_PASSING") + + // rewrite the resource - this will cause the nodes health + // to be rereconciled but wont result in any health change + resourcetest.Resource(pbcatalog.NodeType, suite.nodePassing.Name). + WithData(suite.T(), &pbcatalog.Node{ + Addresses: []*pbcatalog.NodeAddress{ + { + Host: "198.18.0.1", }, - }). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - }). - Write(suite.T(), suite.resourceClient) - - // wait for rereconciliation to happen - suite.waitForReconciliation(suite.nodePassing, "HEALTH_PASSING") - - resourcetest.Resource(pbcatalog.NodeHealthStatusType, "failure"). - WithData(suite.T(), &pbcatalog.NodeHealthStatus{Type: "fake", Status: pbcatalog.Health_HEALTH_CRITICAL}). - WithOwner(suite.nodePassing). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - }). - Write(suite.T(), suite.resourceClient) - - suite.waitForReconciliation(suite.nodePassing, "HEALTH_CRITICAL") - }) -} - -func TestNodeHealthController(t *testing.T) { - suite.Run(t, new(nodeHealthControllerTestSuite)) -} - -func (suite *nodeHealthControllerTestSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) -} - -func (suite *nodeHealthControllerTestSuite) setupNodesWithTenancy(tenancy *pbresource.Tenancy) { - - // The rest of the setup will be to prime the resource service with some data - suite.nodeNoHealth = suite.writeNode("test-node-no-health", tenancy) - suite.nodePassing = suite.writeNode("test-node-passing", tenancy) - suite.nodeWarning = suite.writeNode("test-node-warning", tenancy) - suite.nodeCritical = suite.writeNode("test-node-critical", tenancy) - suite.nodeMaintenance = suite.writeNode("test-node-maintenance", tenancy) - - nodeHealthDesiredStatus := map[string]pbcatalog.Health{ - suite.nodePassing.Name: pbcatalog.Health_HEALTH_PASSING, - suite.nodeWarning.Name: pbcatalog.Health_HEALTH_WARNING, - suite.nodeCritical.Name: pbcatalog.Health_HEALTH_CRITICAL, - suite.nodeMaintenance.Name: pbcatalog.Health_HEALTH_MAINTENANCE, - } - - // In order to exercise the behavior to ensure that its not a last-status-wins sort of thing - // we are strategically naming health statuses so that they will be returned in an order with - // the most precedent status being in the middle of the list. This will ensure that statuses - // seen later can overide a previous status and that statuses seen later do not override if - // they would lower the overall status such as going from critical -> warning. - precedenceHealth := []pbcatalog.Health{ - pbcatalog.Health_HEALTH_PASSING, - pbcatalog.Health_HEALTH_WARNING, - pbcatalog.Health_HEALTH_CRITICAL, - pbcatalog.Health_HEALTH_MAINTENANCE, - pbcatalog.Health_HEALTH_CRITICAL, - pbcatalog.Health_HEALTH_WARNING, - pbcatalog.Health_HEALTH_PASSING, - } + }, + }). + Write(suite.T(), suite.resourceClient) - for _, node := range []*pbresource.ID{suite.nodePassing, suite.nodeWarning, suite.nodeCritical, suite.nodeMaintenance} { - for idx, health := range precedenceHealth { - if nodeHealthDesiredStatus[node.Name] >= health { - resourcetest.Resource(pbcatalog.NodeHealthStatusType, fmt.Sprintf("test-check-%s-%d-%s", node.Name, idx, tenancy.Partition)). - WithData(suite.T(), &pbcatalog.NodeHealthStatus{Type: "tcp", Status: health}). - WithOwner(node). - Write(suite.T(), suite.resourceClient) - } - } - } + // wait for rereconciliation to happen + suite.waitForReconciliation(suite.nodePassing, "HEALTH_PASSING") - // create a DNSPolicy to be owned by the node. The type doesn't really matter it just needs - // to be something that doesn't care about its owner. All we want to prove is that we are - // filtering out non-NodeHealthStatus types appropriately. - resourcetest.Resource(pbcatalog.DNSPolicyType, "test-policy-"+tenancy.Partition+"-"+tenancy.Namespace). - WithData(suite.T(), dnsPolicyData). - WithOwner(suite.nodeNoHealth). - WithTenancy(tenancy). + resourcetest.Resource(pbcatalog.HealthStatusType, "failure"). + WithData(suite.T(), &pbcatalog.HealthStatus{Type: "fake", Status: pbcatalog.Health_HEALTH_CRITICAL}). + WithOwner(suite.nodePassing). Write(suite.T(), suite.resourceClient) -} -func (suite *nodeHealthControllerTestSuite) cleanUpNodes() { - suite.resourceClient.MustDelete(suite.T(), suite.nodeNoHealth) - suite.resourceClient.MustDelete(suite.T(), suite.nodeCritical) - suite.resourceClient.MustDelete(suite.T(), suite.nodeWarning) - suite.resourceClient.MustDelete(suite.T(), suite.nodePassing) - suite.resourceClient.MustDelete(suite.T(), suite.nodeMaintenance) + suite.waitForReconciliation(suite.nodePassing, "HEALTH_CRITICAL") } -func (suite *nodeHealthControllerTestSuite) runTestCaseWithTenancies(t func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - suite.setupNodesWithTenancy(tenancy) - suite.T().Cleanup(func() { - suite.cleanUpNodes() - }) - t(tenancy) - }) - } +func TestNodeHealthController(t *testing.T) { + suite.Run(t, new(nodeHealthControllerTestSuite)) } diff --git a/internal/catalog/internal/controllers/workloadhealth/controller_test.go b/internal/catalog/internal/controllers/workloadhealth/controller_test.go index fd15404cdf824..9a00a940a07e0 100644 --- a/internal/catalog/internal/controllers/workloadhealth/controller_test.go +++ b/internal/catalog/internal/controllers/workloadhealth/controller_test.go @@ -6,6 +6,8 @@ package workloadhealth import ( "context" "fmt" + "github.com/hashicorp/consul/internal/resource" + "google.golang.org/protobuf/testing/protocmp" "testing" "time" @@ -13,21 +15,18 @@ import ( "github.com/stretchr/testify/suite" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - "google.golang.org/protobuf/testing/protocmp" svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" "github.com/hashicorp/consul/internal/catalog/internal/controllers/nodehealth" "github.com/hashicorp/consul/internal/catalog/internal/mappers/nodemapper" "github.com/hashicorp/consul/internal/catalog/internal/types" "github.com/hashicorp/consul/internal/controller" - "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/proto/private/prototest" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" - "github.com/hashicorp/consul/version/versiontest" ) var ( @@ -46,15 +45,10 @@ var ( } ) -func resourceID(rtype *pbresource.Type, name string, tenancy *pbresource.Tenancy) *pbresource.ID { - defaultTenancy := resource.DefaultNamespacedTenancy() - if tenancy != nil { - defaultTenancy = tenancy - } - +func resourceID(rtype *pbresource.Type, name string) *pbresource.ID { return &pbresource.ID{ Type: rtype, - Tenancy: defaultTenancy, + Tenancy: resource.DefaultNamespacedTenancy(), Name: name, } } @@ -85,26 +79,18 @@ type controllerSuite struct { suite.Suite client pbresource.ResourceServiceClient runtime controller.Runtime - - isEnterprise bool - tenancies []*pbresource.Tenancy } func (suite *controllerSuite) SetupTest() { - suite.tenancies = resourcetest.TestTenancies() - suite.client = svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register). - WithTenancies(suite.tenancies...). - Run(suite.T()) + suite.client = svctest.RunResourceService(suite.T(), types.Register) suite.runtime = controller.Runtime{Client: suite.client, Logger: testutil.Logger(suite.T())} - suite.isEnterprise = versiontest.IsEnterprise() } // injectNodeWithStatus is a helper method to write a Node resource and synthesize its status // in a manner consistent with the node-health controller. This allows us to not actually // run and test the node-health controller but consume its "api" in the form of how // it encodes status. -func (suite *controllerSuite) injectNodeWithStatus(name string, health pbcatalog.Health, tenancy *pbresource.Tenancy) *pbresource.Resource { +func (suite *controllerSuite) injectNodeWithStatus(name string, health pbcatalog.Health) *pbresource.Resource { suite.T().Helper() state := pbresource.Condition_STATE_TRUE if health >= pbcatalog.Health_HEALTH_WARNING { @@ -113,9 +99,6 @@ func (suite *controllerSuite) injectNodeWithStatus(name string, health pbcatalog return resourcetest.Resource(pbcatalog.NodeType, name). WithData(suite.T(), nodeData). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - }). WithStatus(nodehealth.StatusKey, &pbresource.Status{ Conditions: []*pbresource.Condition{ { @@ -159,20 +142,18 @@ func (suite *workloadHealthControllerTestSuite) SetupTest() { // // * The node to workload association is now being tracked by the node mapper // * The workloads status was updated and now matches the expected value -func (suite *workloadHealthControllerTestSuite) testReconcileWithNode(nodeHealth, workloadHealth pbcatalog.Health, tenancy *pbresource.Tenancy, status *pbresource.Condition) *pbresource.Resource { +func (suite *workloadHealthControllerTestSuite) testReconcileWithNode(nodeHealth, workloadHealth pbcatalog.Health, status *pbresource.Condition) *pbresource.Resource { suite.T().Helper() - node := suite.injectNodeWithStatus("test-node", nodeHealth, tenancy) + node := suite.injectNodeWithStatus("test-node", nodeHealth) workload := resourcetest.Resource(pbcatalog.WorkloadType, "test-workload"). WithData(suite.T(), workloadData(node.Id.Name)). - WithTenancy(tenancy). Write(suite.T(), suite.client) resourcetest.Resource(pbcatalog.HealthStatusType, "test-status"). WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: workloadHealth}). WithOwner(workload.Id). - WithTenancy(tenancy). Write(suite.T(), suite.client) err := suite.reconciler.Reconcile(context.Background(), suite.runtime, controller.Request{ @@ -208,16 +189,14 @@ func (suite *workloadHealthControllerTestSuite) testReconcileWithNode(nodeHealth // This is really just a tirmmed down version of testReconcileWithNode. It seemed // simpler and easier to read if these were two separate methods instead of combining // them in one with more branching based off of detecting whether nodes are in use. -func (suite *workloadHealthControllerTestSuite) testReconcileWithoutNode(workloadHealth pbcatalog.Health, tenancy *pbresource.Tenancy, status *pbresource.Condition) *pbresource.Resource { +func (suite *workloadHealthControllerTestSuite) testReconcileWithoutNode(workloadHealth pbcatalog.Health, status *pbresource.Condition) *pbresource.Resource { suite.T().Helper() workload := resourcetest.Resource(pbcatalog.WorkloadType, "test-workload"). WithData(suite.T(), workloadData("")). - WithTenancy(tenancy). Write(suite.T(), suite.client) resourcetest.Resource(pbcatalog.HealthStatusType, "test-status"). WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: workloadHealth}). - WithTenancy(tenancy). WithOwner(workload.Id). Write(suite.T(), suite.client) @@ -377,13 +356,11 @@ func (suite *workloadHealthControllerTestSuite) TestReconcile() { for name, tcase := range cases { suite.Run(name, func() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - if tcase.nodeHealth != pbcatalog.Health_HEALTH_ANY { - suite.testReconcileWithNode(tcase.nodeHealth, tcase.workloadHealth, tenancy, tcase.expectedStatus) - } else { - suite.testReconcileWithoutNode(tcase.workloadHealth, tenancy, tcase.expectedStatus) - } - }) + if tcase.nodeHealth != pbcatalog.Health_HEALTH_ANY { + suite.testReconcileWithNode(tcase.nodeHealth, tcase.workloadHealth, tcase.expectedStatus) + } else { + suite.testReconcileWithoutNode(tcase.workloadHealth, tcase.expectedStatus) + } }) } } @@ -395,62 +372,56 @@ func (suite *workloadHealthControllerTestSuite) TestReconcileReadError() { // Passing a resource with an unknown type isn't particularly realistic as the controller // manager running our reconciliation will ensure all resource ids used are valid. However // its a really easy way right not to force the error. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - id := resourceID(fakeType, "blah", tenancy) + id := resourceID(fakeType, "blah") - err := suite.reconciler.Reconcile(context.Background(), suite.runtime, controller.Request{ID: id}) - require.Error(suite.T(), err) - require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) - }) + err := suite.reconciler.Reconcile(context.Background(), suite.runtime, controller.Request{ID: id}) + require.Error(suite.T(), err) + require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) } func (suite *workloadHealthControllerTestSuite) TestReconcileNotFound() { // This test wants to ensure that tracking for a workload is removed when the workload is deleted // so this test will inject the tracking, issue the Reconcile call which will get a // not found error and then ensure that the tracking was removed. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - workload := resourcetest.Resource(pbcatalog.WorkloadType, "foo"). - WithData(suite.T(), workloadData("test-node")). - // don't write this because then in the call to reconcile the resource - // would be found and defeat the purpose of the tes - WithTenancy(tenancy). - Build() - - node := resourcetest.Resource(pbcatalog.NodeType, "test-node"). - WithData(suite.T(), nodeData). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - }). - // Whether this gets written or not doesn't matter - Build() - - // Track the workload - this simulates a previous round of reconciliation - // where the workload existed and was associated to the node. Other tests - // will cover more of the lifecycle of the controller so for the purposes - // of this test we can just inject it ourselves. - suite.mapper.TrackWorkload(workload.Id, node.Id) - - // check that the worklooad is in fact tracked properly - reqs, err := suite.mapper.MapNodeToWorkloads(context.Background(), suite.runtime, node) - - require.NoError(suite.T(), err) - require.Len(suite.T(), reqs, 1) - prototest.AssertDeepEqual(suite.T(), workload.Id, reqs[0].ID) - - // This workload was never actually inserted so the request should return a NotFound - // error and remove the workload from tracking - require.NoError( - suite.T(), - suite.reconciler.Reconcile( - context.Background(), - suite.runtime, - controller.Request{ID: workload.Id})) - - // Check the mapper again to ensure the node:workload association was removed. - reqs, err = suite.mapper.MapNodeToWorkloads(context.Background(), suite.runtime, node) - require.NoError(suite.T(), err) - require.Empty(suite.T(), reqs) - }) + + workload := resourcetest.Resource(pbcatalog.WorkloadType, "foo"). + WithData(suite.T(), workloadData("test-node")). + // don't write this because then in the call to reconcile the resource + // would be found and defeat the purpose of the tes + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + + node := resourcetest.Resource(pbcatalog.NodeType, "test-node"). + WithData(suite.T(), nodeData). + // Whether this gets written or not doesn't matter + Build() + + // Track the workload - this simulates a previous round of reconciliation + // where the workload existed and was associated to the node. Other tests + // will cover more of the lifecycle of the controller so for the purposes + // of this test we can just inject it ourselves. + suite.mapper.TrackWorkload(workload.Id, node.Id) + + // check that the worklooad is in fact tracked properly + reqs, err := suite.mapper.MapNodeToWorkloads(context.Background(), suite.runtime, node) + + require.NoError(suite.T(), err) + require.Len(suite.T(), reqs, 1) + prototest.AssertDeepEqual(suite.T(), workload.Id, reqs[0].ID) + + // This workload was never actually inserted so the request should return a NotFound + // error and remove the workload from tracking + require.NoError( + suite.T(), + suite.reconciler.Reconcile( + context.Background(), + suite.runtime, + controller.Request{ID: workload.Id})) + + // Check the mapper again to ensure the node:workload association was removed. + reqs, err = suite.mapper.MapNodeToWorkloads(context.Background(), suite.runtime, node) + require.NoError(suite.T(), err) + require.Empty(suite.T(), reqs) } func (suite *workloadHealthControllerTestSuite) TestGetNodeHealthError() { @@ -463,32 +434,25 @@ func (suite *workloadHealthControllerTestSuite) TestGetNodeHealthError() { // but the exact error isn't very relevant to the core reason this // test exists. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - node := resourcetest.Resource(pbcatalog.NodeType, "test-node"). - WithData(suite.T(), nodeData). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - }). - Write(suite.T(), suite.client) - - workload := resourcetest.Resource(pbcatalog.WorkloadType, "test-workload"). - WithData(suite.T(), workloadData(node.Id.Name)). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - resourcetest.Resource(pbcatalog.HealthStatusType, "test-status"). - WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: pbcatalog.Health_HEALTH_CRITICAL}). - WithOwner(workload.Id). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - err := suite.reconciler.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: workload.Id, - }) + node := resourcetest.Resource(pbcatalog.NodeType, "test-node"). + WithData(suite.T(), nodeData). + Write(suite.T(), suite.client) + + workload := resourcetest.Resource(pbcatalog.WorkloadType, "test-workload"). + WithData(suite.T(), workloadData(node.Id.Name)). + Write(suite.T(), suite.client) + + resourcetest.Resource(pbcatalog.HealthStatusType, "test-status"). + WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: pbcatalog.Health_HEALTH_CRITICAL}). + WithOwner(workload.Id). + Write(suite.T(), suite.client) - require.Error(suite.T(), err) - require.Equal(suite.T(), errNodeUnreconciled, err) + err := suite.reconciler.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: workload.Id, }) + + require.Error(suite.T(), err) + require.Equal(suite.T(), errNodeUnreconciled, err) } func (suite *workloadHealthControllerTestSuite) TestReconcile_AvoidReconciliationWrite() { @@ -497,26 +461,24 @@ func (suite *workloadHealthControllerTestSuite) TestReconcile_AvoidReconciliatio // we check that calling Reconcile twice in a row without any actual health change // doesn't bump the Version (which would increased for any write of the resource // or its status) - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - status := &pbresource.Condition{ - Type: StatusConditionHealthy, - State: pbresource.Condition_STATE_FALSE, - Reason: "HEALTH_WARNING", - Message: WorkloadUnhealthyMessage, - } - res1 := suite.testReconcileWithoutNode(pbcatalog.Health_HEALTH_WARNING, tenancy, status) + status := &pbresource.Condition{ + Type: StatusConditionHealthy, + State: pbresource.Condition_STATE_FALSE, + Reason: "HEALTH_WARNING", + Message: WorkloadUnhealthyMessage, + } + res1 := suite.testReconcileWithoutNode(pbcatalog.Health_HEALTH_WARNING, status) - err := suite.reconciler.Reconcile(context.Background(), suite.runtime, controller.Request{ID: res1.Id}) - require.NoError(suite.T(), err) + err := suite.reconciler.Reconcile(context.Background(), suite.runtime, controller.Request{ID: res1.Id}) + require.NoError(suite.T(), err) - // check that the status hasn't changed - res2 := suite.checkWorkloadStatus(res1.Id, status) + // check that the status hasn't changed + res2 := suite.checkWorkloadStatus(res1.Id, status) - // If another status write was performed then the versions would differ. This - // therefore proves that after a second reconciliation without any change - // in status that the controller is not making extra status writes. - require.Equal(suite.T(), res1.Version, res2.Version) - }) + // If another status write was performed then the versions would differ. This + // therefore proves that after a second reconciliation without any change + // in status that the controller is not making extra status writes. + require.Equal(suite.T(), res1.Version, res2.Version) } func (suite *workloadHealthControllerTestSuite) TestController() { @@ -536,52 +498,47 @@ func (suite *workloadHealthControllerTestSuite) TestController() { // run the manager go mgr.Run(ctx) - suite.controllerSuite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - node := suite.injectNodeWithStatus("test-node", pbcatalog.Health_HEALTH_PASSING, tenancy) - - // create the workload - workload := resourcetest.Resource(pbcatalog.WorkloadType, "test-workload"). - WithData(suite.T(), workloadData(node.Id.Name)). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - // Wait for reconciliation to occur and mark the workload as passing. - suite.waitForReconciliation(workload.Id, "HEALTH_PASSING") - - // Simulate a node unhealthy - suite.injectNodeWithStatus("test-node", pbcatalog.Health_HEALTH_WARNING, tenancy) - - // Wait for reconciliation to occur and mark the workload as warning - // due to the node going into the warning state. - suite.waitForReconciliation(workload.Id, "HEALTH_WARNING") - - // Now register a critical health check that should supercede the nodes - // warning status - - resourcetest.Resource(pbcatalog.HealthStatusType, "test-status"). - WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: pbcatalog.Health_HEALTH_CRITICAL}). - WithOwner(workload.Id). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - // Wait for reconciliation to occur again and mark the workload as unhealthy - suite.waitForReconciliation(workload.Id, "HEALTH_CRITICAL") - - // Put the health status back into a passing state and delink the node - resourcetest.Resource(pbcatalog.HealthStatusType, "test-status"). - WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: pbcatalog.Health_HEALTH_PASSING}). - WithOwner(workload.Id). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - workload = resourcetest.Resource(pbcatalog.WorkloadType, "test-workload"). - WithData(suite.T(), workloadData("")). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - // Now that the workload health is passing and its not associated with the node its status should - // eventually become passing - suite.waitForReconciliation(workload.Id, "HEALTH_PASSING") - }) + // create a node to link things with + node := suite.injectNodeWithStatus("test-node", pbcatalog.Health_HEALTH_PASSING) + + // create the workload + workload := resourcetest.Resource(pbcatalog.WorkloadType, "test-workload"). + WithData(suite.T(), workloadData(node.Id.Name)). + Write(suite.T(), suite.client) + + // Wait for reconciliation to occur and mark the workload as passing. + suite.waitForReconciliation(workload.Id, "HEALTH_PASSING") + + // Simulate a node unhealthy + suite.injectNodeWithStatus("test-node", pbcatalog.Health_HEALTH_WARNING) + + // Wait for reconciliation to occur and mark the workload as warning + // due to the node going into the warning state. + suite.waitForReconciliation(workload.Id, "HEALTH_WARNING") + + // Now register a critical health check that should supercede the nodes + // warning status + + resourcetest.Resource(pbcatalog.HealthStatusType, "test-status"). + WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: pbcatalog.Health_HEALTH_CRITICAL}). + WithOwner(workload.Id). + Write(suite.T(), suite.client) + + // Wait for reconciliation to occur again and mark the workload as unhealthy + suite.waitForReconciliation(workload.Id, "HEALTH_CRITICAL") + + // Put the health status back into a passing state and delink the node + resourcetest.Resource(pbcatalog.HealthStatusType, "test-status"). + WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: pbcatalog.Health_HEALTH_PASSING}). + WithOwner(workload.Id). + Write(suite.T(), suite.client) + workload = resourcetest.Resource(pbcatalog.WorkloadType, "test-workload"). + WithData(suite.T(), workloadData("")). + Write(suite.T(), suite.client) + + // Now that the workload health is passing and its not associated with the node its status should + // eventually become passing + suite.waitForReconciliation(workload.Id, "HEALTH_PASSING") } // wait for reconciliation is a helper to check if a resource has been reconciled and @@ -612,7 +569,7 @@ type getWorkloadHealthTestSuite struct { controllerSuite } -func (suite *getWorkloadHealthTestSuite) addHealthStatuses(workload *pbresource.ID, tenancy *pbresource.Tenancy, desiredHealth pbcatalog.Health) { +func (suite *getWorkloadHealthTestSuite) addHealthStatuses(workload *pbresource.ID, desiredHealth pbcatalog.Health) { // In order to exercise the behavior to ensure that the ordering a health status is // seen doesn't matter this is strategically naming health status so that they will be // returned in an order with the most precedent status being in the middle of the list. @@ -633,7 +590,6 @@ func (suite *getWorkloadHealthTestSuite) addHealthStatuses(workload *pbresource. if desiredHealth >= health { resourcetest.Resource(pbcatalog.HealthStatusType, fmt.Sprintf("check-%s-%d", workload.Name, idx)). WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: health}). - WithTenancy(tenancy). WithOwner(workload). Write(suite.T(), suite.client) } @@ -645,28 +601,23 @@ func (suite *getWorkloadHealthTestSuite) TestListError() { // getWorkloadHealth. When the resource listing fails, we want to // propagate the error which should eventually result in retrying // the operation. - suite.controllerSuite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - health, err := getWorkloadHealth(context.Background(), suite.runtime, resourceID(fakeType, "foo", tenancy)) + health, err := getWorkloadHealth(context.Background(), suite.runtime, resourceID(fakeType, "foo")) - require.Error(suite.T(), err) - require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) - }) + require.Error(suite.T(), err) + require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) } func (suite *getWorkloadHealthTestSuite) TestNoHealthStatuses() { // This test's goal is to ensure that when no HealthStatuses are owned by the // workload that the health is assumed to be passing. - suite.controllerSuite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - workload := resourcetest.Resource(pbcatalog.WorkloadType, "foo"). - WithData(suite.T(), workloadData("")). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - health, err := getWorkloadHealth(context.Background(), suite.runtime, workload.Id) - require.NoError(suite.T(), err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_PASSING, health) - }) + workload := resourcetest.Resource(pbcatalog.WorkloadType, "foo"). + WithData(suite.T(), workloadData("")). + Write(suite.T(), suite.client) + + health, err := getWorkloadHealth(context.Background(), suite.runtime, workload.Id) + require.NoError(suite.T(), err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_PASSING, health) } func (suite *getWorkloadHealthTestSuite) TestWithStatuses() { @@ -675,27 +626,24 @@ func (suite *getWorkloadHealthTestSuite) TestWithStatuses() { // helper method is used to inject multiple statuses in a way such that // the resource service will return them in a predictable order and can // properly exercise the code. - suite.controllerSuite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - for value, status := range pbcatalog.Health_name { - health := pbcatalog.Health(value) - if health == pbcatalog.Health_HEALTH_ANY { - continue - } + for value, status := range pbcatalog.Health_name { + health := pbcatalog.Health(value) + if health == pbcatalog.Health_HEALTH_ANY { + continue + } - suite.Run(status, func() { - workload := resourcetest.Resource(pbcatalog.WorkloadType, "foo"). - WithData(suite.T(), workloadData("")). - WithTenancy(tenancy). - Write(suite.T(), suite.client) + suite.Run(status, func() { + workload := resourcetest.Resource(pbcatalog.WorkloadType, "foo"). + WithData(suite.T(), workloadData("")). + Write(suite.T(), suite.client) - suite.addHealthStatuses(workload.Id, tenancy, health) + suite.addHealthStatuses(workload.Id, health) - actualHealth, err := getWorkloadHealth(context.Background(), suite.runtime, workload.Id) - require.NoError(suite.T(), err) - require.Equal(suite.T(), health, actualHealth) - }) - } - }) + actualHealth, err := getWorkloadHealth(context.Background(), suite.runtime, workload.Id) + require.NoError(suite.T(), err) + require.Equal(suite.T(), health, actualHealth) + }) + } } func TestGetWorkloadHealth(t *testing.T) { @@ -711,68 +659,53 @@ func (suite *getNodeHealthTestSuite) TestNotfound() { // present in the system results in a the critical health but no error. This situation // could occur when a linked node gets removed without the workloads being modified/removed. // When that occurs we want to steer traffic away from the linked node as soon as possible. - suite.controllerSuite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - health, err := getNodeHealth(context.Background(), suite.runtime, resourceID(pbcatalog.NodeType, "not-found", &pbresource.Tenancy{ - Partition: tenancy.Partition, - })) - require.NoError(suite.T(), err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) - }) + health, err := getNodeHealth(context.Background(), suite.runtime, resourceID(pbcatalog.NodeType, "not-found")) + require.NoError(suite.T(), err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) + } func (suite *getNodeHealthTestSuite) TestReadError() { // This test's goal is to ensure the getNodeHealth propagates unexpected errors from // its resource read call back to the caller. - suite.controllerSuite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - health, err := getNodeHealth(context.Background(), suite.runtime, resourceID(fakeType, "not-found", tenancy)) - require.Error(suite.T(), err) - require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) - }) + health, err := getNodeHealth(context.Background(), suite.runtime, resourceID(fakeType, "not-found")) + require.Error(suite.T(), err) + require.Equal(suite.T(), codes.InvalidArgument, status.Code(err)) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) } func (suite *getNodeHealthTestSuite) TestUnreconciled() { // This test's goal is to ensure that nodes with unreconciled health are deemed // critical. Basically, the workload health controller should defer calculating // the workload health until the associated nodes health is known. - suite.controllerSuite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - node := resourcetest.Resource(pbcatalog.NodeType, "unreconciled"). - WithData(suite.T(), nodeData). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - }). - Write(suite.T(), suite.client). - GetId() - - health, err := getNodeHealth(context.Background(), suite.runtime, node) - require.Error(suite.T(), err) - require.Equal(suite.T(), errNodeUnreconciled, err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) - }) + node := resourcetest.Resource(pbcatalog.NodeType, "unreconciled"). + WithData(suite.T(), nodeData). + Write(suite.T(), suite.client). + GetId() + + health, err := getNodeHealth(context.Background(), suite.runtime, node) + require.Error(suite.T(), err) + require.Equal(suite.T(), errNodeUnreconciled, err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) } func (suite *getNodeHealthTestSuite) TestNoConditions() { // This test's goal is to ensure that if a node's health status doesn't have - // the expected condition then its deemed critical. This should never happen + // the expected condition then its deemedd critical. This should never happen // in the integrated system as the node health controller would have to be // buggy to add an empty status. However it could also indicate some breaking // change went in. Regardless, the code to handle this state is written // and it will be tested here. - suite.controllerSuite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - node := resourcetest.Resource(pbcatalog.NodeType, "no-conditions"). - WithData(suite.T(), nodeData). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - }). - WithStatus(nodehealth.StatusKey, &pbresource.Status{}). - Write(suite.T(), suite.client). - GetId() - - health, err := getNodeHealth(context.Background(), suite.runtime, node) - require.Error(suite.T(), err) - require.Equal(suite.T(), errNodeHealthConditionNotFound, err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) - }) + node := resourcetest.Resource(pbcatalog.NodeType, "no-conditions"). + WithData(suite.T(), nodeData). + WithStatus(nodehealth.StatusKey, &pbresource.Status{}). + Write(suite.T(), suite.client). + GetId() + + health, err := getNodeHealth(context.Background(), suite.runtime, node) + require.Error(suite.T(), err) + require.Equal(suite.T(), errNodeHealthConditionNotFound, err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) } func (suite *getNodeHealthTestSuite) TestInvalidReason() { @@ -783,67 +716,48 @@ func (suite *getNodeHealthTestSuite) TestInvalidReason() { // controller to put it into this state. As users or other controllers could // potentially force it into this state by writing the status themselves, it // would be good to ensure the defined behavior works as expected. - suite.controllerSuite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - node := resourcetest.Resource(pbcatalog.NodeType, "invalid-reason"). - WithData(suite.T(), nodeData). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - }). - WithStatus(nodehealth.StatusKey, &pbresource.Status{ - Conditions: []*pbresource.Condition{ - { - Type: nodehealth.StatusConditionHealthy, - State: pbresource.Condition_STATE_FALSE, - Reason: "INVALID_REASON", - }, + node := resourcetest.Resource(pbcatalog.NodeType, "invalid-reason"). + WithData(suite.T(), nodeData). + WithStatus(nodehealth.StatusKey, &pbresource.Status{ + Conditions: []*pbresource.Condition{ + { + Type: nodehealth.StatusConditionHealthy, + State: pbresource.Condition_STATE_FALSE, + Reason: "INVALID_REASON", }, - }). - Write(suite.T(), suite.client). - GetId() - - health, err := getNodeHealth(context.Background(), suite.runtime, node) - require.Error(suite.T(), err) - require.Equal(suite.T(), errNodeHealthInvalid, err) - require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) - }) + }, + }). + Write(suite.T(), suite.client). + GetId() + + health, err := getNodeHealth(context.Background(), suite.runtime, node) + require.Error(suite.T(), err) + require.Equal(suite.T(), errNodeHealthInvalid, err) + require.Equal(suite.T(), pbcatalog.Health_HEALTH_CRITICAL, health) } func (suite *getNodeHealthTestSuite) TestValidHealth() { // This test aims to ensure that all status that would be reported by the node-health // controller gets accurately detected and returned by the getNodeHealth function. - suite.controllerSuite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - for value, healthStr := range pbcatalog.Health_name { - health := pbcatalog.Health(value) - - // this is not a valid health that a health status - // may be in. - if health == pbcatalog.Health_HEALTH_ANY { - continue - } + for value, healthStr := range pbcatalog.Health_name { + health := pbcatalog.Health(value) - suite.T().Run(healthStr, func(t *testing.T) { - node := suite.injectNodeWithStatus("test-node", health, tenancy) - - actualHealth, err := getNodeHealth(context.Background(), suite.runtime, node.Id) - require.NoError(t, err) - require.Equal(t, health, actualHealth) - }) + // this is not a valid health that a health status + // may be in. + if health == pbcatalog.Health_HEALTH_ANY { + continue } - }) -} -func TestGetNodeHealth(t *testing.T) { - suite.Run(t, new(getNodeHealthTestSuite)) -} + suite.T().Run(healthStr, func(t *testing.T) { + node := suite.injectNodeWithStatus("test-node", health) -func (suite *controllerSuite) runTestCaseWithTenancies(testFunc func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - testFunc(tenancy) + actualHealth, err := getNodeHealth(context.Background(), suite.runtime, node.Id) + require.NoError(t, err) + require.Equal(t, health, actualHealth) }) } } -func (suite *controllerSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) +func TestGetNodeHealth(t *testing.T) { + suite.Run(t, new(getNodeHealthTestSuite)) } diff --git a/internal/catalog/internal/mappers/nodemapper/node_mapper.go b/internal/catalog/internal/mappers/nodemapper/node_mapper.go index 8c3af927b2f54..9c17478d76390 100644 --- a/internal/catalog/internal/mappers/nodemapper/node_mapper.go +++ b/internal/catalog/internal/mappers/nodemapper/node_mapper.go @@ -5,7 +5,6 @@ package nodemapper import ( "context" - "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/mappers/bimapper" @@ -27,11 +26,9 @@ func New() *NodeMapper { // the workload and with the name populated from the workloads NodeName field. func (m *NodeMapper) NodeIDFromWorkload(workload *pbresource.Resource, workloadData *pbcatalog.Workload) *pbresource.ID { return &pbresource.ID{ - Type: pbcatalog.NodeType, - Tenancy: &pbresource.Tenancy{ - Partition: workload.Id.Tenancy.GetPartition(), - }, - Name: workloadData.NodeName, + Type: pbcatalog.NodeType, + Tenancy: workload.Id.Tenancy, + Name: workloadData.NodeName, } } diff --git a/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go b/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go index 3d4c2b6fd05bf..fda260361fe8d 100644 --- a/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go +++ b/internal/catalog/internal/mappers/nodemapper/node_mapper_test.go @@ -10,7 +10,6 @@ import ( "github.com/stretchr/testify/require" "github.com/hashicorp/consul/internal/controller" - "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" @@ -30,11 +29,9 @@ func TestNodeMapper_NodeIDFromWorkload(t *testing.T) { actual := mapper.NodeIDFromWorkload(workload, data) expected := &pbresource.ID{ - Type: pbcatalog.NodeType, - Tenancy: &pbresource.Tenancy{ - Partition: workload.Id.Tenancy.GetPartition(), - }, - Name: "test-node", + Type: pbcatalog.NodeType, + Tenancy: workload.Id.Tenancy, + Name: "test-node", } prototest.AssertDeepEqual(t, expected, actual) @@ -58,12 +55,10 @@ func TestNodeMapper_WorkloadTracking(t *testing.T) { mapper := New() node1 := resourcetest.Resource(pbcatalog.NodeType, "node1"). - WithTenancy(resource.DefaultPartitionedTenancy()). WithData(t, &pbcatalog.Node{Addresses: []*pbcatalog.NodeAddress{{Host: "198.18.0.1"}}}). Build() node2 := resourcetest.Resource(pbcatalog.NodeType, "node2"). - WithTenancy(resource.DefaultPartitionedTenancy()). WithData(t, &pbcatalog.Node{Addresses: []*pbcatalog.NodeAddress{{Host: "198.18.0.2"}}}). Build() diff --git a/internal/catalog/internal/types/acl_hooks.go b/internal/catalog/internal/types/acl_hooks.go index d9ddcb8e93cc1..8250767f72549 100644 --- a/internal/catalog/internal/types/acl_hooks.go +++ b/internal/catalog/internal/types/acl_hooks.go @@ -13,22 +13,31 @@ func aclReadHookResourceWithWorkloadSelector(authorizer acl.Authorizer, authzCon return authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.GetName(), authzContext) } -func aclWriteHookResourceWithWorkloadSelector[T WorkloadSelecting](authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, r *resource.DecodedResource[T]) error { +func aclWriteHookResourceWithWorkloadSelector[T WorkloadSelecting](authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + if res == nil { + return resource.ErrNeedResource + } + + decodedService, err := resource.Decode[T](res) + if err != nil { + return resource.ErrNeedResource + } + // First check service:write on the name. - err := authorizer.ToAllowAuthorizer().ServiceWriteAllowed(r.GetId().GetName(), authzContext) + err = authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetId().GetName(), authzContext) if err != nil { return err } // Then also check whether we're allowed to select a service. - for _, name := range r.Data.GetWorkloads().GetNames() { + for _, name := range decodedService.GetData().GetWorkloads().GetNames() { err = authorizer.ToAllowAuthorizer().ServiceReadAllowed(name, authzContext) if err != nil { return err } } - for _, prefix := range r.Data.GetWorkloads().GetPrefixes() { + for _, prefix := range decodedService.GetData().GetWorkloads().GetPrefixes() { err = authorizer.ToAllowAuthorizer().ServiceReadPrefixAllowed(prefix, authzContext) if err != nil { return err @@ -41,7 +50,7 @@ func aclWriteHookResourceWithWorkloadSelector[T WorkloadSelecting](authorizer ac func ACLHooksForWorkloadSelectingType[T WorkloadSelecting]() *resource.ACLHooks { return &resource.ACLHooks{ Read: aclReadHookResourceWithWorkloadSelector, - Write: resource.DecodeAndAuthorizeWrite(aclWriteHookResourceWithWorkloadSelector[T]), + Write: aclWriteHookResourceWithWorkloadSelector[T], List: resource.NoOpACLListHook, } } diff --git a/internal/catalog/internal/types/dns_policy.go b/internal/catalog/internal/types/dns_policy.go index 91dd2615455ca..8e9dd864a9573 100644 --- a/internal/catalog/internal/types/dns_policy.go +++ b/internal/catalog/internal/types/dns_policy.go @@ -10,10 +10,9 @@ import ( "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedDNSPolicy = resource.DecodedResource[*pbcatalog.DNSPolicy] - func RegisterDNSPolicy(r resource.Registry) { r.Register(resource.Registration{ Type: pbcatalog.DNSPolicyType, @@ -24,13 +23,17 @@ func RegisterDNSPolicy(r resource.Registry) { }) } -var ValidateDNSPolicy = resource.DecodeAndValidate(validateDNSPolicy) +func ValidateDNSPolicy(res *pbresource.Resource) error { + var policy pbcatalog.DNSPolicy + + if err := res.Data.UnmarshalTo(&policy); err != nil { + return resource.NewErrDataParse(&policy, err) + } -func validateDNSPolicy(res *DecodedDNSPolicy) error { var err error // Ensure that this resource isn't useless and is attempting to // select at least one workload. - if selErr := ValidateSelector(res.Data.Workloads, false); selErr != nil { + if selErr := ValidateSelector(policy.Workloads, false); selErr != nil { err = multierror.Append(err, resource.ErrInvalidField{ Name: "workloads", Wrapped: selErr, @@ -38,7 +41,7 @@ func validateDNSPolicy(res *DecodedDNSPolicy) error { } // Validate the weights - if weightErr := validateDNSPolicyWeights(res.Data.Weights); weightErr != nil { + if weightErr := validateDNSPolicyWeights(policy.Weights); weightErr != nil { err = multierror.Append(err, resource.ErrInvalidField{ Name: "weights", Wrapped: weightErr, diff --git a/internal/catalog/internal/types/failover_policy.go b/internal/catalog/internal/types/failover_policy.go index 012150fc046dc..047bb9a95b050 100644 --- a/internal/catalog/internal/types/failover_policy.go +++ b/internal/catalog/internal/types/failover_policy.go @@ -15,8 +15,6 @@ import ( "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedFailoverPolicy = resource.DecodedResource[*pbcatalog.FailoverPolicy] - func RegisterFailoverPolicy(r resource.Registry) { r.Register(resource.Registration{ Type: pbcatalog.FailoverPolicyType, @@ -26,32 +24,36 @@ func RegisterFailoverPolicy(r resource.Registry) { Validate: ValidateFailoverPolicy, ACLs: &resource.ACLHooks{ Read: aclReadHookFailoverPolicy, - Write: resource.DecodeAndAuthorizeWrite(aclWriteHookFailoverPolicy), + Write: aclWriteHookFailoverPolicy, List: resource.NoOpACLListHook, }, }) } -var MutateFailoverPolicy = resource.DecodeAndMutate(mutateFailoverPolicy) +func MutateFailoverPolicy(res *pbresource.Resource) error { + var failover pbcatalog.FailoverPolicy + + if err := res.Data.UnmarshalTo(&failover); err != nil { + return resource.NewErrDataParse(&failover, err) + } -func mutateFailoverPolicy(res *DecodedFailoverPolicy) (bool, error) { changed := false // Handle eliding empty configs. - if res.Data.Config != nil && res.Data.Config.IsEmpty() { - res.Data.Config = nil + if failover.Config != nil && failover.Config.IsEmpty() { + failover.Config = nil changed = true } - if res.Data.Config != nil { - if mutateFailoverConfig(res.Id.Tenancy, res.Data.Config) { + if failover.Config != nil { + if mutateFailoverConfig(res.Id.Tenancy, failover.Config) { changed = true } } - for port, pc := range res.Data.PortConfigs { + for port, pc := range failover.PortConfigs { if pc.IsEmpty() { - delete(res.Data.PortConfigs, port) + delete(failover.PortConfigs, port) changed = true } else { if mutateFailoverConfig(res.Id.Tenancy, pc) { @@ -59,12 +61,16 @@ func mutateFailoverPolicy(res *DecodedFailoverPolicy) (bool, error) { } } } - if len(res.Data.PortConfigs) == 0 { - res.Data.PortConfigs = nil + if len(failover.PortConfigs) == 0 { + failover.PortConfigs = nil changed = true } - return changed, nil + if !changed { + return nil + } + + return res.Data.MarshalFrom(&failover) } func mutateFailoverConfig(policyTenancy *pbresource.Tenancy, config *pbcatalog.FailoverConfig) (changed bool) { @@ -103,31 +109,35 @@ func isLocalPeer(p string) bool { return p == "local" || p == "" } -var ValidateFailoverPolicy = resource.DecodeAndValidate(validateFailoverPolicy) +func ValidateFailoverPolicy(res *pbresource.Resource) error { + var failover pbcatalog.FailoverPolicy + + if err := res.Data.UnmarshalTo(&failover); err != nil { + return resource.NewErrDataParse(&failover, err) + } -func validateFailoverPolicy(res *DecodedFailoverPolicy) error { var merr error - if res.Data.Config == nil && len(res.Data.PortConfigs) == 0 { + if failover.Config == nil && len(failover.PortConfigs) == 0 { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "config", Wrapped: fmt.Errorf("at least one of config or port_configs must be set"), }) } - if res.Data.Config != nil { + if failover.Config != nil { wrapConfigErr := func(err error) error { return resource.ErrInvalidField{ Name: "config", Wrapped: err, } } - if cfgErr := validateFailoverConfig(res.Data.Config, false, wrapConfigErr); cfgErr != nil { + if cfgErr := validateFailoverConfig(failover.Config, false, wrapConfigErr); cfgErr != nil { merr = multierror.Append(merr, cfgErr) } } - for portName, pc := range res.Data.PortConfigs { + for portName, pc := range failover.PortConfigs { wrapConfigErr := func(err error) error { return resource.ErrInvalidMapValue{ Map: "port_configs", @@ -323,7 +333,7 @@ func aclReadHookFailoverPolicy(authorizer acl.Authorizer, authzContext *acl.Auth return authorizer.ToAllowAuthorizer().ServiceReadAllowed(serviceName, authzContext) } -func aclWriteHookFailoverPolicy(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *DecodedFailoverPolicy) error { +func aclWriteHookFailoverPolicy(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { // FailoverPolicy is name-aligned with Service serviceName := res.Id.Name @@ -332,10 +342,15 @@ func aclWriteHookFailoverPolicy(authorizer acl.Authorizer, authzContext *acl.Aut return err } + dec, err := resource.Decode[*pbcatalog.FailoverPolicy](res) + if err != nil { + return err + } + // Ensure you have service:read on any destination that may be affected by // traffic FROM this config change. - if res.Data.Config != nil { - for _, dest := range res.Data.Config.Destinations { + if dec.Data.Config != nil { + for _, dest := range dec.Data.Config.Destinations { destAuthzContext := resource.AuthorizerContext(dest.Ref.GetTenancy()) destServiceName := dest.Ref.GetName() if err := authorizer.ToAllowAuthorizer().ServiceReadAllowed(destServiceName, destAuthzContext); err != nil { @@ -343,7 +358,7 @@ func aclWriteHookFailoverPolicy(authorizer acl.Authorizer, authzContext *acl.Aut } } } - for _, pc := range res.Data.PortConfigs { + for _, pc := range dec.Data.PortConfigs { for _, dest := range pc.Destinations { destAuthzContext := resource.AuthorizerContext(dest.Ref.GetTenancy()) destServiceName := dest.Ref.GetName() diff --git a/internal/catalog/internal/types/health_checks.go b/internal/catalog/internal/types/health_checks.go index 3d819e12885aa..1333e2368d882 100644 --- a/internal/catalog/internal/types/health_checks.go +++ b/internal/catalog/internal/types/health_checks.go @@ -8,10 +8,9 @@ import ( "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedHealthChecks = resource.DecodedResource[*pbcatalog.HealthChecks] - func RegisterHealthChecks(r resource.Registry) { r.Register(resource.Registration{ Type: pbcatalog.HealthChecksType, @@ -22,13 +21,17 @@ func RegisterHealthChecks(r resource.Registry) { }) } -var ValidateHealthChecks = resource.DecodeAndValidate(validateHealthChecks) +func ValidateHealthChecks(res *pbresource.Resource) error { + var checks pbcatalog.HealthChecks + + if err := res.Data.UnmarshalTo(&checks); err != nil { + return resource.NewErrDataParse(&checks, err) + } -func validateHealthChecks(res *DecodedHealthChecks) error { var err error // Validate the workload selector - if selErr := ValidateSelector(res.Data.Workloads, false); selErr != nil { + if selErr := ValidateSelector(checks.Workloads, false); selErr != nil { err = multierror.Append(err, resource.ErrInvalidField{ Name: "workloads", Wrapped: selErr, @@ -36,7 +39,7 @@ func validateHealthChecks(res *DecodedHealthChecks) error { } // Validate each check - for idx, check := range res.Data.HealthChecks { + for idx, check := range checks.HealthChecks { if checkErr := validateCheck(check); checkErr != nil { err = multierror.Append(err, resource.ErrInvalidListElement{ Name: "checks", diff --git a/internal/catalog/internal/types/health_status.go b/internal/catalog/internal/types/health_status.go index 9acb4a3fb9ce4..fe92e858b025e 100644 --- a/internal/catalog/internal/types/health_status.go +++ b/internal/catalog/internal/types/health_status.go @@ -12,8 +12,6 @@ import ( "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedHealthStatus = resource.DecodedResource[*pbcatalog.HealthStatus] - func RegisterHealthStatus(r resource.Registry) { r.Register(resource.Registration{ Type: pbcatalog.HealthStatusType, @@ -21,29 +19,33 @@ func RegisterHealthStatus(r resource.Registry) { Scope: resource.ScopeNamespace, Validate: ValidateHealthStatus, ACLs: &resource.ACLHooks{ - Read: resource.AuthorizeReadWithResource(aclReadHookHealthStatus), + Read: aclReadHookHealthStatus, Write: aclWriteHookHealthStatus, List: resource.NoOpACLListHook, }, }) } -var ValidateHealthStatus = resource.DecodeAndValidate(validateHealthStatus) +func ValidateHealthStatus(res *pbresource.Resource) error { + var hs pbcatalog.HealthStatus + + if err := res.Data.UnmarshalTo(&hs); err != nil { + return resource.NewErrDataParse(&hs, err) + } -func validateHealthStatus(res *DecodedHealthStatus) error { var err error // Should we allow empty types? I think for now it will be safest to require // the type field is set and we can relax this restriction in the future // if we deem it desirable. - if res.Data.Type == "" { + if hs.Type == "" { err = multierror.Append(err, resource.ErrInvalidField{ Name: "type", Wrapped: resource.ErrMissing, }) } - switch res.Data.Status { + switch hs.Status { case pbcatalog.Health_HEALTH_PASSING, pbcatalog.Health_HEALTH_WARNING, pbcatalog.Health_HEALTH_CRITICAL, @@ -59,24 +61,31 @@ func validateHealthStatus(res *DecodedHealthStatus) error { // owner is currently the resource that this HealthStatus applies to. If we // change this to be a parent reference within the HealthStatus.Data then // we could allow for other owners. - if res.Resource.Owner == nil { + if res.Owner == nil { err = multierror.Append(err, resource.ErrInvalidField{ Name: "owner", Wrapped: resource.ErrMissing, }) - } else if !resource.EqualType(res.Owner.Type, pbcatalog.WorkloadType) { + } else if !resource.EqualType(res.Owner.Type, pbcatalog.WorkloadType) && !resource.EqualType(res.Owner.Type, pbcatalog.NodeType) { err = multierror.Append(err, resource.ErrOwnerTypeInvalid{ResourceType: res.Id.Type, OwnerType: res.Owner.Type}) } return err } -func aclReadHookHealthStatus(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { +func aclReadHookHealthStatus(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { + if res == nil { + return resource.ErrNeedResource + } // For a health status of a workload we need to check service:read perms. if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.WorkloadType) { return authorizer.ToAllowAuthorizer().ServiceReadAllowed(res.GetOwner().GetName(), authzContext) } + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { + return authorizer.ToAllowAuthorizer().NodeReadAllowed(res.GetOwner().GetName(), authzContext) + } + return acl.PermissionDenied("cannot read catalog.HealthStatus because there is no owner") } @@ -86,5 +95,9 @@ func aclWriteHookHealthStatus(authorizer acl.Authorizer, authzContext *acl.Autho return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetOwner().GetName(), authzContext) } + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { + return authorizer.ToAllowAuthorizer().NodeWriteAllowed(res.GetOwner().GetName(), authzContext) + } + return acl.PermissionDenied("cannot write catalog.HealthStatus because there is no owner") } diff --git a/internal/catalog/internal/types/health_status_test.go b/internal/catalog/internal/types/health_status_test.go index 58c22fd720f31..9482e4770e40a 100644 --- a/internal/catalog/internal/types/health_status_test.go +++ b/internal/catalog/internal/types/health_status_test.go @@ -70,6 +70,13 @@ func TestValidateHealthStatus_Ok(t *testing.T) { Name: "foo-workload", }, }, + "node-owned": { + owner: &pbresource.ID{ + Type: pbcatalog.NodeType, + Tenancy: defaultHealthStatusOwnerTenancy, + Name: "bar-node", + }, + }, } for name, tcase := range cases { @@ -214,6 +221,7 @@ func TestHealthStatusACLs(t *testing.T) { Register(registry) workload := resourcetest.Resource(pbcatalog.WorkloadType, "test").ID() + node := resourcetest.Resource(pbcatalog.NodeType, "test").ID() healthStatusData := &pbcatalog.HealthStatus{ Type: "tcp", @@ -248,6 +256,42 @@ func TestHealthStatusACLs(t *testing.T) { WriteOK: resourcetest.ALLOW, ListOK: resourcetest.DEFAULT, }, + "service test read with node owner": { + Rules: `service "test" { policy = "read" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with node owner": { + Rules: `service "test" { policy = "write" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test read with node owner": { + Rules: `node "test" { policy = "read" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test write with node owner": { + Rules: `node "test" { policy = "write" }`, + Data: healthStatusData, + Owner: node, + Typ: pbcatalog.HealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, "node test read with workload owner": { Rules: `node "test" { policy = "read" }`, Data: healthStatusData, diff --git a/internal/catalog/internal/types/node.go b/internal/catalog/internal/types/node.go index 7b2ea7f36fd8d..42ac833c6e7d8 100644 --- a/internal/catalog/internal/types/node.go +++ b/internal/catalog/internal/types/node.go @@ -12,13 +12,16 @@ import ( "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedNode = resource.DecodedResource[*pbcatalog.Node] - func RegisterNode(r resource.Registry) { r.Register(resource.Registration{ - Type: pbcatalog.NodeType, - Proto: &pbcatalog.Node{}, - Scope: resource.ScopePartition, + Type: pbcatalog.NodeType, + Proto: &pbcatalog.Node{}, + // TODO: A node should be partition scoped. However its HealthStatus which is + // namespace scoped has Node as an owner. We do not support ownership between resources + // of differing scope at this time. HealthStatus will probably be split out into two different + // types, one for namespace scoped owners and the other for partition scoped owners. + // Until that time, Node will remain namespace scoped. + Scope: resource.ScopeNamespace, Validate: ValidateNode, ACLs: &resource.ACLHooks{ Read: aclReadHookNode, @@ -28,12 +31,16 @@ func RegisterNode(r resource.Registry) { }) } -var ValidateNode = resource.DecodeAndValidate(validateNode) +func ValidateNode(res *pbresource.Resource) error { + var node pbcatalog.Node + + if err := res.Data.UnmarshalTo(&node); err != nil { + return resource.NewErrDataParse(&node, err) + } -func validateNode(res *DecodedNode) error { var err error // Validate that the node has at least 1 address - if len(res.Data.Addresses) < 1 { + if len(node.Addresses) < 1 { err = multierror.Append(err, resource.ErrInvalidField{ Name: "addresses", Wrapped: resource.ErrEmpty, @@ -41,7 +48,7 @@ func validateNode(res *DecodedNode) error { } // Validate each node address - for idx, addr := range res.Data.Addresses { + for idx, addr := range node.Addresses { if addrErr := validateNodeAddress(addr); addrErr != nil { err = multierror.Append(err, resource.ErrInvalidListElement{ Name: "addresses", diff --git a/internal/catalog/internal/types/node_health_status.go b/internal/catalog/internal/types/node_health_status.go deleted file mode 100644 index 89d3344029275..0000000000000 --- a/internal/catalog/internal/types/node_health_status.go +++ /dev/null @@ -1,90 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "github.com/hashicorp/go-multierror" - - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/internal/resource" - pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" -) - -type DecodedNodeHealthStatus = resource.DecodedResource[*pbcatalog.NodeHealthStatus] - -func RegisterNodeHealthStatus(r resource.Registry) { - r.Register(resource.Registration{ - Type: pbcatalog.NodeHealthStatusType, - Proto: &pbcatalog.NodeHealthStatus{}, - Scope: resource.ScopePartition, - Validate: ValidateNodeHealthStatus, - ACLs: &resource.ACLHooks{ - Read: resource.AuthorizeReadWithResource(aclReadHookNodeHealthStatus), - Write: aclWriteHookNodeHealthStatus, - List: resource.NoOpACLListHook, - }, - }) -} - -var ValidateNodeHealthStatus = resource.DecodeAndValidate(validateNodeHealthStatus) - -func validateNodeHealthStatus(res *DecodedNodeHealthStatus) error { - var err error - - // Should we allow empty types? I think for now it will be safest to require - // the type field is set and we can relax this restriction in the future - // if we deem it desirable. - if res.Data.Type == "" { - err = multierror.Append(err, resource.ErrInvalidField{ - Name: "type", - Wrapped: resource.ErrMissing, - }) - } - - switch res.Data.Status { - case pbcatalog.Health_HEALTH_PASSING, - pbcatalog.Health_HEALTH_WARNING, - pbcatalog.Health_HEALTH_CRITICAL, - pbcatalog.Health_HEALTH_MAINTENANCE: - default: - err = multierror.Append(err, resource.ErrInvalidField{ - Name: "status", - Wrapped: errInvalidHealth, - }) - } - - // Ensure that the NodeHealthStatus' owner is a type that we want to allow. The - // owner is currently the resource that this NodeHealthStatus applies to. If we - // change this to be a parent reference within the NodeHealthStatus.Data then - // we could allow for other owners. - if res.Resource.Owner == nil { - err = multierror.Append(err, resource.ErrInvalidField{ - Name: "owner", - Wrapped: resource.ErrMissing, - }) - } else if !resource.EqualType(res.Owner.Type, pbcatalog.NodeType) { - err = multierror.Append(err, resource.ErrOwnerTypeInvalid{ResourceType: res.Id.Type, OwnerType: res.Owner.Type}) - } - - return err -} - -func aclReadHookNodeHealthStatus(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { - // For a health status of a node we need to check node:read perms. - if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { - return authorizer.ToAllowAuthorizer().NodeReadAllowed(res.GetOwner().GetName(), authzContext) - } - - return acl.PermissionDenied("cannot read catalog.NodeHealthStatus because there is no owner") -} - -func aclWriteHookNodeHealthStatus(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { - // For a health status of a node we need to check node:write perms. - if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { - return authorizer.ToAllowAuthorizer().NodeWriteAllowed(res.GetOwner().GetName(), authzContext) - } - - return acl.PermissionDenied("cannot write catalog.NodeHealthStatus because there is no owner") -} diff --git a/internal/catalog/internal/types/node_health_status_test.go b/internal/catalog/internal/types/node_health_status_test.go deleted file mode 100644 index a612114765122..0000000000000 --- a/internal/catalog/internal/types/node_health_status_test.go +++ /dev/null @@ -1,273 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "testing" - - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/resource/resourcetest" - pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/stretchr/testify/require" - "google.golang.org/protobuf/reflect/protoreflect" - "google.golang.org/protobuf/types/known/anypb" -) - -var ( - defaultNodeHealthStatusOwnerTenancy = &pbresource.Tenancy{ - Partition: "default", - PeerName: "local", - } - - defaultNodeHealthStatusOwner = &pbresource.ID{ - Type: pbcatalog.NodeType, - Tenancy: defaultNodeHealthStatusOwnerTenancy, - Name: "foo", - } -) - -func createNodeHealthStatusResource(t *testing.T, data protoreflect.ProtoMessage, owner *pbresource.ID) *pbresource.Resource { - res := &pbresource.Resource{ - Id: &pbresource.ID{ - Type: pbcatalog.NodeHealthStatusType, - Tenancy: &pbresource.Tenancy{ - Partition: "default", - PeerName: "local", - }, - Name: "test-status", - }, - Owner: owner, - } - - var err error - res.Data, err = anypb.New(data) - require.NoError(t, err) - return res -} - -func TestValidateNodeHealthStatus_Ok(t *testing.T) { - data := &pbcatalog.NodeHealthStatus{ - Type: "tcp", - Status: pbcatalog.Health_HEALTH_PASSING, - Description: "Doesn't matter as this is user settable", - Output: "Health check executors are free to use this field", - } - - type testCase struct { - owner *pbresource.ID - } - - cases := map[string]testCase{ - "node-owned": { - owner: &pbresource.ID{ - Type: pbcatalog.NodeType, - Tenancy: defaultNodeHealthStatusOwnerTenancy, - Name: "bar-node", - }, - }, - } - - for name, tcase := range cases { - t.Run(name, func(t *testing.T) { - res := createNodeHealthStatusResource(t, data, tcase.owner) - err := ValidateNodeHealthStatus(res) - require.NoError(t, err) - }) - } -} - -func TestValidateNodeHealthStatus_ParseError(t *testing.T) { - // Any type other than the NodeHealthStatus type would work - // to cause the error we are expecting - data := &pbcatalog.IP{Address: "198.18.0.1"} - - res := createNodeHealthStatusResource(t, data, defaultNodeHealthStatusOwner) - - err := ValidateNodeHealthStatus(res) - require.Error(t, err) - require.ErrorAs(t, err, &resource.ErrDataParse{}) -} - -func TestValidateNodeHealthStatus_InvalidHealth(t *testing.T) { - // while this is a valid enum value it is not allowed to be used - // as the Status field. - data := &pbcatalog.NodeHealthStatus{ - Type: "tcp", - Status: pbcatalog.Health_HEALTH_ANY, - } - - res := createNodeHealthStatusResource(t, data, defaultNodeHealthStatusOwner) - - err := ValidateNodeHealthStatus(res) - require.Error(t, err) - expected := resource.ErrInvalidField{ - Name: "status", - Wrapped: errInvalidHealth, - } - var actual resource.ErrInvalidField - require.ErrorAs(t, err, &actual) - require.Equal(t, expected, actual) -} - -func TestValidateNodeHealthStatus_MissingType(t *testing.T) { - data := &pbcatalog.NodeHealthStatus{ - Status: pbcatalog.Health_HEALTH_PASSING, - } - - res := createNodeHealthStatusResource(t, data, defaultNodeHealthStatusOwner) - - err := ValidateNodeHealthStatus(res) - require.Error(t, err) - expected := resource.ErrInvalidField{ - Name: "type", - Wrapped: resource.ErrMissing, - } - var actual resource.ErrInvalidField - require.ErrorAs(t, err, &actual) - require.Equal(t, expected, actual) -} - -func TestValidateNodeHealthStatus_MissingOwner(t *testing.T) { - data := &pbcatalog.NodeHealthStatus{ - Type: "tcp", - Status: pbcatalog.Health_HEALTH_PASSING, - } - - res := createNodeHealthStatusResource(t, data, nil) - - err := ValidateNodeHealthStatus(res) - require.Error(t, err) - expected := resource.ErrInvalidField{ - Name: "owner", - Wrapped: resource.ErrMissing, - } - var actual resource.ErrInvalidField - require.ErrorAs(t, err, &actual) - require.Equal(t, expected, actual) -} - -func TestValidateNodeHealthStatus_InvalidOwner(t *testing.T) { - data := &pbcatalog.NodeHealthStatus{ - Type: "tcp", - Status: pbcatalog.Health_HEALTH_PASSING, - } - - type testCase struct { - owner *pbresource.ID - } - - cases := map[string]testCase{ - "group-mismatch": { - owner: &pbresource.ID{ - Type: &pbresource.Type{ - Group: "fake", - GroupVersion: pbcatalog.Version, - Kind: pbcatalog.NodeKind, - }, - Tenancy: defaultNodeHealthStatusOwnerTenancy, - Name: "baz", - }, - }, - "group-version-mismatch": { - owner: &pbresource.ID{ - Type: &pbresource.Type{ - Group: pbcatalog.GroupName, - GroupVersion: "v99", - Kind: pbcatalog.NodeKind, - }, - Tenancy: defaultNodeHealthStatusOwnerTenancy, - Name: "baz", - }, - }, - "kind-mismatch": { - owner: &pbresource.ID{ - Type: pbcatalog.ServiceType, - Tenancy: defaultNodeHealthStatusOwnerTenancy, - Name: "baz", - }, - }, - } - - for name, tcase := range cases { - t.Run(name, func(t *testing.T) { - res := createNodeHealthStatusResource(t, data, tcase.owner) - err := ValidateNodeHealthStatus(res) - require.Error(t, err) - expected := resource.ErrOwnerTypeInvalid{ - ResourceType: pbcatalog.NodeHealthStatusType, - OwnerType: tcase.owner.Type, - } - var actual resource.ErrOwnerTypeInvalid - require.ErrorAs(t, err, &actual) - require.Equal(t, expected, actual) - }) - } -} - -func TestNodeHealthStatusACLs(t *testing.T) { - registry := resource.NewRegistry() - Register(registry) - - node := resourcetest.Resource(pbcatalog.NodeType, "test").ID() - - nodehealthStatusData := &pbcatalog.NodeHealthStatus{ - Type: "tcp", - Status: pbcatalog.Health_HEALTH_PASSING, - } - - cases := map[string]resourcetest.ACLTestCase{ - "no rules": { - Rules: ``, - Data: nodehealthStatusData, - Owner: node, - Typ: pbcatalog.NodeHealthStatusType, - ReadOK: resourcetest.DENY, - WriteOK: resourcetest.DENY, - ListOK: resourcetest.DEFAULT, - }, - "service test read with node owner": { - Rules: `service "test" { policy = "read" }`, - Data: nodehealthStatusData, - Owner: node, - Typ: pbcatalog.NodeHealthStatusType, - ReadOK: resourcetest.DENY, - WriteOK: resourcetest.DENY, - ListOK: resourcetest.DEFAULT, - }, - "service test write with node owner": { - Rules: `service "test" { policy = "write" }`, - Data: nodehealthStatusData, - Owner: node, - Typ: pbcatalog.NodeHealthStatusType, - ReadOK: resourcetest.DENY, - WriteOK: resourcetest.DENY, - ListOK: resourcetest.DEFAULT, - }, - "node test read with node owner": { - Rules: `node "test" { policy = "read" }`, - Data: nodehealthStatusData, - Owner: node, - Typ: pbcatalog.NodeHealthStatusType, - ReadOK: resourcetest.ALLOW, - WriteOK: resourcetest.DENY, - ListOK: resourcetest.DEFAULT, - }, - "node test write with node owner": { - Rules: `node "test" { policy = "write" }`, - Data: nodehealthStatusData, - Owner: node, - Typ: pbcatalog.NodeHealthStatusType, - ReadOK: resourcetest.ALLOW, - WriteOK: resourcetest.ALLOW, - ListOK: resourcetest.DEFAULT, - }, - } - - for name, tc := range cases { - t.Run(name, func(t *testing.T) { - resourcetest.RunACLTestCase(t, tc, registry) - }) - } -} diff --git a/internal/catalog/internal/types/service.go b/internal/catalog/internal/types/service.go index bb56fe10a5710..a91f3a7c51801 100644 --- a/internal/catalog/internal/types/service.go +++ b/internal/catalog/internal/types/service.go @@ -10,10 +10,9 @@ import ( "github.com/hashicorp/consul/internal/resource" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedService = resource.DecodedResource[*pbcatalog.Service] - func RegisterService(r resource.Registry) { r.Register(resource.Registration{ Type: pbcatalog.ServiceType, @@ -25,25 +24,37 @@ func RegisterService(r resource.Registry) { }) } -var MutateService = resource.DecodeAndMutate(mutateService) +func MutateService(res *pbresource.Resource) error { + var service pbcatalog.Service + + if err := res.Data.UnmarshalTo(&service); err != nil { + return err + } -func mutateService(res *DecodedService) (bool, error) { changed := false // Default service port protocols. - for _, port := range res.Data.Ports { + for _, port := range service.Ports { if port.Protocol == pbcatalog.Protocol_PROTOCOL_UNSPECIFIED { port.Protocol = pbcatalog.Protocol_PROTOCOL_TCP changed = true } } - return changed, nil + if !changed { + return nil + } + + return res.Data.MarshalFrom(&service) } -var ValidateService = resource.DecodeAndValidate(validateService) +func ValidateService(res *pbresource.Resource) error { + var service pbcatalog.Service + + if err := res.Data.UnmarshalTo(&service); err != nil { + return resource.NewErrDataParse(&service, err) + } -func validateService(res *DecodedService) error { var err error // Validate the workload selector. We are allowing selectors with no @@ -51,7 +62,7 @@ func validateService(res *DecodedService) error { // ServiceEndpoints objects for this service such as when desiring to // configure endpoint information for external services that are not // registered as workloads - if selErr := ValidateSelector(res.Data.Workloads, true); selErr != nil { + if selErr := ValidateSelector(service.Workloads, true); selErr != nil { err = multierror.Append(err, resource.ErrInvalidField{ Name: "workloads", Wrapped: selErr, @@ -61,7 +72,7 @@ func validateService(res *DecodedService) error { usedVirtualPorts := make(map[uint32]int) // Validate each port - for idx, port := range res.Data.Ports { + for idx, port := range service.Ports { if usedIdx, found := usedVirtualPorts[port.VirtualPort]; found { err = multierror.Append(err, resource.ErrInvalidListElement{ Name: "ports", @@ -119,7 +130,7 @@ func validateService(res *DecodedService) error { } // Validate that the Virtual IPs are all IP addresses - for idx, vip := range res.Data.VirtualIps { + for idx, vip := range service.VirtualIps { if vipErr := validateIPAddress(vip); vipErr != nil { err = multierror.Append(err, resource.ErrInvalidListElement{ Name: "virtual_ips", diff --git a/internal/catalog/internal/types/service_endpoints.go b/internal/catalog/internal/types/service_endpoints.go index b78a1bc705fa5..1991c455ad901 100644 --- a/internal/catalog/internal/types/service_endpoints.go +++ b/internal/catalog/internal/types/service_endpoints.go @@ -14,8 +14,6 @@ import ( "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedServiceEndpoints = resource.DecodedResource[*pbcatalog.ServiceEndpoints] - func RegisterServiceEndpoints(r resource.Registry) { r.Register(resource.Registration{ Type: pbcatalog.ServiceEndpointsType, @@ -47,9 +45,13 @@ func MutateServiceEndpoints(res *pbresource.Resource) error { return nil } -var ValidateServiceEndpoints = resource.DecodeAndValidate[*pbcatalog.ServiceEndpoints](validateServiceEndpoints) +func ValidateServiceEndpoints(res *pbresource.Resource) error { + var svcEndpoints pbcatalog.ServiceEndpoints + + if err := res.Data.UnmarshalTo(&svcEndpoints); err != nil { + return resource.NewErrDataParse(&svcEndpoints, err) + } -func validateServiceEndpoints(res *DecodedServiceEndpoints) error { var err error if !resource.EqualType(res.Owner.Type, pbcatalog.ServiceType) { err = multierror.Append(err, resource.ErrOwnerTypeInvalid{ @@ -76,8 +78,8 @@ func validateServiceEndpoints(res *DecodedServiceEndpoints) error { }) } - for idx, endpoint := range res.Data.Endpoints { - if endpointErr := validateEndpoint(endpoint, res.Resource); endpointErr != nil { + for idx, endpoint := range svcEndpoints.Endpoints { + if endpointErr := validateEndpoint(endpoint, res); endpointErr != nil { err = multierror.Append(err, resource.ErrInvalidListElement{ Name: "endpoints", Index: idx, diff --git a/internal/catalog/internal/types/types.go b/internal/catalog/internal/types/types.go index 936f2d63ce6b5..15ed6b148de76 100644 --- a/internal/catalog/internal/types/types.go +++ b/internal/catalog/internal/types/types.go @@ -14,7 +14,7 @@ func Register(r resource.Registry) { RegisterNode(r) RegisterHealthStatus(r) RegisterFailoverPolicy(r) - RegisterNodeHealthStatus(r) + // todo (v2): re-register once these resources are implemented. //RegisterHealthChecks(r) //RegisterDNSPolicy(r) diff --git a/internal/catalog/internal/types/virtual_ips.go b/internal/catalog/internal/types/virtual_ips.go index be692f63ed65a..9c7a065474059 100644 --- a/internal/catalog/internal/types/virtual_ips.go +++ b/internal/catalog/internal/types/virtual_ips.go @@ -12,8 +12,6 @@ import ( "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedVirtualIPs = resource.DecodedResource[*pbcatalog.VirtualIPs] - func RegisterVirtualIPs(r resource.Registry) { r.Register(resource.Registration{ Type: pbcatalog.VirtualIPsType, @@ -32,11 +30,15 @@ func RegisterVirtualIPs(r resource.Registry) { }) } -var ValidateVirtualIPs = resource.DecodeAndValidate(validateVirtualIPs) +func ValidateVirtualIPs(res *pbresource.Resource) error { + var vips pbcatalog.VirtualIPs + + if err := res.Data.UnmarshalTo(&vips); err != nil { + return resource.NewErrDataParse(&vips, err) + } -func validateVirtualIPs(res *DecodedVirtualIPs) error { var err error - for idx, ip := range res.Data.Ips { + for idx, ip := range vips.Ips { if vipErr := validateIPAddress(ip.Address); vipErr != nil { err = multierror.Append(err, resource.ErrInvalidListElement{ Name: "ips", diff --git a/internal/catalog/internal/types/workload.go b/internal/catalog/internal/types/workload.go index 8535a6250491d..c09513a4a5b3d 100644 --- a/internal/catalog/internal/types/workload.go +++ b/internal/catalog/internal/types/workload.go @@ -15,8 +15,6 @@ import ( "github.com/hashicorp/consul/proto-public/pbresource" ) -type DecodedWorkload = resource.DecodedResource[*pbcatalog.Workload] - func RegisterWorkload(r resource.Registry) { r.Register(resource.Registration{ Type: pbcatalog.WorkloadType, @@ -25,19 +23,23 @@ func RegisterWorkload(r resource.Registry) { Validate: ValidateWorkload, ACLs: &resource.ACLHooks{ Read: aclReadHookWorkload, - Write: resource.DecodeAndAuthorizeWrite(aclWriteHookWorkload), + Write: aclWriteHookWorkload, List: resource.NoOpACLListHook, }, }) } -var ValidateWorkload = resource.DecodeAndValidate(validateWorkload) +func ValidateWorkload(res *pbresource.Resource) error { + var workload pbcatalog.Workload + + if err := res.Data.UnmarshalTo(&workload); err != nil { + return resource.NewErrDataParse(&workload, err) + } -func validateWorkload(res *DecodedWorkload) error { var err error // Validate that the workload has at least one port - if len(res.Data.Ports) < 1 { + if len(workload.Ports) < 1 { err = multierror.Append(err, resource.ErrInvalidField{ Name: "ports", Wrapped: resource.ErrEmpty, @@ -47,7 +49,7 @@ func validateWorkload(res *DecodedWorkload) error { var meshPorts []string // Validate the Workload Ports - for portName, port := range res.Data.Ports { + for portName, port := range workload.Ports { if portNameErr := ValidatePortName(portName); portNameErr != nil { err = multierror.Append(err, resource.ErrInvalidMapKey{ Map: "ports", @@ -98,12 +100,12 @@ func validateWorkload(res *DecodedWorkload) error { // If the workload is mesh enabled then a valid identity must be provided. // If not mesh enabled but a non-empty identity is provided then we still // validate that its valid. - if len(meshPorts) > 0 && res.Data.Identity == "" { + if len(meshPorts) > 0 && workload.Identity == "" { err = multierror.Append(err, resource.ErrInvalidField{ Name: "identity", Wrapped: resource.ErrMissing, }) - } else if res.Data.Identity != "" && !isValidDNSLabel(res.Data.Identity) { + } else if workload.Identity != "" && !isValidDNSLabel(workload.Identity) { err = multierror.Append(err, resource.ErrInvalidField{ Name: "identity", Wrapped: errNotDNSLabel, @@ -111,7 +113,7 @@ func validateWorkload(res *DecodedWorkload) error { } // Validate workload locality - if res.Data.Locality != nil && res.Data.Locality.Region == "" && res.Data.Locality.Zone != "" { + if workload.Locality != nil && workload.Locality.Region == "" && workload.Locality.Zone != "" { err = multierror.Append(err, resource.ErrInvalidField{ Name: "locality", Wrapped: errLocalityZoneNoRegion, @@ -120,8 +122,8 @@ func validateWorkload(res *DecodedWorkload) error { // Node associations are optional but if present the name should // be a valid DNS label. - if res.Data.NodeName != "" { - if !isValidDNSLabel(res.Data.NodeName) { + if workload.NodeName != "" { + if !isValidDNSLabel(workload.NodeName) { err = multierror.Append(err, resource.ErrInvalidField{ Name: "node_name", Wrapped: errNotDNSLabel, @@ -129,7 +131,7 @@ func validateWorkload(res *DecodedWorkload) error { } } - if len(res.Data.Addresses) < 1 { + if len(workload.Addresses) < 1 { err = multierror.Append(err, resource.ErrInvalidField{ Name: "addresses", Wrapped: resource.ErrEmpty, @@ -137,8 +139,8 @@ func validateWorkload(res *DecodedWorkload) error { } // Validate Workload Addresses - for idx, addr := range res.Data.Addresses { - if addrErr := validateWorkloadAddress(addr, res.Data.Ports); addrErr != nil { + for idx, addr := range workload.Addresses { + if addrErr := validateWorkloadAddress(addr, workload.Ports); addrErr != nil { err = multierror.Append(err, resource.ErrInvalidListElement{ Name: "addresses", Index: idx, @@ -154,21 +156,26 @@ func aclReadHookWorkload(authorizer acl.Authorizer, authzContext *acl.Authorizer return authorizer.ToAllowAuthorizer().ServiceReadAllowed(id.GetName(), authzContext) } -func aclWriteHookWorkload(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *DecodedWorkload) error { +func aclWriteHookWorkload(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + decodedWorkload, err := resource.Decode[*pbcatalog.Workload](res) + if err != nil { + return resource.ErrNeedResource + } + // First check service:write on the workload name. - err := authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetId().GetName(), authzContext) + err = authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetId().GetName(), authzContext) if err != nil { return err } // Check node:read permissions if node is specified. - if res.Data.GetNodeName() != "" { - return authorizer.ToAllowAuthorizer().NodeReadAllowed(res.Data.GetNodeName(), authzContext) + if decodedWorkload.GetData().GetNodeName() != "" { + return authorizer.ToAllowAuthorizer().NodeReadAllowed(decodedWorkload.GetData().GetNodeName(), authzContext) } // Check identity:read permissions if identity is specified. - if res.Data.GetIdentity() != "" { - return authorizer.ToAllowAuthorizer().IdentityReadAllowed(res.Data.GetIdentity(), authzContext) + if decodedWorkload.GetData().GetIdentity() != "" { + return authorizer.ToAllowAuthorizer().IdentityReadAllowed(decodedWorkload.GetData().GetIdentity(), authzContext) } return nil diff --git a/internal/controller/api_test.go b/internal/controller/api_test.go index e6d2b8a034460..40d3ec99bebdb 100644 --- a/internal/controller/api_test.go +++ b/internal/controller/api_test.go @@ -23,9 +23,7 @@ func TestController_API(t *testing.T) { t.Parallel() rec := newTestReconciler() - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + client := svctest.RunResourceService(t, demo.RegisterTypes) concertsChan := make(chan controller.Event) defer close(concertsChan) @@ -166,9 +164,7 @@ func TestController_Placement(t *testing.T) { t.Run("singleton", func(t *testing.T) { rec := newTestReconciler() - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + client := svctest.RunResourceService(t, demo.RegisterTypes) ctrl := controller. ForType(demo.TypeV2Artist). @@ -201,9 +197,7 @@ func TestController_Placement(t *testing.T) { t.Run("each server", func(t *testing.T) { rec := newTestReconciler() - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) + client := svctest.RunResourceService(t, demo.RegisterTypes) ctrl := controller. ForType(demo.TypeV2Artist). @@ -239,10 +233,7 @@ func TestController_String(t *testing.T) { } func TestController_NoReconciler(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) - + client := svctest.RunResourceService(t, demo.RegisterTypes) mgr := controller.NewManager(client, testutil.Logger(t)) ctrl := controller.ForType(demo.TypeV2Artist) @@ -251,92 +242,6 @@ func TestController_NoReconciler(t *testing.T) { func() { mgr.Register(ctrl) }) } -func TestController_Watch(t *testing.T) { - t.Parallel() - - t.Run("partitioned scoped resources", func(t *testing.T) { - rec := newTestReconciler() - - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - ctrl := controller. - ForType(demo.TypeV1RecordLabel). - WithReconciler(rec) - - mgr := controller.NewManager(client, testutil.Logger(t)) - mgr.SetRaftLeader(true) - mgr.Register(ctrl) - - ctx := testContext(t) - go mgr.Run(ctx) - - res, err := demo.GenerateV1RecordLabel("test") - require.NoError(t, err) - - rsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: res}) - require.NoError(t, err) - - req := rec.wait(t) - prototest.AssertDeepEqual(t, rsp.Resource.Id, req.ID) - }) - - t.Run("cluster scoped resources", func(t *testing.T) { - rec := newTestReconciler() - - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - ctrl := controller. - ForType(demo.TypeV1Executive). - WithReconciler(rec) - - mgr := controller.NewManager(client, testutil.Logger(t)) - mgr.SetRaftLeader(true) - mgr.Register(ctrl) - - go mgr.Run(testContext(t)) - - exec, err := demo.GenerateV1Executive("test", "CEO") - require.NoError(t, err) - - rsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: exec}) - require.NoError(t, err) - - req := rec.wait(t) - prototest.AssertDeepEqual(t, rsp.Resource.Id, req.ID) - }) - - t.Run("namespace scoped resources", func(t *testing.T) { - rec := newTestReconciler() - - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) - - ctrl := controller. - ForType(demo.TypeV2Artist). - WithReconciler(rec) - - mgr := controller.NewManager(client, testutil.Logger(t)) - mgr.SetRaftLeader(true) - mgr.Register(ctrl) - - go mgr.Run(testContext(t)) - - artist, err := demo.GenerateV2Artist() - require.NoError(t, err) - - rsp, err := client.Write(testContext(t), &pbresource.WriteRequest{Resource: artist}) - require.NoError(t, err) - - req := rec.wait(t) - prototest.AssertDeepEqual(t, rsp.Resource.Id, req.ID) - }) -} - func newTestReconciler() *testReconciler { return &testReconciler{ calls: make(chan controller.Request), diff --git a/internal/controller/controller.go b/internal/controller/controller.go index 97955db6a3c15..ac901d355b6e3 100644 --- a/internal/controller/controller.go +++ b/internal/controller/controller.go @@ -14,6 +14,7 @@ import ( "github.com/hashicorp/consul/agent/consul/controller/queue" "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/internal/storage" "github.com/hashicorp/consul/proto-public/pbresource" ) @@ -91,6 +92,11 @@ func runQueue[T queue.ItemType](ctx context.Context, ctrl Controller) queue.Work func (c *controllerRunner) watch(ctx context.Context, typ *pbresource.Type, add func(*pbresource.Resource)) error { wl, err := c.client.WatchList(ctx, &pbresource.WatchListRequest{ Type: typ, + Tenancy: &pbresource.Tenancy{ + Partition: storage.Wildcard, + PeerName: storage.Wildcard, + Namespace: storage.Wildcard, + }, }) if err != nil { c.logger.Error("failed to create watch", "error", err) diff --git a/internal/controller/dependencies.go b/internal/controller/dependencies.go deleted file mode 100644 index 6a91d91ff7b72..0000000000000 --- a/internal/controller/dependencies.go +++ /dev/null @@ -1,100 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package controller - -import ( - "fmt" - "sort" - "strings" - - "github.com/hashicorp/go-multierror" - - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/proto-public/pbresource" -) - -func (m *Manager) ValidateDependencies(registrations []resource.Registration) error { - deps := m.CalculateDependencies(registrations) - - return deps.validate() -} - -type Dependencies map[string][]string - -func (deps Dependencies) validate() error { - var merr error - seen := make(map[string]map[string]struct{}) - - mkErr := func(src, dst string) error { - vals := []string{src, dst} - sort.Strings(vals) - return fmt.Errorf("circular dependency between %q and %q", vals[0], vals[1]) - } - - for src, dsts := range deps { - seenDsts := seen[src] - if len(seenDsts) == 0 { - seen[src] = make(map[string]struct{}) - } - - for _, dst := range dsts { - if _, ok := seenDsts[dst]; ok { - merr = multierror.Append(merr, mkErr(src, dst)) - } - - if inverseDsts := seen[dst]; len(inverseDsts) > 0 { - if _, ok := inverseDsts[src]; ok { - merr = multierror.Append(merr, mkErr(src, dst)) - } - } - seen[src][dst] = struct{}{} - } - } - - return merr -} - -func (m *Manager) CalculateDependencies(registrations []resource.Registration) Dependencies { - typeToString := func(t *pbresource.Type) string { - return strings.ToLower(fmt.Sprintf("%s/%s/%s", t.Group, t.GroupVersion, t.Kind)) - } - - out := make(map[string][]string) - for _, r := range registrations { - out[typeToString(r.Type)] = nil - } - - for _, c := range m.controllers { - watches := make([]string, 0, len(c.watches)) - for _, w := range c.watches { - watches = append(watches, typeToString(w.watchedType)) - } - - out[typeToString(c.managedType)] = watches - } - - return out -} - -func (deps Dependencies) ToMermaid() string { - depStrings := make([]string, 0, len(deps)) - - for src, dsts := range deps { - if len(dsts) == 0 { - depStrings = append(depStrings, fmt.Sprintf(" %s", src)) - continue - } - - for _, dst := range dsts { - depStrings = append(depStrings, fmt.Sprintf(" %s --> %s", src, dst)) - } - } - - sort.Slice(depStrings, func(a, b int) bool { - return depStrings[a] < depStrings[b] - }) - out := "flowchart TD\n" + strings.Join(depStrings, "\n") - - return out -} diff --git a/internal/controller/dependencies_test.go b/internal/controller/dependencies_test.go deleted file mode 100644 index 18db58a2853ae..0000000000000 --- a/internal/controller/dependencies_test.go +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package controller - -import ( - "testing" - - "github.com/hashicorp/consul/internal/testing/golden" - "github.com/stretchr/testify/require" -) - -func TestDependenciesGolden(t *testing.T) { - deps := Dependencies{ - "t1": []string{"t2", "t3"}, - "t2": []string{"t4"}, - "t4": []string{"t1"}, - } - mermaid := deps.ToMermaid() - expected := golden.Get(t, mermaid, "dependencies.golden") - require.Equal(t, expected, mermaid) -} - -func TestValidateDependencies(t *testing.T) { - type testCase struct { - dependencies Dependencies - expectErr string - } - - run := func(t *testing.T, tc testCase) { - err := tc.dependencies.validate() - if len(tc.expectErr) > 0 { - require.Contains(t, err.Error(), tc.expectErr) - } else { - require.NoError(t, err) - } - - } - - cases := map[string]testCase{ - "empty": { - dependencies: nil, - }, - "no circular dependencies": { - dependencies: Dependencies{ - "t1": []string{"t2", "t3"}, - "t2": []string{"t3"}, - "t3": []string{"t4"}, - "t4": nil, - }, - }, - "with circular dependency": { - dependencies: Dependencies{ - "t1": []string{"t2", "t3"}, - "t2": []string{"t1"}, - }, - expectErr: `circular dependency between "t1" and "t2"`, - }, - } - - for name, tc := range cases { - t.Run(name, func(t *testing.T) { - run(t, tc) - }) - } -} diff --git a/internal/controller/manager.go b/internal/controller/manager.go index 2e46b21400837..1e7e910210616 100644 --- a/internal/controller/manager.go +++ b/internal/controller/manager.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/go-hclog" + "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/proto-public/pbresource" ) @@ -67,7 +68,7 @@ func (m *Manager) Run(ctx context.Context) { for _, desc := range m.controllers { logger := desc.logger if logger == nil { - logger = m.logger.With("managed_type", desc.managedType.Kind) + logger = m.logger.With("managed_type", resource.ToGVK(desc.managedType)) } runner := &controllerRunner{ diff --git a/internal/controller/testdata/dependencies.golden b/internal/controller/testdata/dependencies.golden deleted file mode 100644 index f0ff372a1634f..0000000000000 --- a/internal/controller/testdata/dependencies.golden +++ /dev/null @@ -1,5 +0,0 @@ -flowchart TD - t1 --> t2 - t1 --> t3 - t2 --> t4 - t4 --> t1 \ No newline at end of file diff --git a/internal/go-sso/oidcauth/config.go b/internal/go-sso/oidcauth/config.go index a5e0e8bcb681d..84bbac9e0cbe5 100644 --- a/internal/go-sso/oidcauth/config.go +++ b/internal/go-sso/oidcauth/config.go @@ -45,6 +45,7 @@ type Config struct { // Comma-separated list of 'aud' claims that are valid for login; any match // is sufficient + // TODO(sso): actually just send these down as string claims? BoundAudiences []string // Mappings of claims (key) that will be copied to a metadata field diff --git a/internal/go-sso/oidcauth/oidc.go b/internal/go-sso/oidcauth/oidc.go index cd78762510952..df00dfcc25f60 100644 --- a/internal/go-sso/oidcauth/oidc.go +++ b/internal/go-sso/oidcauth/oidc.go @@ -235,8 +235,7 @@ func (a *Authenticator) verifyOIDCToken(ctx context.Context, rawToken string) (m if err := idToken.Claims(&allClaims); err != nil { return nil, fmt.Errorf("unable to successfully parse all claims from token: %v", err) } - // Follows behavior of hashicorp/vault-plugin-auth-jwt (non-strict validation). - // See https://developer.hashicorp.com/consul/docs/security/acl/auth-methods/oidc#oidc-configuration-troubleshooting. + // TODO(sso): why isn't this strict for OIDC? if err := validateAudience(a.config.BoundAudiences, idToken.Audience, false); err != nil { return nil, fmt.Errorf("error validating claims: %v", err) } diff --git a/internal/mesh/internal/controllers/explicitdestinations/controller_test.go b/internal/mesh/internal/controllers/explicitdestinations/controller_test.go index e21041e818ddf..72004eecbadb8 100644 --- a/internal/mesh/internal/controllers/explicitdestinations/controller_test.go +++ b/internal/mesh/internal/controllers/explicitdestinations/controller_test.go @@ -5,7 +5,6 @@ package explicitdestinations import ( "context" - "fmt" "testing" "github.com/stretchr/testify/require" @@ -58,150 +57,135 @@ type controllerTestSuite struct { destService3Routes *pbmesh.ComputedRoutes expComputedDest *pbmesh.ComputedExplicitDestinations - tenancies []*pbresource.Tenancy } func TestFindDuplicates(t *testing.T) { // Create some conflicting destinations. - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - dest1 := &pbmesh.Destinations{ - Workloads: &pbcatalog.WorkloadSelector{ - Names: []string{"foo"}, - }, - Destinations: []*pbmesh.Destination{ - { - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{ - Ip: "127.0.0.1", - Port: 1000, - }, + dest1 := &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{ + Names: []string{"foo"}, + }, + Destinations: []*pbmesh.Destination{ + { + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1000, }, }, - { - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{ - Ip: "127.0.0.1", - Port: 2000, - }, + }, + { + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 2000, }, }, }, - } - dest2 := &pbmesh.Destinations{ - Workloads: &pbcatalog.WorkloadSelector{ - Names: []string{"foo"}, - }, - Destinations: []*pbmesh.Destination{ - { - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{ - Ip: "127.0.0.1", - Port: 1000, - }, + }, + } + dest2 := &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{ + Names: []string{"foo"}, + }, + Destinations: []*pbmesh.Destination{ + { + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1000, }, }, }, - } - dest3 := &pbmesh.Destinations{ - Workloads: &pbcatalog.WorkloadSelector{ - Names: []string{"foo"}, - }, - Destinations: []*pbmesh.Destination{ - { - ListenAddr: &pbmesh.Destination_Unix{ - Unix: &pbmesh.UnixSocketAddress{ - Path: "/foo/bar", - }, + }, + } + dest3 := &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{ + Names: []string{"foo"}, + }, + Destinations: []*pbmesh.Destination{ + { + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{ + Path: "/foo/bar", }, }, }, - } - dest4 := &pbmesh.Destinations{ - Workloads: &pbcatalog.WorkloadSelector{ - Names: []string{"foo"}, - }, - Destinations: []*pbmesh.Destination{ - { - ListenAddr: &pbmesh.Destination_Unix{ - Unix: &pbmesh.UnixSocketAddress{ - Path: "/foo/bar", - }, + }, + } + dest4 := &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{ + Names: []string{"foo"}, + }, + Destinations: []*pbmesh.Destination{ + { + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{ + Path: "/foo/bar", }, }, }, - } - destNonConflicting := &pbmesh.Destinations{ - Workloads: &pbcatalog.WorkloadSelector{ - Names: []string{"foo"}, - }, - Destinations: []*pbmesh.Destination{ - { - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{ - Ip: "127.0.0.1", - Port: 3000, - }, + }, + } + destNonConflicting := &pbmesh.Destinations{ + Workloads: &pbcatalog.WorkloadSelector{ + Names: []string{"foo"}, + }, + Destinations: []*pbmesh.Destination{ + { + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 3000, }, }, - { - ListenAddr: &pbmesh.Destination_Unix{ - Unix: &pbmesh.UnixSocketAddress{ - Path: "/baz/bar", - }, + }, + { + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{ + Path: "/baz/bar", }, }, }, - } + }, + } - var destinations []*types.DecodedDestinations - dest1Res := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). - WithData(t, dest1). - WithTenancy(tenancy). - Build() - destinations = append(destinations, resourcetest.MustDecode[*pbmesh.Destinations](t, dest1Res)) - dest2Res := resourcetest.Resource(pbmesh.DestinationsType, "dest2"). - WithData(t, dest2). - WithTenancy(tenancy). - Build() - destinations = append(destinations, resourcetest.MustDecode[*pbmesh.Destinations](t, dest2Res)) - dest3Res := resourcetest.Resource(pbmesh.DestinationsType, "dest3"). - WithData(t, dest3). - WithTenancy(tenancy). - Build() - destinations = append(destinations, resourcetest.MustDecode[*pbmesh.Destinations](t, dest3Res)) - dest4Res := resourcetest.Resource(pbmesh.DestinationsType, "dest4"). - WithData(t, dest4). - WithTenancy(tenancy). - Build() - destinations = append(destinations, resourcetest.MustDecode[*pbmesh.Destinations](t, dest4Res)) - nonConflictingDestRes := resourcetest.Resource(pbmesh.DestinationsType, "nonConflictingDest"). - WithData(t, destNonConflicting). - WithTenancy(tenancy). - Build() - destinations = append(destinations, resourcetest.MustDecode[*pbmesh.Destinations](t, nonConflictingDestRes)) - - duplicates := findConflicts(destinations) - - require.Contains(t, duplicates, resource.NewReferenceKey(dest1Res.Id)) - require.Contains(t, duplicates, resource.NewReferenceKey(dest2Res.Id)) - require.Contains(t, duplicates, resource.NewReferenceKey(dest3Res.Id)) - require.Contains(t, duplicates, resource.NewReferenceKey(dest4Res.Id)) - require.NotContains(t, duplicates, resource.NewReferenceKey(nonConflictingDestRes.Id)) - }, t) + var destinations []*types.DecodedDestinations + dest1Res := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). + WithData(t, dest1). + Build() + destinations = append(destinations, resourcetest.MustDecode[*pbmesh.Destinations](t, dest1Res)) + dest2Res := resourcetest.Resource(pbmesh.DestinationsType, "dest2"). + WithData(t, dest2). + Build() + destinations = append(destinations, resourcetest.MustDecode[*pbmesh.Destinations](t, dest2Res)) + dest3Res := resourcetest.Resource(pbmesh.DestinationsType, "dest3"). + WithData(t, dest3). + Build() + destinations = append(destinations, resourcetest.MustDecode[*pbmesh.Destinations](t, dest3Res)) + dest4Res := resourcetest.Resource(pbmesh.DestinationsType, "dest4"). + WithData(t, dest4). + Build() + destinations = append(destinations, resourcetest.MustDecode[*pbmesh.Destinations](t, dest4Res)) + nonConflictingDestRes := resourcetest.Resource(pbmesh.DestinationsType, "nonConflictingDest"). + WithData(t, destNonConflicting). + Build() + destinations = append(destinations, resourcetest.MustDecode[*pbmesh.Destinations](t, nonConflictingDestRes)) + + duplicates := findConflicts(destinations) + + require.Contains(t, duplicates, resource.NewReferenceKey(dest1Res.Id)) + require.Contains(t, duplicates, resource.NewReferenceKey(dest2Res.Id)) + require.Contains(t, duplicates, resource.NewReferenceKey(dest3Res.Id)) + require.Contains(t, duplicates, resource.NewReferenceKey(dest4Res.Id)) + require.NotContains(t, duplicates, resource.NewReferenceKey(nonConflictingDestRes.Id)) } func (suite *controllerTestSuite) SetupTest() { - suite.tenancies = resourcetest.TestTenancies() - resourceClient := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - WithTenancies(suite.tenancies...). - Run(suite.T()) + resourceClient := svctest.RunResourceService(suite.T(), types.Register, catalog.RegisterTypes) + suite.client = resourcetest.NewClient(resourceClient) suite.runtime = controller.Runtime{Client: resourceClient, Logger: testutil.Logger(suite.T())} suite.ctx = testutil.TestContext(suite.T()) - suite.client = resourcetest.NewClient(resourceClient) -} - -func (suite *controllerTestSuite) setupWithTenancy(tenancy *pbresource.Tenancy) { suite.ctl = &reconciler{ mapper: mapper.New(), @@ -218,13 +202,8 @@ func (suite *controllerTestSuite) setupWithTenancy(tenancy *pbresource.Tenancy) suite.workloadRes = resourcetest.Resource(pbcatalog.WorkloadType, "test-workload"). WithData(suite.T(), suite.workload). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(func() { - suite.client.MustDelete(suite.T(), suite.workloadRes.Id) - }) - suite.serviceData = &pbcatalog.Service{ Workloads: &pbcatalog.WorkloadSelector{Names: []string{"service-1-workloads"}}, Ports: []*pbcatalog.ServicePort{ @@ -243,31 +222,18 @@ func (suite *controllerTestSuite) setupWithTenancy(tenancy *pbresource.Tenancy) }, } suite.destService1 = resourcetest.Resource(pbcatalog.ServiceType, "dest-service-1"). - WithTenancy(tenancy). + WithTenancy(resource.DefaultNamespacedTenancy()). WithData(suite.T(), suite.serviceData). Build() - - suite.T().Cleanup(func() { - suite.client.MustDelete(suite.T(), suite.destService1.Id) - }) - suite.destService2 = resourcetest.Resource(pbcatalog.ServiceType, "dest-service-2"). - WithTenancy(tenancy). + WithTenancy(resource.DefaultNamespacedTenancy()). WithData(suite.T(), suite.serviceData). Build() - suite.T().Cleanup(func() { - suite.client.MustDelete(suite.T(), suite.destService2.Id) - }) - suite.destService3 = resourcetest.Resource(pbcatalog.ServiceType, "dest-service-3"). - WithTenancy(tenancy). + WithTenancy(resource.DefaultNamespacedTenancy()). WithData(suite.T(), suite.serviceData). Build() - suite.T().Cleanup(func() { - suite.client.MustDelete(suite.T(), suite.destService3.Id) - }) - suite.destService1Ref = resource.Reference(suite.destService1.Id, "") suite.destService2Ref = resource.Reference(suite.destService2.Id, "") suite.destService3Ref = resource.Reference(suite.destService3.Id, "") @@ -387,430 +353,373 @@ func (suite *controllerTestSuite) setupWithTenancy(tenancy *pbresource.Tenancy) } func (suite *controllerTestSuite) TestReconcile_NoWorkload() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - id := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, "not-found").WithTenancy(tenancy).ID() - dest := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest1). - Build() - decDest := resourcetest.MustDecode[*pbmesh.Destinations](suite.T(), dest) - suite.ctl.mapper.TrackDestinations(id, []*types.DecodedDestinations{decDest}) - - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: id, - }) - require.NoError(suite.T(), err) + id := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, "not-found").ID() + dest := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). + WithData(suite.T(), suite.dest1). + Build() + decDest := resourcetest.MustDecode[*pbmesh.Destinations](suite.T(), dest) + suite.ctl.mapper.TrackDestinations(id, []*types.DecodedDestinations{decDest}) + + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: id, + }) + require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), id) + suite.client.RequireResourceNotFound(suite.T(), id) - // Check that we're not tracking services for this workload anymore. - reqs, err := suite.ctl.mapper.MapService(context.TODO(), controller.Runtime{}, suite.destService1) - require.NoError(suite.T(), err) - require.Nil(suite.T(), reqs) + // Check that we're not tracking services for this workload anymore. + reqs, err := suite.ctl.mapper.MapService(context.TODO(), controller.Runtime{}, suite.destService1) + require.NoError(suite.T(), err) + require.Nil(suite.T(), reqs) - reqs, err = suite.ctl.mapper.MapService(context.TODO(), controller.Runtime{}, suite.destService2) - require.NoError(suite.T(), err) - require.Nil(suite.T(), reqs) - }) + reqs, err = suite.ctl.mapper.MapService(context.TODO(), controller.Runtime{}, suite.destService2) + require.NoError(suite.T(), err) + require.Nil(suite.T(), reqs) } func (suite *controllerTestSuite) TestReconcile_NonMeshWorkload() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - resourcetest.Resource(pbcatalog.WorkloadType, "non-mesh"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{{Host: "1.1.1.1"}}, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - }, - }). - Write(suite.T(), suite.client) + resourcetest.Resource(pbcatalog.WorkloadType, "non-mesh"). + WithData(suite.T(), &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{{Host: "1.1.1.1"}}, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + }, + }). + Write(suite.T(), suite.client) - cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, "non-mesh"). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id + cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, "non-mesh"). + Write(suite.T(), suite.client).Id - dest := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest1). - Build() - decDest := resourcetest.MustDecode[*pbmesh.Destinations](suite.T(), dest) - suite.ctl.mapper.TrackDestinations(cdID, []*types.DecodedDestinations{decDest}) + dest := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). + WithData(suite.T(), suite.dest1). + Build() + decDest := resourcetest.MustDecode[*pbmesh.Destinations](suite.T(), dest) + suite.ctl.mapper.TrackDestinations(cdID, []*types.DecodedDestinations{decDest}) - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) - require.NoError(suite.T(), err) + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, + }) + require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), cdID) + suite.client.RequireResourceNotFound(suite.T(), cdID) - // Check that we're not tracking services for this workload anymore. - reqs, err := suite.ctl.mapper.MapService(context.TODO(), controller.Runtime{}, suite.destService1) - require.NoError(suite.T(), err) - require.Nil(suite.T(), reqs) + // Check that we're not tracking services for this workload anymore. + reqs, err := suite.ctl.mapper.MapService(context.TODO(), controller.Runtime{}, suite.destService1) + require.NoError(suite.T(), err) + require.Nil(suite.T(), reqs) - reqs, err = suite.ctl.mapper.MapService(context.TODO(), controller.Runtime{}, suite.destService2) - require.NoError(suite.T(), err) - require.Nil(suite.T(), reqs) - }) + reqs, err = suite.ctl.mapper.MapService(context.TODO(), controller.Runtime{}, suite.destService2) + require.NoError(suite.T(), err) + require.Nil(suite.T(), reqs) } -func (suite *controllerTestSuite) writeServices(t *testing.T, tenancy *pbresource.Tenancy) { +func (suite *controllerTestSuite) writeServices(t *testing.T) { // Write all services. resourcetest.Resource(pbcatalog.ServiceType, suite.destService1Ref.Name). - WithTenancy(tenancy). WithData(t, suite.serviceData). Write(t, suite.client) resourcetest.Resource(pbcatalog.ServiceType, suite.destService2Ref.Name). - WithTenancy(tenancy). WithData(t, suite.serviceData). Write(t, suite.client) resourcetest.Resource(pbcatalog.ServiceType, suite.destService3Ref.Name). - WithTenancy(tenancy). WithData(t, suite.serviceData). Write(t, suite.client) } -func (suite *controllerTestSuite) writeComputedRoutes(t *testing.T, tenancy *pbresource.Tenancy) { +func (suite *controllerTestSuite) writeComputedRoutes(t *testing.T) { // Write computed routes resourcetest.Resource(pbmesh.ComputedRoutesType, suite.destService1Ref.Name). - WithTenancy(tenancy). WithData(t, suite.destService1Routes). Write(t, suite.client) resourcetest.Resource(pbmesh.ComputedRoutesType, suite.destService2Ref.Name). - WithTenancy(tenancy). WithData(t, suite.destService2Routes). Write(t, suite.client) resourcetest.Resource(pbmesh.ComputedRoutesType, suite.destService3Ref.Name). - WithTenancy(tenancy). WithData(t, suite.destService3Routes). Write(t, suite.client) } func (suite *controllerTestSuite) TestReconcile_HappyPath() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Add configs in reverse alphabetical order. - d2 := resourcetest.Resource(pbmesh.DestinationsType, "dest2"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest2). - Write(suite.T(), suite.client) - _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, d2) - require.NoError(suite.T(), err) + // Add configs in reverse alphabetical order. + d2 := resourcetest.Resource(pbmesh.DestinationsType, "dest2"). + WithData(suite.T(), suite.dest2). + Write(suite.T(), suite.client) + _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, d2) + require.NoError(suite.T(), err) - d1 := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest1). - Write(suite.T(), suite.client) - _, err = suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, d1) - require.NoError(suite.T(), err) + d1 := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). + WithData(suite.T(), suite.dest1). + Write(suite.T(), suite.client) + _, err = suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, d1) + require.NoError(suite.T(), err) - suite.writeServices(suite.T(), tenancy) - suite.writeComputedRoutes(suite.T(), tenancy) + suite.writeServices(suite.T()) + suite.writeComputedRoutes(suite.T()) - cdID := resource.ReplaceType(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id) - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) + cdID := resource.ReplaceType(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id) + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, + }) - require.NoError(suite.T(), err) + require.NoError(suite.T(), err) - suite.requireComputedDestinations(suite.T(), cdID) - suite.client.RequireStatusCondition(suite.T(), d1.Id, ControllerName, ConditionDestinationsAccepted()) - }) + suite.requireComputedDestinations(suite.T(), cdID) + suite.client.RequireStatusCondition(suite.T(), d1.Id, ControllerName, ConditionDestinationsAccepted()) } func (suite *controllerTestSuite) TestReconcile_NoDestinations() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest1). - Build() - _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) - require.NoError(suite.T(), err) - - cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) - - require.NoError(suite.T(), err) + dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). + WithData(suite.T(), suite.dest1). + Build() + _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) + require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), cdID) + cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). + Write(suite.T(), suite.client).Id + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, }) + + require.NoError(suite.T(), err) + + suite.client.RequireResourceNotFound(suite.T(), cdID) } func (suite *controllerTestSuite) TestReconcile_AllDestinationsInvalid() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // We add a destination with services refs that don't exist which should result - // in computed mapper being deleted because all mapper are invalid. - dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest1). - Write(suite.T(), suite.client) - _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) - require.NoError(suite.T(), err) - - cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) - - require.NoError(suite.T(), err) + // We add a destination with services refs that don't exist which should result + // in computed mapper being deleted because all mapper are invalid. + dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). + WithData(suite.T(), suite.dest1). + Write(suite.T(), suite.client) + _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) + require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), cdID) + cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). + Write(suite.T(), suite.client).Id + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, }) + + require.NoError(suite.T(), err) + + suite.client.RequireResourceNotFound(suite.T(), cdID) } func (suite *controllerTestSuite) TestReconcile_StatusUpdate_ConflictingDestination() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - dest1 := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest1). - Write(suite.T(), suite.client) - _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest1) - require.NoError(suite.T(), err) + dest1 := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). + WithData(suite.T(), suite.dest1). + Write(suite.T(), suite.client) + _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest1) + require.NoError(suite.T(), err) - // Write a conflicting destinations resource. - destData := proto.Clone(suite.dest2).(*pbmesh.Destinations) - destData.Destinations[0] = suite.dest1.Destinations[0] + // Write a conflicting destinations resource. + destData := proto.Clone(suite.dest2).(*pbmesh.Destinations) + destData.Destinations[0] = suite.dest1.Destinations[0] - dest2 := resourcetest.Resource(pbmesh.DestinationsType, "dest2"). - WithTenancy(tenancy). - WithData(suite.T(), destData). - Write(suite.T(), suite.client) - _, err = suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest2) - require.NoError(suite.T(), err) - - cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) - require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), cdID) - - // Expect that the status on both resource is updated showing conflict. - suite.client.RequireStatusCondition(suite.T(), dest1.Id, ControllerName, - ConditionConflictFound(suite.workloadRes.Id)) - suite.client.RequireStatusCondition(suite.T(), dest2.Id, ControllerName, - ConditionConflictFound(suite.workloadRes.Id)) - - // Update dest2 back to have non-conflicting data. - dest2 = resourcetest.Resource(pbmesh.DestinationsType, "dest2"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest2). - Write(suite.T(), suite.client) - _, err = suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest2) - require.NoError(suite.T(), err) + dest2 := resourcetest.Resource(pbmesh.DestinationsType, "dest2"). + WithData(suite.T(), destData). + Write(suite.T(), suite.client) + _, err = suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest2) + require.NoError(suite.T(), err) - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) - require.NoError(suite.T(), err) + cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). + Write(suite.T(), suite.client).Id + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, + }) + require.NoError(suite.T(), err) + suite.client.RequireResourceNotFound(suite.T(), cdID) + + // Expect that the status on both resource is updated showing conflict. + suite.client.RequireStatusCondition(suite.T(), dest1.Id, ControllerName, + ConditionConflictFound(suite.workloadRes.Id)) + suite.client.RequireStatusCondition(suite.T(), dest2.Id, ControllerName, + ConditionConflictFound(suite.workloadRes.Id)) + + // Update dest2 back to have non-conflicting data. + dest2 = resourcetest.Resource(pbmesh.DestinationsType, "dest2"). + WithData(suite.T(), suite.dest2). + Write(suite.T(), suite.client) + _, err = suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest2) + require.NoError(suite.T(), err) - // Expect status on both to be updated to say that there's no conflict. - suite.client.RequireStatusCondition(suite.T(), dest1.Id, ControllerName, - ConditionConflictNotFound) - suite.client.RequireStatusCondition(suite.T(), dest2.Id, ControllerName, - ConditionConflictNotFound) + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, }) + require.NoError(suite.T(), err) + + // Expect status on both to be updated to say that there's no conflict. + suite.client.RequireStatusCondition(suite.T(), dest1.Id, ControllerName, + ConditionConflictNotFound) + suite.client.RequireStatusCondition(suite.T(), dest2.Id, ControllerName, + ConditionConflictNotFound) } func (suite *controllerTestSuite) TestReconcile_StatusUpdate_NoService() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest2). - Write(suite.T(), suite.client) - _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) - require.NoError(suite.T(), err) - cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) - require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), cdID) - - suite.client.RequireStatusCondition(suite.T(), dest.Id, ControllerName, - ConditionDestinationServiceNotFound(resource.ReferenceToString(suite.destService3Ref))) + dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). + WithData(suite.T(), suite.dest2). + Write(suite.T(), suite.client) + _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) + require.NoError(suite.T(), err) + cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). + Write(suite.T(), suite.client).Id + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, }) + require.NoError(suite.T(), err) + suite.client.RequireResourceNotFound(suite.T(), cdID) + + suite.client.RequireStatusCondition(suite.T(), dest.Id, ControllerName, + ConditionDestinationServiceNotFound(resource.ReferenceToString(suite.destService3Ref))) } func (suite *controllerTestSuite) TestReconcile_StatusUpdate_ServiceNotOnMesh() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest2). - Write(suite.T(), suite.client) - _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) - require.NoError(suite.T(), err) - - resourcetest.Resource(pbcatalog.ServiceType, suite.destService3Ref.Name). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Names: []string{suite.workloadRes.Id.Name}}, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "tcp", - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - }, - }, - }). - Write(suite.T(), suite.client) + dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). + WithData(suite.T(), suite.dest2). + Write(suite.T(), suite.client) + _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) + require.NoError(suite.T(), err) - cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id + resourcetest.Resource(pbcatalog.ServiceType, suite.destService3Ref.Name). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{suite.workloadRes.Id.Name}}, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "tcp", + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + }, + }, + }). + Write(suite.T(), suite.client) - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) - require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), cdID) + cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). + Write(suite.T(), suite.client).Id - suite.client.RequireStatusCondition(suite.T(), dest.Id, ControllerName, - ConditionMeshProtocolNotFound(resource.ReferenceToString(suite.destService3Ref))) + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, }) + require.NoError(suite.T(), err) + suite.client.RequireResourceNotFound(suite.T(), cdID) + + suite.client.RequireStatusCondition(suite.T(), dest.Id, ControllerName, + ConditionMeshProtocolNotFound(resource.ReferenceToString(suite.destService3Ref))) } func (suite *controllerTestSuite) TestReconcile_StatusUpdate_DestinationPortIsMesh() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest2). - Write(suite.T(), suite.client) - _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) - require.NoError(suite.T(), err) - - resourcetest.Resource(pbcatalog.ServiceType, suite.destService3Ref.Name). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Names: []string{suite.workloadRes.Id.Name}}, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "tcp", - Protocol: pbcatalog.Protocol_PROTOCOL_MESH, - }, - }, - }). - Write(suite.T(), suite.client) + dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). + WithData(suite.T(), suite.dest2). + Write(suite.T(), suite.client) + _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) + require.NoError(suite.T(), err) - cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id + resourcetest.Resource(pbcatalog.ServiceType, suite.destService3Ref.Name). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{suite.workloadRes.Id.Name}}, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "tcp", + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, + }, + }, + }). + Write(suite.T(), suite.client) - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) - require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), cdID) + cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). + Write(suite.T(), suite.client).Id - suite.client.RequireStatusCondition(suite.T(), dest.Id, ControllerName, - ConditionMeshProtocolDestinationPort(resource.ReferenceToString(suite.destService3Ref), "tcp")) + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, }) + require.NoError(suite.T(), err) + suite.client.RequireResourceNotFound(suite.T(), cdID) + + suite.client.RequireStatusCondition(suite.T(), dest.Id, ControllerName, + ConditionMeshProtocolDestinationPort(resource.ReferenceToString(suite.destService3Ref), "tcp")) } func (suite *controllerTestSuite) TestReconcile_StatusUpdate_ComputedRoutesNotFound() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest2). - Write(suite.T(), suite.client) - _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) - require.NoError(suite.T(), err) - - resourcetest.Resource(pbcatalog.ServiceType, suite.destService3Ref.Name). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Names: []string{suite.workloadRes.Id.Name}}, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "tcp", - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - }, - { - TargetPort: "mesh", - Protocol: pbcatalog.Protocol_PROTOCOL_MESH, - }, - }, - }). - Write(suite.T(), suite.client) + dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). + WithData(suite.T(), suite.dest2). + Write(suite.T(), suite.client) + _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) + require.NoError(suite.T(), err) - cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id + resourcetest.Resource(pbcatalog.ServiceType, suite.destService3Ref.Name). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{suite.workloadRes.Id.Name}}, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "tcp", + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + }, + { + TargetPort: "mesh", + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, + }, + }, + }). + Write(suite.T(), suite.client) - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) - require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), cdID) + cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). + Write(suite.T(), suite.client).Id - suite.client.RequireStatusCondition(suite.T(), dest.Id, ControllerName, - ConditionDestinationComputedRoutesNotFound(resource.ReferenceToString(suite.destService3Ref))) + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, }) + require.NoError(suite.T(), err) + suite.client.RequireResourceNotFound(suite.T(), cdID) + + suite.client.RequireStatusCondition(suite.T(), dest.Id, ControllerName, + ConditionDestinationComputedRoutesNotFound(resource.ReferenceToString(suite.destService3Ref))) } func (suite *controllerTestSuite) TestReconcile_StatusUpdate_ComputedRoutesPortNotFound() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest2). - Write(suite.T(), suite.client) - _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) - require.NoError(suite.T(), err) - - destService := resourcetest.Resource(pbcatalog.ServiceType, suite.destService3Ref.Name). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Names: []string{suite.workloadRes.Id.Name}}, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "tcp", - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - }, - { - TargetPort: "mesh", - Protocol: pbcatalog.Protocol_PROTOCOL_MESH, - }, + dest := resourcetest.Resource(pbmesh.DestinationsType, "dest"). + WithData(suite.T(), suite.dest2). + Write(suite.T(), suite.client) + _, err := suite.ctl.mapper.MapDestinations(suite.ctx, suite.runtime, dest) + require.NoError(suite.T(), err) + + destService := resourcetest.Resource(pbcatalog.ServiceType, suite.destService3Ref.Name). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{suite.workloadRes.Id.Name}}, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "tcp", + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, }, - }). - Write(suite.T(), suite.client) + { + TargetPort: "mesh", + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, + }, + }, + }). + Write(suite.T(), suite.client) - resourcetest.Resource(pbmesh.ComputedRoutesType, destService.Id.Name). - WithTenancy(tenancy). - WithData(suite.T(), &pbmesh.ComputedRoutes{ - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "some-other-port": { - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{}, - }, + resourcetest.Resource(pbmesh.ComputedRoutesType, destService.Id.Name). + WithData(suite.T(), &pbmesh.ComputedRoutes{ + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "some-other-port": { + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{}, }, }, - }). - Write(suite.T(), suite.client) - - cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id + }, + }). + Write(suite.T(), suite.client) - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cdID, - }) - require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), cdID) + cdID := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id.Name). + Write(suite.T(), suite.client).Id - suite.client.RequireStatusCondition(suite.T(), dest.Id, ControllerName, - ConditionDestinationComputedRoutesPortNotFound(resource.ReferenceToString(suite.destService3Ref), "tcp")) + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cdID, }) + require.NoError(suite.T(), err) + suite.client.RequireResourceNotFound(suite.T(), cdID) + + suite.client.RequireStatusCondition(suite.T(), dest.Id, ControllerName, + ConditionDestinationComputedRoutesPortNotFound(resource.ReferenceToString(suite.destService3Ref), "tcp")) } func (suite *controllerTestSuite) TestController() { @@ -821,113 +730,106 @@ func (suite *controllerTestSuite) TestController() { mgr.SetRaftLeader(true) go mgr.Run(suite.ctx) - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - cdID := resource.ReplaceType(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id) + cdID := resource.ReplaceType(pbmesh.ComputedExplicitDestinationsType, suite.workloadRes.Id) - dest1 := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest1). - Write(suite.T(), suite.client) + dest1 := resourcetest.Resource(pbmesh.DestinationsType, "dest1"). + WithData(suite.T(), suite.dest1). + Write(suite.T(), suite.client) - // At this point, none of the services or routes yet exist and so we should see the status of the destinations - // resource to reflect that. The CED resource should not be created in this case. - testutil.RunStep(suite.T(), "check that destinations status is updated", func(t *testing.T) { - retry.Run(t, func(r *retry.R) { - serviceRef := resource.IDToString(suite.destService1.Id) - suite.client.WaitForStatusCondition(r, dest1.Id, ControllerName, ConditionDestinationServiceNotFound(serviceRef)) + // At this point, none of the services or routes yet exist and so we should see the status of the destinations + // resource to reflect that. The CED resource should not be created in this case. + testutil.RunStep(suite.T(), "check that destinations status is updated", func(t *testing.T) { + retry.Run(t, func(r *retry.R) { + serviceRef := resource.IDToString(suite.destService1.Id) + suite.client.WaitForStatusCondition(r, dest1.Id, ControllerName, ConditionDestinationServiceNotFound(serviceRef)) - suite.client.RequireResourceNotFound(r, cdID) - }) + suite.client.RequireResourceNotFound(r, cdID) }) + }) - dest2 := resourcetest.Resource(pbmesh.DestinationsType, "dest2"). - WithTenancy(tenancy). - WithData(suite.T(), suite.dest2). - Write(suite.T(), suite.client) + dest2 := resourcetest.Resource(pbmesh.DestinationsType, "dest2"). + WithData(suite.T(), suite.dest2). + Write(suite.T(), suite.client) - suite.writeServices(suite.T(), tenancy) + suite.writeServices(suite.T()) - // After we write services, we expect another reconciliation to be kicked off to validate and find that there are no computed routes. - testutil.RunStep(suite.T(), "check that destinations status says that there are no computed routes", func(t *testing.T) { - retry.Run(t, func(r *retry.R) { - suite.client.WaitForStatusCondition(r, dest1.Id, ControllerName, - ConditionDestinationComputedRoutesNotFound(resource.IDToString(suite.destService1.Id))) - suite.client.WaitForStatusCondition(r, dest2.Id, ControllerName, - ConditionDestinationComputedRoutesNotFound(resource.IDToString(suite.destService3.Id))) + // After we write services, we expect another reconciliation to be kicked off to validate and find that there are no computed routes. + testutil.RunStep(suite.T(), "check that destinations status says that there are no computed routes", func(t *testing.T) { + retry.Run(t, func(r *retry.R) { + suite.client.WaitForStatusCondition(r, dest1.Id, ControllerName, + ConditionDestinationComputedRoutesNotFound(resource.IDToString(suite.destService1.Id))) + suite.client.WaitForStatusCondition(r, dest2.Id, ControllerName, + ConditionDestinationComputedRoutesNotFound(resource.IDToString(suite.destService3.Id))) - suite.client.RequireResourceNotFound(r, cdID) - }) + suite.client.RequireResourceNotFound(r, cdID) }) + }) - // Now write computed routes to get a computed resource. - suite.writeComputedRoutes(suite.T(), tenancy) + // Now write computed routes to get a computed resource. + suite.writeComputedRoutes(suite.T()) - testutil.RunStep(suite.T(), "computed destinations generation", func(t *testing.T) { - retry.Run(t, func(r *retry.R) { - suite.client.RequireResourceExists(r, cdID) - suite.requireComputedDestinations(r, cdID) - }) + testutil.RunStep(suite.T(), "computed destinations generation", func(t *testing.T) { + retry.Run(t, func(r *retry.R) { + suite.client.RequireResourceExists(r, cdID) + suite.requireComputedDestinations(r, cdID) }) + }) + + testutil.RunStep(suite.T(), "add another workload", func(t *testing.T) { + // Create another workload that will match only dest2. + matchingWorkload := resourcetest.Resource(pbcatalog.WorkloadType, "test-extra-workload"). + WithData(t, suite.workload). + Write(t, suite.client) + matchingWorkloadCDID := resource.ReplaceType(pbmesh.ComputedExplicitDestinationsType, matchingWorkload.Id) + + retry.Run(t, func(r *retry.R) { + suite.client.RequireResourceExists(r, cdID) + suite.requireComputedDestinations(r, cdID) - testutil.RunStep(suite.T(), "add another workload", func(t *testing.T) { - // Create another workload that will match only dest2. - matchingWorkload := resourcetest.Resource(pbcatalog.WorkloadType, "test-extra-workload"). - WithTenancy(tenancy). - WithData(t, suite.workload). - Write(t, suite.client) - matchingWorkloadCDID := resource.ReplaceType(pbmesh.ComputedExplicitDestinationsType, matchingWorkload.Id) - - retry.Run(t, func(r *retry.R) { - suite.client.RequireResourceExists(r, cdID) - suite.requireComputedDestinations(r, cdID) - - matchingWorkloadCD := suite.client.RequireResourceExists(r, matchingWorkloadCDID) - dec := resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](r, matchingWorkloadCD) - prototest.AssertDeepEqual(r, suite.dest2.GetDestinations(), dec.GetData().GetDestinations()) - }) + matchingWorkloadCD := suite.client.RequireResourceExists(r, matchingWorkloadCDID) + dec := resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](r, matchingWorkloadCD) + prototest.AssertDeepEqual(r, suite.dest2.GetDestinations(), dec.GetData().GetDestinations()) }) + }) + + testutil.RunStep(suite.T(), "update workload selector", func(t *testing.T) { + // Update workload selector to no point to some non-existing workload + updatedDestinations := proto.Clone(suite.dest2).(*pbmesh.Destinations) + updatedDestinations.Workloads = &pbcatalog.WorkloadSelector{ + Names: []string{"other-workload"}, + } - testutil.RunStep(suite.T(), "update workload selector", func(t *testing.T) { - // Update workload selector to no point to some non-existing workload - updatedDestinations := proto.Clone(suite.dest2).(*pbmesh.Destinations) - updatedDestinations.Workloads = &pbcatalog.WorkloadSelector{ - Names: []string{"other-workload"}, + matchingWorkload := resourcetest.Resource(pbcatalog.WorkloadType, "other-workload"). + WithData(t, suite.workload). + Write(t, suite.client) + matchingWorkloadCDID := resource.ReplaceType(pbmesh.ComputedExplicitDestinationsType, matchingWorkload.Id) + resourcetest.Resource(pbmesh.DestinationsType, "dest2"). + WithData(suite.T(), updatedDestinations). + Write(suite.T(), suite.client) + + retry.Run(t, func(r *retry.R) { + res := suite.client.RequireResourceExists(r, cdID) + + // The "test-workload" computed destinations should now be updated to use only proxy dest1. + expDest := &pbmesh.ComputedExplicitDestinations{ + Destinations: suite.dest1.Destinations, } + dec := resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, res) + prototest.AssertDeepEqual(r, expDest.GetDestinations(), dec.GetData().GetDestinations()) - matchingWorkload := resourcetest.Resource(pbcatalog.WorkloadType, "other-workload"). - WithData(t, suite.workload). - WithTenancy(tenancy). - Write(t, suite.client) - matchingWorkloadCDID := resource.ReplaceType(pbmesh.ComputedExplicitDestinationsType, matchingWorkload.Id) - resourcetest.Resource(pbmesh.DestinationsType, "dest2"). - WithTenancy(tenancy). - WithData(suite.T(), updatedDestinations). - Write(suite.T(), suite.client) - - retry.Run(t, func(r *retry.R) { - res := suite.client.RequireResourceExists(r, cdID) - - // The "test-workload" computed destinations should now be updated to use only proxy dest1. - expDest := &pbmesh.ComputedExplicitDestinations{ - Destinations: suite.dest1.Destinations, - } - dec := resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](r, res) - prototest.AssertDeepEqual(r, expDest.GetDestinations(), dec.GetData().GetDestinations()) - - matchingWorkloadCD := suite.client.RequireResourceExists(r, matchingWorkloadCDID) - dec = resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](r, matchingWorkloadCD) - prototest.AssertDeepEqual(r, suite.dest2.GetDestinations(), dec.GetData().GetDestinations()) - }) + matchingWorkloadCD := suite.client.RequireResourceExists(r, matchingWorkloadCDID) + dec = resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](r, matchingWorkloadCD) + prototest.AssertDeepEqual(r, suite.dest2.GetDestinations(), dec.GetData().GetDestinations()) }) + }) - // Delete all destinations. - suite.client.MustDelete(suite.T(), dest1.Id) - suite.client.MustDelete(suite.T(), dest2.Id) + // Delete all destinations. + suite.client.MustDelete(suite.T(), dest1.Id) + suite.client.MustDelete(suite.T(), dest2.Id) - testutil.RunStep(suite.T(), "all destinations are deleted", func(t *testing.T) { - retry.Run(t, func(r *retry.R) { - suite.client.RequireResourceNotFound(r, cdID) - }) + testutil.RunStep(suite.T(), "all destinations are deleted", func(t *testing.T) { + retry.Run(t, func(r *retry.R) { + suite.client.RequireResourceNotFound(r, cdID) }) }) } @@ -942,16 +844,3 @@ func (suite *controllerTestSuite) requireComputedDestinations(t resourcetest.T, prototest.AssertElementsMatch(t, suite.expComputedDest.GetDestinations(), decCD.Data.GetDestinations()) resourcetest.RequireOwner(t, cdRes, resource.ReplaceType(pbcatalog.WorkloadType, id), true) } - -func (suite *controllerTestSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) -} - -func (suite *controllerTestSuite) runTestCaseWithTenancies(t func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - suite.setupWithTenancy(tenancy) - t(tenancy) - }) - } -} diff --git a/internal/mesh/internal/controllers/meshconfiguration/controller.go b/internal/mesh/internal/controllers/meshconfiguration/controller.go deleted file mode 100644 index 93c0cb0d5f0db..0000000000000 --- a/internal/mesh/internal/controllers/meshconfiguration/controller.go +++ /dev/null @@ -1,29 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package meshconfiguration - -import ( - "context" - "errors" - - "github.com/hashicorp/consul/internal/controller" - pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" -) - -// Controller instantiates a new Controller for managing MeshConfiguration resources. -func Controller() controller.Controller { - r := &reconciler{} - - return controller.ForType(pbmesh.MeshConfigurationType).WithReconciler(r) -} - -// reconciler implements the Reconciler interface to modify runtime state based -// on requests passed into it. -type reconciler struct{} - -// Reconcile takes in the current controller request and updates the runtime state based on -// the request received. -func (r *reconciler) Reconcile(ctx context.Context, rt controller.Runtime, req controller.Request) error { - return errors.New("not implemented") -} diff --git a/internal/mesh/internal/controllers/meshconfiguration/controller_test.go b/internal/mesh/internal/controllers/meshconfiguration/controller_test.go deleted file mode 100644 index 900d654cbc37a..0000000000000 --- a/internal/mesh/internal/controllers/meshconfiguration/controller_test.go +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package meshconfiguration - -import ( - "context" - "github.com/hashicorp/consul/internal/controller" - "github.com/stretchr/testify/require" - "testing" -) - -// TestReconciliation ensures that the Reconcile method for the Controller -// correctly updates the runtime state based on the given request. -func TestReconcile(t *testing.T) { - // This test should be continually updated as we build out the MeshConfiguration controller. - // At time of writing, it simply returns a not-implemented error. - - ctx := context.Background() - rt := controller.Runtime{ - Client: nil, - Logger: nil, - } - req := controller.Request{} - - rec := reconciler{} - - err := rec.Reconcile(ctx, rt, req) - require.Error(t, err) -} diff --git a/internal/mesh/internal/controllers/meshgateways/controller.go b/internal/mesh/internal/controllers/meshgateways/controller.go deleted file mode 100644 index 76cd44748cfec..0000000000000 --- a/internal/mesh/internal/controllers/meshgateways/controller.go +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package meshgateways - -import ( - "context" - "errors" - - "github.com/hashicorp/consul/internal/controller" - pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" -) - -func Controller() controller.Controller { - r := &reconciler{} - - return controller.ForType(pbmesh.MeshGatewayType). - WithReconciler(r) -} - -type reconciler struct{} - -func (r *reconciler) Reconcile(ctx context.Context, rt controller.Runtime, req controller.Request) error { - // TODO NET-6426, NET-6427, NET-6428, NET-6429, NET-6430, NET-6431, NET-6432 - return errors.New("not implemented") -} diff --git a/internal/mesh/internal/controllers/proxyconfiguration/controller_test.go b/internal/mesh/internal/controllers/proxyconfiguration/controller_test.go index 425a23dd987a8..554f57ab5a068 100644 --- a/internal/mesh/internal/controllers/proxyconfiguration/controller_test.go +++ b/internal/mesh/internal/controllers/proxyconfiguration/controller_test.go @@ -5,7 +5,6 @@ package proxyconfiguration import ( "context" - "fmt" "testing" "time" @@ -47,16 +46,10 @@ type controllerTestSuite struct { proxyCfg3 *pbmesh.ProxyConfiguration expComputedProxyCfg *pbmesh.ComputedProxyConfiguration - - tenancies []*pbresource.Tenancy } func (suite *controllerTestSuite) SetupTest() { - suite.tenancies = resourcetest.TestTenancies() - resourceClient := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - WithTenancies(suite.tenancies...). - Run(suite.T()) + resourceClient := svctest.RunResourceService(suite.T(), types.Register, catalog.RegisterTypes) suite.client = resourcetest.NewClient(resourceClient) suite.runtime = controller.Runtime{Client: resourceClient, Logger: testutil.Logger(suite.T())} suite.ctx = testutil.TestContext(suite.T()) @@ -64,223 +57,7 @@ func (suite *controllerTestSuite) SetupTest() { suite.ctl = &reconciler{ proxyConfigMapper: workloadselectionmapper.New[*pbmesh.ProxyConfiguration](pbmesh.ComputedProxyConfigurationType), } -} - -func (suite *controllerTestSuite) TestReconcile_NoWorkload() { - // This test ensures that removed workloads are ignored and don't result - // in the creation of the proxy state template. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - id := resourcetest.Resource(pbmesh.ComputedProxyConfigurationType, "not-found").WithTenancy(tenancy).ID() - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: id, - }) - require.NoError(suite.T(), err) - - suite.client.RequireResourceNotFound(suite.T(), id) - }) -} - -func (suite *controllerTestSuite) TestReconcile_NonMeshWorkload() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - resourcetest.Resource(pbcatalog.WorkloadType, "non-mesh"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{{Host: "1.1.1.1"}}, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - }, - }). - Write(suite.T(), suite.client) - - cpcID := resourcetest.Resource(pbmesh.ComputedProxyConfigurationType, "non-mesh"). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id - - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cpcID, - }) - require.NoError(suite.T(), err) - - suite.client.RequireResourceNotFound(suite.T(), cpcID) - }) -} -func (suite *controllerTestSuite) TestReconcile_HappyPath() { - // Write all three proxy cfgs. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - pCfg1 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg1"). - WithTenancy(tenancy). - WithData(suite.T(), suite.proxyCfg1). - Write(suite.T(), suite.client) - _, err := suite.ctl.proxyConfigMapper.MapToComputedType(suite.ctx, suite.runtime, pCfg1) - require.NoError(suite.T(), err) - - pCfg2 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg2"). - WithTenancy(tenancy). - WithData(suite.T(), suite.proxyCfg2). - Write(suite.T(), suite.client) - _, err = suite.ctl.proxyConfigMapper.MapToComputedType(suite.ctx, suite.runtime, pCfg2) - require.NoError(suite.T(), err) - - pCfg3 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg3"). - WithTenancy(tenancy). - WithData(suite.T(), suite.proxyCfg3). - Write(suite.T(), suite.client) - _, err = suite.ctl.proxyConfigMapper.MapToComputedType(suite.ctx, suite.runtime, pCfg3) - require.NoError(suite.T(), err) - - cpcID := resource.ReplaceType(pbmesh.ComputedProxyConfigurationType, suite.workloadRes.Id) - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cpcID, - }) - - require.NoError(suite.T(), err) - - suite.requireComputedProxyConfiguration(suite.T(), cpcID) - }) -} - -func (suite *controllerTestSuite) TestReconcile_NoProxyConfigs() { - // Create a proxy cfg and map it so that it gets saved to cache. - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - pCfg1 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg1"). - WithTenancy(tenancy). - WithData(suite.T(), suite.proxyCfg1). - Build() - _, err := suite.ctl.proxyConfigMapper.MapToComputedType(suite.ctx, suite.runtime, pCfg1) - require.NoError(suite.T(), err) - - cpcID := resourcetest.Resource(pbmesh.ComputedProxyConfigurationType, suite.workloadRes.Id.Name). - WithTenancy(tenancy). - Write(suite.T(), suite.client).Id - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: cpcID, - }) - - require.NoError(suite.T(), err) - - suite.client.RequireResourceNotFound(suite.T(), cpcID) - }) -} - -func (suite *controllerTestSuite) TestController() { - // Run the controller manager - mgr := controller.NewManager(suite.client, suite.runtime.Logger) - - m := workloadselectionmapper.New[*pbmesh.ProxyConfiguration](pbmesh.ComputedProxyConfigurationType) - mgr.Register(Controller(m)) - mgr.SetRaftLeader(true) - go mgr.Run(suite.ctx) - - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Write proxy configs. - pCfg1 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg1"). - WithTenancy(tenancy). - WithData(suite.T(), suite.proxyCfg1). - Write(suite.T(), suite.client) - - pCfg2 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg2"). - WithTenancy(tenancy). - WithData(suite.T(), suite.proxyCfg2). - Write(suite.T(), suite.client) - - pCfg3 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg3"). - WithTenancy(tenancy). - WithData(suite.T(), suite.proxyCfg3). - Write(suite.T(), suite.client) - - cpcID := resource.ReplaceType(pbmesh.ComputedProxyConfigurationType, suite.workloadRes.Id) - testutil.RunStep(suite.T(), "computed proxy config generation", func(t *testing.T) { - retry.Run(t, func(r *retry.R) { - suite.client.RequireResourceExists(r, cpcID) - suite.requireComputedProxyConfiguration(r, cpcID) - }) - }) - - testutil.RunStep(suite.T(), "add another workload", func(t *testing.T) { - // Create another workload that will match only proxyCfg2. - matchingWorkload := resourcetest.Resource(pbcatalog.WorkloadType, "test-extra-workload").WithTenancy(tenancy). - WithData(t, suite.workload). - Write(t, suite.client) - matchingWorkloadCPCID := resource.ReplaceType(pbmesh.ComputedProxyConfigurationType, matchingWorkload.Id) - - retry.Run(t, func(r *retry.R) { - suite.client.RequireResourceExists(r, cpcID) - suite.requireComputedProxyConfiguration(r, cpcID) - - matchingWorkloadCPC := suite.client.RequireResourceExists(r, matchingWorkloadCPCID) - dec := resourcetest.MustDecode[*pbmesh.ComputedProxyConfiguration](r, matchingWorkloadCPC) - prototest.AssertDeepEqual(r, suite.proxyCfg2.GetDynamicConfig(), dec.GetData().GetDynamicConfig()) - prototest.AssertDeepEqual(r, suite.proxyCfg2.GetBootstrapConfig(), dec.GetData().GetBootstrapConfig()) - }) - }) - - testutil.RunStep(suite.T(), "update proxy config selector", func(t *testing.T) { - // Update proxy config selector to no longer select "test-workload" - updatedProxyCfg := proto.Clone(suite.proxyCfg2).(*pbmesh.ProxyConfiguration) - updatedProxyCfg.Workloads = &pbcatalog.WorkloadSelector{ - Names: []string{"test-extra-workload"}, - } - - matchingWorkload := resourcetest.Resource(pbcatalog.WorkloadType, "test-extra-workload"). - WithTenancy(tenancy). - WithData(t, suite.workload). - Write(t, suite.client) - matchingWorkloadCPCID := resource.ReplaceType(pbmesh.ComputedProxyConfigurationType, matchingWorkload.Id) - resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg2"). - WithTenancy(tenancy). - WithData(suite.T(), updatedProxyCfg). - Write(suite.T(), suite.client) - - retry.Run(t, func(r *retry.R) { - res := suite.client.RequireResourceExists(r, cpcID) - - // The "test-workload" computed proxy configurations should now be updated to use only proxy cfg 1 and 3. - expProxyCfg := &pbmesh.ComputedProxyConfiguration{ - DynamicConfig: &pbmesh.DynamicConfig{ - Mode: pbmesh.ProxyMode_PROXY_MODE_TRANSPARENT, - TransparentProxy: &pbmesh.TransparentProxy{OutboundListenerPort: iptables.DefaultTProxyOutboundPort}, - }, - BootstrapConfig: &pbmesh.BootstrapConfig{ - PrometheusBindAddr: "0.0.0.0:9000", - }, - } - dec := resourcetest.MustDecode[*pbmesh.ComputedProxyConfiguration](r, res) - prototest.AssertDeepEqual(r, expProxyCfg.GetDynamicConfig(), dec.GetData().GetDynamicConfig()) - prototest.AssertDeepEqual(r, expProxyCfg.GetBootstrapConfig(), dec.GetData().GetBootstrapConfig()) - - matchingWorkloadCPC := suite.client.RequireResourceExists(r, matchingWorkloadCPCID) - dec = resourcetest.MustDecode[*pbmesh.ComputedProxyConfiguration](r, matchingWorkloadCPC) - prototest.AssertDeepEqual(r, suite.proxyCfg2.GetDynamicConfig(), dec.GetData().GetDynamicConfig()) - prototest.AssertDeepEqual(r, suite.proxyCfg2.GetBootstrapConfig(), dec.GetData().GetBootstrapConfig()) - }) - }) - - // Delete all proxy cfgs. - suite.client.MustDelete(suite.T(), pCfg1.Id) - suite.client.MustDelete(suite.T(), pCfg2.Id) - suite.client.MustDelete(suite.T(), pCfg3.Id) - - testutil.RunStep(suite.T(), "all proxy configs are deleted", func(t *testing.T) { - retry.Run(t, func(r *retry.R) { - suite.client.RequireResourceNotFound(r, cpcID) - }) - }) - }) -} - -func TestControllerSuite(t *testing.T) { - suite.Run(t, new(controllerTestSuite)) -} - -func (suite *controllerTestSuite) requireComputedProxyConfiguration(t resourcetest.T, id *pbresource.ID) { - cpcRes := suite.client.RequireResourceExists(t, id) - decCPC := resourcetest.MustDecode[*pbmesh.ComputedProxyConfiguration](t, cpcRes) - prototest.AssertDeepEqual(t, suite.expComputedProxyCfg, decCPC.Data) - resourcetest.RequireOwner(t, cpcRes, resource.ReplaceType(pbcatalog.WorkloadType, id), true) -} - -func (suite *controllerTestSuite) setupResourcesWithTenancy(tenancy *pbresource.Tenancy) { suite.workload = &pbcatalog.Workload{ Addresses: []*pbcatalog.WorkloadAddress{{Host: "1.1.1.1"}}, Ports: map[string]*pbcatalog.WorkloadPort{ @@ -292,7 +69,6 @@ func (suite *controllerTestSuite) setupResourcesWithTenancy(tenancy *pbresource. suite.workloadRes = resourcetest.Resource(pbcatalog.WorkloadType, "test-workload"). WithData(suite.T(), suite.workload). - WithTenancy(tenancy). Write(suite.T(), suite.client) suite.proxyCfg1 = &pbmesh.ProxyConfiguration{ @@ -339,20 +115,194 @@ func (suite *controllerTestSuite) setupResourcesWithTenancy(tenancy *pbresource. } } -func (suite *controllerTestSuite) cleanupResources() { - suite.client.MustDelete(suite.T(), suite.workloadRes.Id) +func (suite *controllerTestSuite) TestReconcile_NoWorkload() { + // This test ensures that removed workloads are ignored and don't result + // in the creation of the proxy state template. + id := resourcetest.Resource(pbmesh.ComputedProxyConfigurationType, "not-found").ID() + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: id, + }) + require.NoError(suite.T(), err) + + suite.client.RequireResourceNotFound(suite.T(), id) +} + +func (suite *controllerTestSuite) TestReconcile_NonMeshWorkload() { + resourcetest.Resource(pbcatalog.WorkloadType, "non-mesh"). + WithData(suite.T(), &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{{Host: "1.1.1.1"}}, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + }, + }). + Write(suite.T(), suite.client) + + cpcID := resourcetest.Resource(pbmesh.ComputedProxyConfigurationType, "non-mesh"). + Write(suite.T(), suite.client).Id + + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cpcID, + }) + require.NoError(suite.T(), err) + + suite.client.RequireResourceNotFound(suite.T(), cpcID) } -func (suite *controllerTestSuite) runTestCaseWithTenancies(testFunc func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - suite.setupResourcesWithTenancy(tenancy) - testFunc(tenancy) - suite.T().Cleanup(suite.cleanupResources) +func (suite *controllerTestSuite) TestReconcile_HappyPath() { + // Write all three proxy cfgs. + pCfg1 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg1"). + WithData(suite.T(), suite.proxyCfg1). + Write(suite.T(), suite.client) + _, err := suite.ctl.proxyConfigMapper.MapToComputedType(suite.ctx, suite.runtime, pCfg1) + require.NoError(suite.T(), err) + + pCfg2 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg2"). + WithData(suite.T(), suite.proxyCfg2). + Write(suite.T(), suite.client) + _, err = suite.ctl.proxyConfigMapper.MapToComputedType(suite.ctx, suite.runtime, pCfg2) + require.NoError(suite.T(), err) + + pCfg3 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg3"). + WithData(suite.T(), suite.proxyCfg3). + Write(suite.T(), suite.client) + _, err = suite.ctl.proxyConfigMapper.MapToComputedType(suite.ctx, suite.runtime, pCfg3) + require.NoError(suite.T(), err) + + cpcID := resource.ReplaceType(pbmesh.ComputedProxyConfigurationType, suite.workloadRes.Id) + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cpcID, + }) + + require.NoError(suite.T(), err) + + suite.requireComputedProxyConfiguration(suite.T(), cpcID) +} + +func (suite *controllerTestSuite) TestReconcile_NoProxyConfigs() { + // Create a proxy cfg and map it so that it gets saved to cache. + pCfg1 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg1"). + WithData(suite.T(), suite.proxyCfg1). + Build() + _, err := suite.ctl.proxyConfigMapper.MapToComputedType(suite.ctx, suite.runtime, pCfg1) + require.NoError(suite.T(), err) + + cpcID := resourcetest.Resource(pbmesh.ComputedProxyConfigurationType, suite.workloadRes.Id.Name). + Write(suite.T(), suite.client).Id + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: cpcID, + }) + + require.NoError(suite.T(), err) + + suite.client.RequireResourceNotFound(suite.T(), cpcID) +} + +func (suite *controllerTestSuite) TestController() { + // Run the controller manager + mgr := controller.NewManager(suite.client, suite.runtime.Logger) + + m := workloadselectionmapper.New[*pbmesh.ProxyConfiguration](pbmesh.ComputedProxyConfigurationType) + mgr.Register(Controller(m)) + mgr.SetRaftLeader(true) + go mgr.Run(suite.ctx) + + // Write proxy configs. + pCfg1 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg1"). + WithData(suite.T(), suite.proxyCfg1). + Write(suite.T(), suite.client) + + pCfg2 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg2"). + WithData(suite.T(), suite.proxyCfg2). + Write(suite.T(), suite.client) + + pCfg3 := resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg3"). + WithData(suite.T(), suite.proxyCfg3). + Write(suite.T(), suite.client) + + cpcID := resource.ReplaceType(pbmesh.ComputedProxyConfigurationType, suite.workloadRes.Id) + testutil.RunStep(suite.T(), "computed proxy config generation", func(t *testing.T) { + retry.Run(t, func(r *retry.R) { + suite.client.RequireResourceExists(r, cpcID) + suite.requireComputedProxyConfiguration(r, cpcID) }) - } + }) + + testutil.RunStep(suite.T(), "add another workload", func(t *testing.T) { + // Create another workload that will match only proxyCfg2. + matchingWorkload := resourcetest.Resource(pbcatalog.WorkloadType, "test-extra-workload"). + WithData(t, suite.workload). + Write(t, suite.client) + matchingWorkloadCPCID := resource.ReplaceType(pbmesh.ComputedProxyConfigurationType, matchingWorkload.Id) + + retry.Run(t, func(r *retry.R) { + suite.client.RequireResourceExists(r, cpcID) + suite.requireComputedProxyConfiguration(r, cpcID) + + matchingWorkloadCPC := suite.client.RequireResourceExists(r, matchingWorkloadCPCID) + dec := resourcetest.MustDecode[*pbmesh.ComputedProxyConfiguration](r, matchingWorkloadCPC) + prototest.AssertDeepEqual(r, suite.proxyCfg2.GetDynamicConfig(), dec.GetData().GetDynamicConfig()) + prototest.AssertDeepEqual(r, suite.proxyCfg2.GetBootstrapConfig(), dec.GetData().GetBootstrapConfig()) + }) + }) + + testutil.RunStep(suite.T(), "update proxy config selector", func(t *testing.T) { + // Update proxy config selector to no longer select "test-workload" + updatedProxyCfg := proto.Clone(suite.proxyCfg2).(*pbmesh.ProxyConfiguration) + updatedProxyCfg.Workloads = &pbcatalog.WorkloadSelector{ + Names: []string{"test-extra-workload"}, + } + + matchingWorkload := resourcetest.Resource(pbcatalog.WorkloadType, "test-extra-workload"). + WithData(t, suite.workload). + Write(t, suite.client) + matchingWorkloadCPCID := resource.ReplaceType(pbmesh.ComputedProxyConfigurationType, matchingWorkload.Id) + resourcetest.Resource(pbmesh.ProxyConfigurationType, "cfg2"). + WithData(suite.T(), updatedProxyCfg). + Write(suite.T(), suite.client) + + retry.Run(t, func(r *retry.R) { + res := suite.client.RequireResourceExists(r, cpcID) + + // The "test-workload" computed proxy configurations should now be updated to use only proxy cfg 1 and 3. + expProxyCfg := &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{ + Mode: pbmesh.ProxyMode_PROXY_MODE_TRANSPARENT, + TransparentProxy: &pbmesh.TransparentProxy{OutboundListenerPort: iptables.DefaultTProxyOutboundPort}, + }, + BootstrapConfig: &pbmesh.BootstrapConfig{ + PrometheusBindAddr: "0.0.0.0:9000", + }, + } + dec := resourcetest.MustDecode[*pbmesh.ComputedProxyConfiguration](t, res) + prototest.AssertDeepEqual(r, expProxyCfg.GetDynamicConfig(), dec.GetData().GetDynamicConfig()) + prototest.AssertDeepEqual(r, expProxyCfg.GetBootstrapConfig(), dec.GetData().GetBootstrapConfig()) + + matchingWorkloadCPC := suite.client.RequireResourceExists(r, matchingWorkloadCPCID) + dec = resourcetest.MustDecode[*pbmesh.ComputedProxyConfiguration](r, matchingWorkloadCPC) + prototest.AssertDeepEqual(r, suite.proxyCfg2.GetDynamicConfig(), dec.GetData().GetDynamicConfig()) + prototest.AssertDeepEqual(r, suite.proxyCfg2.GetBootstrapConfig(), dec.GetData().GetBootstrapConfig()) + }) + }) + + // Delete all proxy cfgs. + suite.client.MustDelete(suite.T(), pCfg1.Id) + suite.client.MustDelete(suite.T(), pCfg2.Id) + suite.client.MustDelete(suite.T(), pCfg3.Id) + + testutil.RunStep(suite.T(), "all proxy configs are deleted", func(t *testing.T) { + retry.Run(t, func(r *retry.R) { + suite.client.RequireResourceNotFound(r, cpcID) + }) + }) } -func (suite *controllerTestSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) +func TestControllerSuite(t *testing.T) { + suite.Run(t, new(controllerTestSuite)) +} + +func (suite *controllerTestSuite) requireComputedProxyConfiguration(t resourcetest.T, id *pbresource.ID) { + cpcRes := suite.client.RequireResourceExists(t, id) + decCPC := resourcetest.MustDecode[*pbmesh.ComputedProxyConfiguration](t, cpcRes) + prototest.AssertDeepEqual(t, suite.expComputedProxyCfg, decCPC.Data) + resourcetest.RequireOwner(t, cpcRes, resource.ReplaceType(pbcatalog.WorkloadType, id), true) } diff --git a/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go b/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go index 4345443b18505..1fbf8254ee609 100644 --- a/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go +++ b/internal/mesh/internal/controllers/proxyconfiguration/sort_test.go @@ -94,9 +94,7 @@ func TestSortProxyConfigurations(t *testing.T) { for name, c := range cases { t.Run(name, func(t *testing.T) { - resourceClient := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register). - Run(t) + resourceClient := svctest.RunResourceService(t, types.Register) var decProxyCfgs []*types.DecodedProxyConfiguration for i, ws := range c.selectors { diff --git a/internal/mesh/internal/controllers/register.go b/internal/mesh/internal/controllers/register.go index 2416c5615fd23..fec92dba1b304 100644 --- a/internal/mesh/internal/controllers/register.go +++ b/internal/mesh/internal/controllers/register.go @@ -5,13 +5,11 @@ package controllers import ( "context" - "github.com/hashicorp/consul/internal/mesh/internal/controllers/meshconfiguration" "github.com/hashicorp/consul/agent/leafcert" "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/mesh/internal/controllers/explicitdestinations" "github.com/hashicorp/consul/internal/mesh/internal/controllers/explicitdestinations/mapper" - "github.com/hashicorp/consul/internal/mesh/internal/controllers/meshgateways" "github.com/hashicorp/consul/internal/mesh/internal/controllers/proxyconfiguration" "github.com/hashicorp/consul/internal/mesh/internal/controllers/routes" "github.com/hashicorp/consul/internal/mesh/internal/controllers/sidecarproxy" @@ -50,7 +48,4 @@ func Register(mgr *controller.Manager, deps Dependencies) { mgr.Register(proxyconfiguration.Controller(workloadselectionmapper.New[*pbmesh.ProxyConfiguration](pbmesh.ComputedProxyConfigurationType))) mgr.Register(explicitdestinations.Controller(mapper.New())) - - mgr.Register(meshgateways.Controller()) - mgr.Register(meshconfiguration.Controller()) } diff --git a/internal/mesh/internal/controllers/routes/controller_test.go b/internal/mesh/internal/controllers/routes/controller_test.go index e8cb1d64c2a57..653eac28ed153 100644 --- a/internal/mesh/internal/controllers/routes/controller_test.go +++ b/internal/mesh/internal/controllers/routes/controller_test.go @@ -28,20 +28,14 @@ import ( type controllerSuite struct { suite.Suite - ctx context.Context - client *rtest.Client - rt controller.Runtime - tenancies []*pbresource.Tenancy + ctx context.Context + client *rtest.Client + rt controller.Runtime } func (suite *controllerSuite) SetupTest() { suite.ctx = testutil.TestContext(suite.T()) - suite.tenancies = rtest.TestTenancies() - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - WithTenancies(suite.tenancies...). - Run(suite.T()) - + client := svctest.RunResourceService(suite.T(), types.Register, catalog.RegisterTypes) suite.rt = controller.Runtime{ Client: client, Logger: testutil.Logger(suite.T()), @@ -55,1271 +49,1252 @@ func (suite *controllerSuite) TestController() { mgr.SetRaftLeader(true) go mgr.Run(suite.ctx) - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { + backendName := func(name, port string) string { + return fmt.Sprintf("catalog.v2beta1.Service/default.local.default/%s?port=%s", name, port) + } - backendName := func(name, port string) string { - return fmt.Sprintf("catalog.v2beta1.Service/%s.local.%s/%s?port=%s", tenancy.Partition, tenancy.Namespace, name, port) - } + var ( + apiServiceRef = rtest.Resource(pbcatalog.ServiceType, "api"). + WithTenancy(resource.DefaultNamespacedTenancy()). + Reference("") + fooServiceRef = rtest.Resource(pbcatalog.ServiceType, "foo"). + WithTenancy(resource.DefaultNamespacedTenancy()). + Reference("") + barServiceRef = rtest.Resource(pbcatalog.ServiceType, "bar"). + WithTenancy(resource.DefaultNamespacedTenancy()). + Reference("") + + computedRoutesID = rtest.Resource(pbmesh.ComputedRoutesType, "api"). + WithTenancy(resource.DefaultNamespacedTenancy()). + ID() + ) + + // Start out by creating a single port service and let it create the + // default computed routes for tcp. + + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + // {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } - var ( - apiServiceRef = rtest.Resource(pbcatalog.ServiceType, "api"). - WithTenancy(tenancy). - Reference("") - fooServiceRef = rtest.Resource(pbcatalog.ServiceType, "foo"). - WithTenancy(tenancy). - Reference("") - barServiceRef = rtest.Resource(pbcatalog.ServiceType, "bar"). - WithTenancy(tenancy). - Reference("") - - computedRoutesID = rtest.Resource(pbmesh.ComputedRoutesType, "api"). - WithTenancy(tenancy). - ID() - ) - - // Start out by creating a single port service and let it create the - // default computed routes for tcp. - - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - // {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + _ = rtest.Resource(pbcatalog.ServiceType, "api"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), apiServiceData). + Write(suite.T(), suite.client) + + var lastVersion string + testutil.RunStep(suite.T(), "default tcp route", func(t *testing.T) { + // Check that the computed routes resource exists and it has one port that is the default. + expect := &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, }, - } - - _ = rtest.Resource(pbcatalog.ServiceType, "api"). - WithTenancy(tenancy). - WithData(suite.T(), apiServiceData). - Write(suite.T(), suite.client) - - var lastVersion string - testutil.RunStep(suite.T(), "default tcp route", func(t *testing.T) { - // Check that the computed routes resource exists and it has one port that is the default. - expect := &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "tcp": { - UsingDefaultConfig: true, - Config: &pbmesh.ComputedPortRoutes_Tcp{ - Tcp: &pbmesh.ComputedTCPRoute{ - Rules: []*pbmesh.ComputedTCPRouteRule{{ - BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ - BackendTarget: backendName("api", "tcp"), - }}, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "tcp": { + UsingDefaultConfig: true, + Config: &pbmesh.ComputedPortRoutes_Tcp{ + Tcp: &pbmesh.ComputedTCPRoute{ + Rules: []*pbmesh.ComputedTCPRouteRule{{ + BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ + BackendTarget: backendName("api", "tcp"), }}, - }, + }}, }, - ParentRef: newParentRef(apiServiceRef, "tcp"), - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "tcp"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "tcp", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "tcp"), + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "tcp"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "tcp", ""), + DestinationConfig: defaultDestConfig(), }, }, }, - } - - lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, "", expect) - }) - - // Let the default http/http2/grpc routes get created. - - apiServiceData = &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, }, } - _ = rtest.Resource(pbcatalog.ServiceType, "api"). - WithTenancy(tenancy). - WithData(suite.T(), apiServiceData). - Write(suite.T(), suite.client) + lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, "", expect) + }) - // also create the fooService so we can point to it. - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - }, - } + // Let the default http/http2/grpc routes get created. + + apiServiceData = &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + }, + } - fooService := rtest.Resource(pbcatalog.ServiceType, "foo"). - WithTenancy(tenancy). - WithData(suite.T(), fooServiceData). - Write(suite.T(), suite.client) + _ = rtest.Resource(pbcatalog.ServiceType, "api"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), apiServiceData). + Write(suite.T(), suite.client) + + // also create the fooService so we can point to it. + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + }, + } - testutil.RunStep(suite.T(), "default other routes", func(t *testing.T) { - expect := &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "tcp": { - UsingDefaultConfig: true, - Config: &pbmesh.ComputedPortRoutes_Tcp{ - Tcp: &pbmesh.ComputedTCPRoute{ - Rules: []*pbmesh.ComputedTCPRouteRule{{ - BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ - BackendTarget: backendName("api", "tcp"), - }}, + _ = rtest.Resource(pbcatalog.ServiceType, "foo"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), fooServiceData). + Write(suite.T(), suite.client) + + testutil.RunStep(suite.T(), "default other routes", func(t *testing.T) { + expect := &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "tcp": { + UsingDefaultConfig: true, + Config: &pbmesh.ComputedPortRoutes_Tcp{ + Tcp: &pbmesh.ComputedTCPRoute{ + Rules: []*pbmesh.ComputedTCPRouteRule{{ + BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ + BackendTarget: backendName("api", "tcp"), }}, - }, + }}, }, - ParentRef: newParentRef(apiServiceRef, "tcp"), - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "tcp"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "tcp", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "tcp"), + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "tcp"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "tcp", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http": { - UsingDefaultConfig: true, - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/", - }, - }}, - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("api", "http"), - }}, + }, + "http": { + UsingDefaultConfig: true, + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/", + }, }}, - }, + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("api", "http"), + }}, + }}, }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http2": { - UsingDefaultConfig: true, - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/", - }, - }}, - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("api", "http2"), - }}, + }, + "http2": { + UsingDefaultConfig: true, + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/", + }, }}, - }, + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("api", "http2"), + }}, + }}, }, - ParentRef: newParentRef(apiServiceRef, "http2"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "http2"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "http2", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http2"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "http2"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "http2", ""), + DestinationConfig: defaultDestConfig(), }, }, - "grpc": { - UsingDefaultConfig: true, - Config: &pbmesh.ComputedPortRoutes_Grpc{ - Grpc: &pbmesh.ComputedGRPCRoute{ - Rules: []*pbmesh.ComputedGRPCRouteRule{{ - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: backendName("api", "grpc"), - }}, + }, + "grpc": { + UsingDefaultConfig: true, + Config: &pbmesh.ComputedPortRoutes_Grpc{ + Grpc: &pbmesh.ComputedGRPCRoute{ + Rules: []*pbmesh.ComputedGRPCRouteRule{{ + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: backendName("api", "grpc"), }}, - }, + }}, }, - ParentRef: newParentRef(apiServiceRef, "grpc"), - Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "grpc"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "grpc", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "grpc"), + Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "grpc"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "grpc", ""), + DestinationConfig: defaultDestConfig(), }, }, }, - } + }, + } - lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, lastVersion, expect) - }) + lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, lastVersion, expect) + }) - // Customize each route type. + // Customize each route type. - tcpRoute1 := &pbmesh.TCPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "tcp"), - }, - Rules: []*pbmesh.TCPRouteRule{{ - BackendRefs: []*pbmesh.TCPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, + tcpRoute1 := &pbmesh.TCPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "tcp"), + }, + Rules: []*pbmesh.TCPRouteRule{{ + BackendRefs: []*pbmesh.TCPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), }}, - } - tcpRoute1ID := rtest.Resource(pbmesh.TCPRouteType, "api-tcp-route1"). - WithTenancy(tenancy). - WithData(suite.T(), tcpRoute1). - Write(suite.T(), suite.client). - Id - - httpRoute1 := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http2"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, + }}, + } + tcpRoute1ID := rtest.Resource(pbmesh.TCPRouteType, "api-tcp-route1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), tcpRoute1). + Write(suite.T(), suite.client). + Id + + httpRoute1 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http2"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), }}, - } - httpRoute1ID := rtest.Resource(pbmesh.HTTPRouteType, "api-http-route1"). - WithTenancy(tenancy). - WithData(suite.T(), httpRoute1). - Write(suite.T(), suite.client). - Id - - grpcRoute1 := &pbmesh.GRPCRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "grpc"), - }, - Rules: []*pbmesh.GRPCRouteRule{{ - BackendRefs: []*pbmesh.GRPCBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, + }}, + } + httpRoute1ID := rtest.Resource(pbmesh.HTTPRouteType, "api-http-route1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), httpRoute1). + Write(suite.T(), suite.client). + Id + + grpcRoute1 := &pbmesh.GRPCRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "grpc"), + }, + Rules: []*pbmesh.GRPCRouteRule{{ + BackendRefs: []*pbmesh.GRPCBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), }}, - } - grpcRoute1ID := rtest.Resource(pbmesh.GRPCRouteType, "api-grpc-route1"). - WithTenancy(tenancy). - WithData(suite.T(), grpcRoute1). - Write(suite.T(), suite.client). - Id - - testutil.RunStep(suite.T(), "one of each", func(t *testing.T) { - expect := &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - fooServiceRef, - resource.Reference(grpcRoute1ID, ""), - resource.Reference(httpRoute1ID, ""), - resource.Reference(tcpRoute1ID, ""), - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "tcp": { - Config: &pbmesh.ComputedPortRoutes_Tcp{ - Tcp: &pbmesh.ComputedTCPRoute{ - Rules: []*pbmesh.ComputedTCPRouteRule{{ - BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ - BackendTarget: backendName("foo", "tcp"), - }}, + }}, + } + grpcRoute1ID := rtest.Resource(pbmesh.GRPCRouteType, "api-grpc-route1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), grpcRoute1). + Write(suite.T(), suite.client). + Id + + testutil.RunStep(suite.T(), "one of each", func(t *testing.T) { + expect := &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + resource.Reference(grpcRoute1ID, ""), + resource.Reference(httpRoute1ID, ""), + resource.Reference(tcpRoute1ID, ""), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "tcp": { + Config: &pbmesh.ComputedPortRoutes_Tcp{ + Tcp: &pbmesh.ComputedTCPRoute{ + Rules: []*pbmesh.ComputedTCPRouteRule{{ + BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ + BackendTarget: backendName("foo", "tcp"), }}, - }, + }}, }, - ParentRef: newParentRef(apiServiceRef, "tcp"), - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "tcp"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "tcp", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "tcp"), + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "tcp"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "tcp", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), }, }, - "grpc": { - Config: &pbmesh.ComputedPortRoutes_Grpc{ - Grpc: &pbmesh.ComputedGRPCRoute{ - Rules: []*pbmesh.ComputedGRPCRouteRule{ - { - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: backendName("foo", "grpc"), - }}, - }, - { - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "grpc": { + Config: &pbmesh.ComputedPortRoutes_Grpc{ + Grpc: &pbmesh.ComputedGRPCRoute{ + Rules: []*pbmesh.ComputedGRPCRouteRule{ + { + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: backendName("foo", "grpc"), + }}, + }, + { + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "grpc"), - Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "grpc"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "grpc", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "grpc"), + Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "grpc"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "grpc", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http2": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http2"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "http2": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http2"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http2"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http2"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http2", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http2"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http2"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http2", ""), + DestinationConfig: defaultDestConfig(), }, }, }, - } + }, + } - lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, lastVersion, expect) + lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, lastVersion, expect) - suite.client.WaitForStatusCondition(t, tcpRoute1ID, StatusKey, ConditionXRouteOK) - suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) - suite.client.WaitForStatusCondition(t, grpcRoute1ID, StatusKey, ConditionXRouteOK) - }) + suite.client.WaitForStatusCondition(t, tcpRoute1ID, StatusKey, ConditionXRouteOK) + suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) + suite.client.WaitForStatusCondition(t, grpcRoute1ID, StatusKey, ConditionXRouteOK) + }) - // Add another route, with a bad mapping. + // Add another route, with a bad mapping. - tcpRoute2 := &pbmesh.TCPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "tcp"), - }, - Rules: []*pbmesh.TCPRouteRule{{ - BackendRefs: []*pbmesh.TCPBackendRef{{ - BackendRef: newBackendRef(barServiceRef, "", ""), - }}, + tcpRoute2 := &pbmesh.TCPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "tcp"), + }, + Rules: []*pbmesh.TCPRouteRule{{ + BackendRefs: []*pbmesh.TCPBackendRef{{ + BackendRef: newBackendRef(barServiceRef, "", ""), }}, - } - tcpRoute2ID := rtest.Resource(pbmesh.TCPRouteType, "api-tcp-route2"). - WithTenancy(tenancy). - WithData(suite.T(), tcpRoute2). - Write(suite.T(), suite.client). - Id - - httpRoute2 := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http2"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/healthz", - }, - }}, - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(barServiceRef, "", ""), - }}, + }}, + } + tcpRoute2ID := rtest.Resource(pbmesh.TCPRouteType, "api-tcp-route2"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), tcpRoute2). + Write(suite.T(), suite.client). + Id + + httpRoute2 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http2"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/healthz", + }, }}, - } - httpRoute2ID := rtest.Resource(pbmesh.HTTPRouteType, "api-http-route2"). - WithTenancy(tenancy). - WithData(suite.T(), httpRoute2). - Write(suite.T(), suite.client). - Id - - grpcRoute2 := &pbmesh.GRPCRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "grpc"), - }, - Rules: []*pbmesh.GRPCRouteRule{{ - Matches: []*pbmesh.GRPCRouteMatch{{ - Method: &pbmesh.GRPCMethodMatch{ - Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT, - Service: "billing", - Method: "charge", - }, - }}, - BackendRefs: []*pbmesh.GRPCBackendRef{{ - BackendRef: newBackendRef(barServiceRef, "", ""), - }}, + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(barServiceRef, "", ""), }}, - } - grpcRoute2ID := rtest.Resource(pbmesh.GRPCRouteType, "api-grpc-route2"). - WithTenancy(tenancy). - WithData(suite.T(), grpcRoute2). - Write(suite.T(), suite.client). - Id - - testutil.RunStep(suite.T(), "one good one bad route", func(t *testing.T) { - expect := &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - fooServiceRef, - resource.Reference(grpcRoute1ID, ""), - resource.Reference(grpcRoute2ID, ""), - resource.Reference(httpRoute1ID, ""), - resource.Reference(httpRoute2ID, ""), - resource.Reference(tcpRoute1ID, ""), - resource.Reference(tcpRoute2ID, ""), + }}, + } + httpRoute2ID := rtest.Resource(pbmesh.HTTPRouteType, "api-http-route2"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), httpRoute2). + Write(suite.T(), suite.client). + Id + + grpcRoute2 := &pbmesh.GRPCRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "grpc"), + }, + Rules: []*pbmesh.GRPCRouteRule{{ + Matches: []*pbmesh.GRPCRouteMatch{{ + Method: &pbmesh.GRPCMethodMatch{ + Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT, + Service: "billing", + Method: "charge", }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "tcp": { - Config: &pbmesh.ComputedPortRoutes_Tcp{ - Tcp: &pbmesh.ComputedTCPRoute{ - Rules: []*pbmesh.ComputedTCPRouteRule{ - { - BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ - BackendTarget: backendName("foo", "tcp"), - }}, - }, - { - BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }}, + BackendRefs: []*pbmesh.GRPCBackendRef{{ + BackendRef: newBackendRef(barServiceRef, "", ""), + }}, + }}, + } + grpcRoute2ID := rtest.Resource(pbmesh.GRPCRouteType, "api-grpc-route2"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), grpcRoute2). + Write(suite.T(), suite.client). + Id + + testutil.RunStep(suite.T(), "one good one bad route", func(t *testing.T) { + expect := &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + resource.Reference(grpcRoute1ID, ""), + resource.Reference(grpcRoute2ID, ""), + resource.Reference(httpRoute1ID, ""), + resource.Reference(httpRoute2ID, ""), + resource.Reference(tcpRoute1ID, ""), + resource.Reference(tcpRoute2ID, ""), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "tcp": { + Config: &pbmesh.ComputedPortRoutes_Tcp{ + Tcp: &pbmesh.ComputedTCPRoute{ + Rules: []*pbmesh.ComputedTCPRouteRule{ + { + BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ + BackendTarget: backendName("foo", "tcp"), + }}, + }, + { + BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "tcp"), - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "tcp"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "tcp", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "tcp"), + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "tcp"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "tcp", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/healthz", - }, - }}, - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/healthz", + }, + }}, + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), }, }, - "grpc": { - Config: &pbmesh.ComputedPortRoutes_Grpc{ - Grpc: &pbmesh.ComputedGRPCRoute{ - Rules: []*pbmesh.ComputedGRPCRouteRule{ - { - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: backendName("foo", "grpc"), - }}, - }, - { - Matches: []*pbmesh.GRPCRouteMatch{{ - Method: &pbmesh.GRPCMethodMatch{ - Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT, - Service: "billing", - Method: "charge", - }, - }}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - { - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "grpc": { + Config: &pbmesh.ComputedPortRoutes_Grpc{ + Grpc: &pbmesh.ComputedGRPCRoute{ + Rules: []*pbmesh.ComputedGRPCRouteRule{ + { + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: backendName("foo", "grpc"), + }}, + }, + { + Matches: []*pbmesh.GRPCRouteMatch{{ + Method: &pbmesh.GRPCMethodMatch{ + Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT, + Service: "billing", + Method: "charge", + }, + }}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, + }, + { + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "grpc"), - Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "grpc"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "grpc", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "grpc"), + Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "grpc"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "grpc", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http2": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/healthz", - }, - }}, - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http2"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "http2": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/healthz", + }, + }}, + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http2"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http2"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http2"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http2", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http2"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http2"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http2", ""), + DestinationConfig: defaultDestConfig(), }, }, }, - } - - lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, lastVersion, expect) - - suite.client.WaitForStatusCondition(t, tcpRoute1ID, StatusKey, ConditionXRouteOK) - suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) - suite.client.WaitForStatusCondition(t, grpcRoute1ID, StatusKey, ConditionXRouteOK) - - suite.client.WaitForStatusCondition(t, tcpRoute2ID, StatusKey, - ConditionMissingBackendRef(newRef(pbcatalog.ServiceType, "bar", tenancy))) - suite.client.WaitForStatusCondition(t, httpRoute2ID, StatusKey, - ConditionMissingBackendRef(newRef(pbcatalog.ServiceType, "bar", tenancy))) - suite.client.WaitForStatusCondition(t, grpcRoute2ID, StatusKey, - ConditionMissingBackendRef(newRef(pbcatalog.ServiceType, "bar", tenancy))) - }) - - // Update the route2 routes to point to a real service, but overlap in - // their parentrefs with existing ports tied to other xRoutes. - // - // tcp2 -> http1 - // http2 -> grpc1 - // grpc2 -> tcp1 - // - // Also remove customization for the protocol http2. - - tcpRoute2 = &pbmesh.TCPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), }, - Rules: []*pbmesh.TCPRouteRule{{ - BackendRefs: []*pbmesh.TCPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, - }}, } - rtest.ResourceID(tcpRoute2ID). - WithTenancy(tenancy). - WithData(suite.T(), tcpRoute2). - Write(suite.T(), suite.client) - httpRoute2 = &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "grpc"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/healthz", - }, - }}, - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, - }}, - } - rtest.ResourceID(httpRoute2ID). - WithTenancy(tenancy). - WithData(suite.T(), httpRoute2). - Write(suite.T(), suite.client) + lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, lastVersion, expect) - grpcRoute2 = &pbmesh.GRPCRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "tcp"), - }, - Rules: []*pbmesh.GRPCRouteRule{{ - Matches: []*pbmesh.GRPCRouteMatch{{ - Method: &pbmesh.GRPCMethodMatch{ - Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT, - Service: "billing", - Method: "charge", - }, - }}, - BackendRefs: []*pbmesh.GRPCBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, - }}, - } - rtest.ResourceID(grpcRoute2ID). - WithTenancy(tenancy). - WithData(suite.T(), grpcRoute2). - Write(suite.T(), suite.client) + suite.client.WaitForStatusCondition(t, tcpRoute1ID, StatusKey, ConditionXRouteOK) + suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) + suite.client.WaitForStatusCondition(t, grpcRoute1ID, StatusKey, ConditionXRouteOK) + + suite.client.WaitForStatusCondition(t, tcpRoute2ID, StatusKey, + ConditionMissingBackendRef(newRef(pbcatalog.ServiceType, "bar"))) + suite.client.WaitForStatusCondition(t, httpRoute2ID, StatusKey, + ConditionMissingBackendRef(newRef(pbcatalog.ServiceType, "bar"))) + suite.client.WaitForStatusCondition(t, grpcRoute2ID, StatusKey, + ConditionMissingBackendRef(newRef(pbcatalog.ServiceType, "bar"))) + }) - testutil.RunStep(suite.T(), "overlapping xRoutes generate conflicts", func(t *testing.T) { - expect := &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - fooServiceRef, - resource.Reference(grpcRoute1ID, ""), - resource.Reference(grpcRoute2ID, ""), - resource.Reference(httpRoute1ID, ""), - resource.Reference(httpRoute2ID, ""), - resource.Reference(tcpRoute1ID, ""), - resource.Reference(tcpRoute2ID, ""), + // Update the route2 routes to point to a real service, but overlap in + // their parentrefs with existing ports tied to other xRoutes. + // + // tcp2 -> http1 + // http2 -> grpc1 + // grpc2 -> tcp1 + // + // Also remove customization for the protocol http2. + + tcpRoute2 = &pbmesh.TCPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + }, + Rules: []*pbmesh.TCPRouteRule{{ + BackendRefs: []*pbmesh.TCPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), + }}, + }}, + } + rtest.ResourceID(tcpRoute2ID). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), tcpRoute2). + Write(suite.T(), suite.client) + + httpRoute2 = &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "grpc"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/healthz", }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "tcp": { - Config: &pbmesh.ComputedPortRoutes_Tcp{ - Tcp: &pbmesh.ComputedTCPRoute{ - Rules: []*pbmesh.ComputedTCPRouteRule{{ - BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ - BackendTarget: backendName("foo", "tcp"), - }}, + }}, + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), + }}, + }}, + } + rtest.ResourceID(httpRoute2ID). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), httpRoute2). + Write(suite.T(), suite.client) + + grpcRoute2 = &pbmesh.GRPCRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "tcp"), + }, + Rules: []*pbmesh.GRPCRouteRule{{ + Matches: []*pbmesh.GRPCRouteMatch{{ + Method: &pbmesh.GRPCMethodMatch{ + Type: pbmesh.GRPCMethodMatchType_GRPC_METHOD_MATCH_TYPE_EXACT, + Service: "billing", + Method: "charge", + }, + }}, + BackendRefs: []*pbmesh.GRPCBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), + }}, + }}, + } + rtest.ResourceID(grpcRoute2ID). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), grpcRoute2). + Write(suite.T(), suite.client) + + testutil.RunStep(suite.T(), "overlapping xRoutes generate conflicts", func(t *testing.T) { + expect := &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + resource.Reference(grpcRoute1ID, ""), + resource.Reference(grpcRoute2ID, ""), + resource.Reference(httpRoute1ID, ""), + resource.Reference(httpRoute2ID, ""), + resource.Reference(tcpRoute1ID, ""), + resource.Reference(tcpRoute2ID, ""), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "tcp": { + Config: &pbmesh.ComputedPortRoutes_Tcp{ + Tcp: &pbmesh.ComputedTCPRoute{ + Rules: []*pbmesh.ComputedTCPRouteRule{{ + BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ + BackendTarget: backendName("foo", "tcp"), }}, - }, + }}, }, - ParentRef: newParentRef(apiServiceRef, "tcp"), - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "tcp"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "tcp", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "tcp"), + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "tcp"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "tcp", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), }, }, - "grpc": { - Config: &pbmesh.ComputedPortRoutes_Grpc{ - Grpc: &pbmesh.ComputedGRPCRoute{ - Rules: []*pbmesh.ComputedGRPCRouteRule{ - { - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: backendName("foo", "grpc"), - }}, - }, - { - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "grpc": { + Config: &pbmesh.ComputedPortRoutes_Grpc{ + Grpc: &pbmesh.ComputedGRPCRoute{ + Rules: []*pbmesh.ComputedGRPCRouteRule{ + { + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: backendName("foo", "grpc"), + }}, + }, + { + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "grpc"), - Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "grpc"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "grpc", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "grpc"), + Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "grpc"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "grpc", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http2": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http2"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "http2": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http2"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http2"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http2"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http2", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http2"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http2"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http2", ""), + DestinationConfig: defaultDestConfig(), }, }, }, - } - - lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, lastVersion, expect) - - suite.client.WaitForStatusCondition(t, tcpRoute1ID, StatusKey, ConditionXRouteOK) - suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) - suite.client.WaitForStatusCondition(t, grpcRoute1ID, StatusKey, ConditionXRouteOK) - - suite.client.WaitForStatusCondition(t, tcpRoute2ID, StatusKey, - ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http", pbmesh.HTTPRouteType)) - suite.client.WaitForStatusCondition(t, httpRoute2ID, StatusKey, - ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "grpc", pbmesh.GRPCRouteType)) - suite.client.WaitForStatusCondition(t, grpcRoute2ID, StatusKey, - ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "tcp", pbmesh.TCPRouteType)) - }) - - // - Delete the bad routes - // - delete the original grpc route - // - create a new grpc route with a later name so it loses the conflict - // battle, and do a wildcard port binding - - suite.client.MustDelete(suite.T(), tcpRoute2ID) - suite.client.MustDelete(suite.T(), httpRoute2ID) - suite.client.MustDelete(suite.T(), grpcRoute1ID) - suite.client.MustDelete(suite.T(), grpcRoute2ID) - - suite.client.WaitForDeletion(suite.T(), tcpRoute2ID) - suite.client.WaitForDeletion(suite.T(), httpRoute2ID) - suite.client.WaitForDeletion(suite.T(), grpcRoute1ID) - suite.client.WaitForDeletion(suite.T(), grpcRoute2ID) - - // Re-create with newarly the same data (wildcard port now) with a newer name. - grpcRoute1 = &pbmesh.GRPCRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), ""), }, - Rules: []*pbmesh.GRPCRouteRule{{ - BackendRefs: []*pbmesh.GRPCBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, - }}, } - grpcRoute1ID = rtest.Resource(pbmesh.GRPCRouteType, "zzz-bad-route"). - WithTenancy(tenancy). - WithData(suite.T(), grpcRoute1). - Write(suite.T(), suite.client). - Id - - testutil.RunStep(suite.T(), "overlapping xRoutes due to port wildcarding", func(t *testing.T) { - expect := &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - fooServiceRef, - resource.Reference(grpcRoute1ID, ""), - resource.Reference(httpRoute1ID, ""), - resource.Reference(tcpRoute1ID, ""), - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "tcp": { - Config: &pbmesh.ComputedPortRoutes_Tcp{ - Tcp: &pbmesh.ComputedTCPRoute{ - Rules: []*pbmesh.ComputedTCPRouteRule{{ - BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ - BackendTarget: backendName("foo", "tcp"), - }}, + + lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, lastVersion, expect) + + suite.client.WaitForStatusCondition(t, tcpRoute1ID, StatusKey, ConditionXRouteOK) + suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) + suite.client.WaitForStatusCondition(t, grpcRoute1ID, StatusKey, ConditionXRouteOK) + + suite.client.WaitForStatusCondition(t, tcpRoute2ID, StatusKey, + ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api"), "http", pbmesh.HTTPRouteType)) + suite.client.WaitForStatusCondition(t, httpRoute2ID, StatusKey, + ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api"), "grpc", pbmesh.GRPCRouteType)) + suite.client.WaitForStatusCondition(t, grpcRoute2ID, StatusKey, + ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api"), "tcp", pbmesh.TCPRouteType)) + }) + + // - Delete the bad routes + // - delete the original grpc route + // - create a new grpc route with a later name so it loses the conflict + // battle, and do a wildcard port binding + + suite.client.MustDelete(suite.T(), tcpRoute2ID) + suite.client.MustDelete(suite.T(), httpRoute2ID) + suite.client.MustDelete(suite.T(), grpcRoute1ID) + suite.client.MustDelete(suite.T(), grpcRoute2ID) + + suite.client.WaitForDeletion(suite.T(), tcpRoute2ID) + suite.client.WaitForDeletion(suite.T(), httpRoute2ID) + suite.client.WaitForDeletion(suite.T(), grpcRoute1ID) + suite.client.WaitForDeletion(suite.T(), grpcRoute2ID) + + // Re-create with newarly the same data (wildcard port now) with a newer name. + grpcRoute1 = &pbmesh.GRPCRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), ""), + }, + Rules: []*pbmesh.GRPCRouteRule{{ + BackendRefs: []*pbmesh.GRPCBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), + }}, + }}, + } + grpcRoute1ID = rtest.Resource(pbmesh.GRPCRouteType, "zzz-bad-route"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), grpcRoute1). + Write(suite.T(), suite.client). + Id + + testutil.RunStep(suite.T(), "overlapping xRoutes due to port wildcarding", func(t *testing.T) { + expect := &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + resource.Reference(grpcRoute1ID, ""), + resource.Reference(httpRoute1ID, ""), + resource.Reference(tcpRoute1ID, ""), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "tcp": { + Config: &pbmesh.ComputedPortRoutes_Tcp{ + Tcp: &pbmesh.ComputedTCPRoute{ + Rules: []*pbmesh.ComputedTCPRouteRule{{ + BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ + BackendTarget: backendName("foo", "tcp"), }}, - }, + }}, }, - ParentRef: newParentRef(apiServiceRef, "tcp"), - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "tcp"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "tcp", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "tcp"), + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "tcp"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "tcp", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), }, }, - "grpc": { - Config: &pbmesh.ComputedPortRoutes_Grpc{ - Grpc: &pbmesh.ComputedGRPCRoute{ - Rules: []*pbmesh.ComputedGRPCRouteRule{ - { - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: backendName("foo", "grpc"), - }}, - }, - { - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "grpc": { + Config: &pbmesh.ComputedPortRoutes_Grpc{ + Grpc: &pbmesh.ComputedGRPCRoute{ + Rules: []*pbmesh.ComputedGRPCRouteRule{ + { + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: backendName("foo", "grpc"), + }}, + }, + { + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "grpc"), - Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "grpc"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "grpc", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "grpc"), + Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "grpc"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "grpc", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http2": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http2"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "http2": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http2"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http2"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http2"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http2", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http2"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http2"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http2", ""), + DestinationConfig: defaultDestConfig(), }, }, }, - } + }, + } - suite.client.WaitForStatusConditions(t, grpcRoute1ID, StatusKey, - ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http", pbmesh.HTTPRouteType), - ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http2", pbmesh.HTTPRouteType), - ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "tcp", pbmesh.TCPRouteType)) + suite.client.WaitForStatusConditions(t, grpcRoute1ID, StatusKey, + ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api"), "http", pbmesh.HTTPRouteType), + ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api"), "http2", pbmesh.HTTPRouteType), + ConditionConflictNotBoundToParentRef(newRef(pbcatalog.ServiceType, "api"), "tcp", pbmesh.TCPRouteType)) - lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, "" /*no change*/, expect) + lastVersion = requireNewComputedRoutesVersion(t, suite.client, computedRoutesID, "" /*no change*/, expect) - suite.client.WaitForStatusCondition(t, tcpRoute1ID, StatusKey, ConditionXRouteOK) - suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) + suite.client.WaitForStatusCondition(t, tcpRoute1ID, StatusKey, ConditionXRouteOK) + suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) - }) + }) - // Remove the mesh port from api service. + // Remove the mesh port from api service. + + apiServiceData = &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + }, + } - apiServiceData = &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - }, - } + _ = rtest.Resource(pbcatalog.ServiceType, "api"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), apiServiceData). + Write(suite.T(), suite.client) - apiService := rtest.Resource(pbcatalog.ServiceType, "api"). - WithTenancy(tenancy). - WithData(suite.T(), apiServiceData). - Write(suite.T(), suite.client) + testutil.RunStep(suite.T(), "entire generated resource is deleted", func(t *testing.T) { + suite.client.WaitForDeletion(t, computedRoutesID) - testutil.RunStep(suite.T(), "entire generated resource is deleted", func(t *testing.T) { - suite.client.WaitForDeletion(t, computedRoutesID) - - suite.client.WaitForStatusCondition(t, tcpRoute1ID, StatusKey, - ConditionParentRefOutsideMesh(newRef(pbcatalog.ServiceType, "api", tenancy))) - suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, - ConditionParentRefOutsideMesh(newRef(pbcatalog.ServiceType, "api", tenancy))) - suite.client.WaitForStatusCondition(t, grpcRoute1ID, StatusKey, - ConditionParentRefOutsideMesh(newRef(pbcatalog.ServiceType, "api", tenancy))) - }) - - // Get down to just 2 ports for all relevant services. - for _, name := range []string{"foo", "bar", "api"} { - _ = rtest.Resource(pbcatalog.ServiceType, name). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{name + "-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - Write(suite.T(), suite.client) - } + suite.client.WaitForStatusCondition(t, tcpRoute1ID, StatusKey, + ConditionParentRefOutsideMesh(newRef(pbcatalog.ServiceType, "api"))) + suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, + ConditionParentRefOutsideMesh(newRef(pbcatalog.ServiceType, "api"))) + suite.client.WaitForStatusCondition(t, grpcRoute1ID, StatusKey, + ConditionParentRefOutsideMesh(newRef(pbcatalog.ServiceType, "api"))) + }) - httpRoute1 = &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(fooServiceRef, "http"), - newParentRef(barServiceRef, "http"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(apiServiceRef, "", ""), - }}, - }}, - } - httpRoute1ID = rtest.Resource(pbmesh.HTTPRouteType, "route1"). - WithTenancy(tenancy). - WithData(suite.T(), httpRoute1). - Write(suite.T(), suite.client). - Id - - var ( - fooLastVersion string - barLastVersion string - - fooComputedRoutesID = rtest.Resource(pbmesh.ComputedRoutesType, "foo"). - WithTenancy(tenancy). - ID() - barComputedRoutesID = rtest.Resource(pbmesh.ComputedRoutesType, "bar"). - WithTenancy(tenancy). - ID() - ) - - testutil.RunStep(suite.T(), "create a route linked to two parents", func(t *testing.T) { - expectFoo := &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - fooServiceRef, - resource.Reference(httpRoute1ID, ""), + // Get down to just 2 ports for all relevant services. + for _, name := range []string{"foo", "bar", "api"} { + _ = rtest.Resource(pbcatalog.ServiceType, name). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{name + "-"}, }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("api", "http"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }). + Write(suite.T(), suite.client) + } + + httpRoute1 = &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(fooServiceRef, "http"), + newParentRef(barServiceRef, "http"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(apiServiceRef, "", ""), + }}, + }}, + } + httpRoute1ID = rtest.Resource(pbmesh.HTTPRouteType, "route1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), httpRoute1). + Write(suite.T(), suite.client). + Id + + var ( + fooLastVersion string + barLastVersion string + + fooComputedRoutesID = rtest.Resource(pbmesh.ComputedRoutesType, "foo"). + WithTenancy(resource.DefaultNamespacedTenancy()). + ID() + barComputedRoutesID = rtest.Resource(pbmesh.ComputedRoutesType, "bar"). + WithTenancy(resource.DefaultNamespacedTenancy()). + ID() + ) + + testutil.RunStep(suite.T(), "create a route linked to two parents", func(t *testing.T) { + expectFoo := &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + resource.Reference(httpRoute1ID, ""), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("api", "http"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(fooServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(fooServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), }, }, }, - } - expectBar := &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - barServiceRef, - resource.Reference(httpRoute1ID, ""), - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("api", "http"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + } + expectBar := &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + barServiceRef, + resource.Reference(httpRoute1ID, ""), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("api", "http"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(barServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(barServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), }, }, }, - } + }, + } - fooLastVersion = requireNewComputedRoutesVersion(t, suite.client, fooComputedRoutesID, fooLastVersion, expectFoo) - barLastVersion = requireNewComputedRoutesVersion(t, suite.client, barComputedRoutesID, barLastVersion, expectBar) + fooLastVersion = requireNewComputedRoutesVersion(t, suite.client, fooComputedRoutesID, fooLastVersion, expectFoo) + barLastVersion = requireNewComputedRoutesVersion(t, suite.client, barComputedRoutesID, barLastVersion, expectBar) - suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) - }) + suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) + }) - // Remove bar parent - httpRoute1 = &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(fooServiceRef, "http"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(apiServiceRef, "", ""), - }}, + // Remove bar parent + httpRoute1 = &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(fooServiceRef, "http"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(apiServiceRef, "", ""), }}, - } - httpRoute1ID = rtest.Resource(pbmesh.HTTPRouteType, "route1"). - WithTenancy(tenancy). - WithData(suite.T(), httpRoute1). - Write(suite.T(), suite.client). - Id - - testutil.RunStep(suite.T(), "remove a parent ref and show that the old computed routes is reconciled one more time", func(t *testing.T) { - expectBar := &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - barServiceRef, - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("bar", "http"), - }}, - }, + }}, + } + httpRoute1ID = rtest.Resource(pbmesh.HTTPRouteType, "route1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), httpRoute1). + Write(suite.T(), suite.client). + Id + + testutil.RunStep(suite.T(), "remove a parent ref and show that the old computed routes is reconciled one more time", func(t *testing.T) { + expectBar := &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + barServiceRef, + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("bar", "http"), + }}, }, }, }, - UsingDefaultConfig: true, - ParentRef: newParentRef(barServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("bar", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(barServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + UsingDefaultConfig: true, + ParentRef: newParentRef(barServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("bar", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(barServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), }, }, }, - } - - barLastVersion = requireNewComputedRoutesVersion(t, suite.client, barComputedRoutesID, barLastVersion, expectBar) - - suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) - - resourcesToDelete := []*pbresource.ID{ - apiService.Id, - fooService.Id, - tcpRoute1ID, - tcpRoute2ID, - grpcRoute1ID, - grpcRoute2ID, - httpRoute1ID, - httpRoute2ID, - } - - for _, id := range resourcesToDelete { - suite.client.MustDelete(t, id) - suite.client.WaitForDeletion(t, id) - } - }) + }, + } + + barLastVersion = requireNewComputedRoutesVersion(t, suite.client, barComputedRoutesID, barLastVersion, expectBar) + + suite.client.WaitForStatusCondition(t, httpRoute1ID, StatusKey, ConditionXRouteOK) }) } @@ -1363,15 +1338,3 @@ func requireNewComputedRoutesVersion( func TestController(t *testing.T) { suite.Run(t, new(controllerSuite)) } - -func (suite *controllerSuite) runTestCaseWithTenancies(testFunc func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - testFunc(tenancy) - }) - } -} - -func (suite *controllerSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) -} diff --git a/internal/mesh/internal/controllers/routes/generate_test.go b/internal/mesh/internal/controllers/routes/generate_test.go index 02ae0e0d435d2..4dc4a9c0793e7 100644 --- a/internal/mesh/internal/controllers/routes/generate_test.go +++ b/internal/mesh/internal/controllers/routes/generate_test.go @@ -29,282 +29,223 @@ func TestGenerateComputedRoutes(t *testing.T) { types.Register(registry) catalog.RegisterTypes(registry) - for _, tenancy := range rtest.TestTenancies() { - run := func( - t *testing.T, - related *loader.RelatedResources, - expect []*ComputedRoutesResult, - expectPending PendingStatuses, - ) { - pending := make(PendingStatuses) - - got := GenerateComputedRoutes(related, pending) - - prototest.AssertElementsMatch[*ComputedRoutesResult]( - t, expect, got, - ) + run := func( + t *testing.T, + related *loader.RelatedResources, + expect []*ComputedRoutesResult, + expectPending PendingStatuses, + ) { + pending := make(PendingStatuses) + + got := GenerateComputedRoutes(related, pending) + + prototest.AssertElementsMatch[*ComputedRoutesResult]( + t, expect, got, + ) - require.Len(t, pending, len(expectPending)) - if len(expectPending) > 0 { - for rk, expectItem := range expectPending { - gotItem, ok := pending[rk] - require.True(t, ok, "missing expected pending status for %v", rk) - prototest.AssertDeepEqual(t, expectItem, gotItem) - } - for rk := range pending { - _, ok := expectPending[rk] - require.True(t, ok, "extra pending status for %v", rk) - } + require.Len(t, pending, len(expectPending)) + if len(expectPending) > 0 { + for rk, expectItem := range expectPending { + gotItem, ok := pending[rk] + require.True(t, ok, "missing expected pending status for %v", rk) + prototest.AssertDeepEqual(t, expectItem, gotItem) + } + for rk := range pending { + _, ok := expectPending[rk] + require.True(t, ok, "extra pending status for %v", rk) } } + } - newService := func(name string, data *pbcatalog.Service) *types.DecodedService { - svc := rtest.Resource(pbcatalog.ServiceType, name). - WithTenancy(tenancy). - WithData(t, data).Build() - rtest.ValidateAndNormalize(t, registry, svc) - return rtest.MustDecode[*pbcatalog.Service](t, svc) - } - - newHTTPRoute := func(name string, data *pbmesh.HTTPRoute) *types.DecodedHTTPRoute { - svc := rtest.Resource(pbmesh.HTTPRouteType, name). - WithTenancy(tenancy). - WithData(t, data).Build() - rtest.ValidateAndNormalize(t, registry, svc) - return rtest.MustDecode[*pbmesh.HTTPRoute](t, svc) - } - newGRPCRoute := func(name string, data *pbmesh.GRPCRoute) *types.DecodedGRPCRoute { - svc := rtest.Resource(pbmesh.GRPCRouteType, name). - WithTenancy(tenancy). - WithData(t, data).Build() - rtest.ValidateAndNormalize(t, registry, svc) - return rtest.MustDecode[*pbmesh.GRPCRoute](t, svc) - } - newTCPRoute := func(name string, data *pbmesh.TCPRoute) *types.DecodedTCPRoute { - svc := rtest.Resource(pbmesh.TCPRouteType, name). - WithTenancy(tenancy). - WithData(t, data).Build() - rtest.ValidateAndNormalize(t, registry, svc) - return rtest.MustDecode[*pbmesh.TCPRoute](t, svc) - } - - newDestPolicy := func(name string, data *pbmesh.DestinationPolicy) *types.DecodedDestinationPolicy { - policy := rtest.Resource(pbmesh.DestinationPolicyType, name). - WithTenancy(tenancy). - WithData(t, data).Build() - rtest.ValidateAndNormalize(t, registry, policy) - return rtest.MustDecode[*pbmesh.DestinationPolicy](t, policy) - } - - newFailPolicy := func(name string, data *pbcatalog.FailoverPolicy) *types.DecodedFailoverPolicy { - policy := rtest.Resource(pbcatalog.FailoverPolicyType, name). - WithTenancy(tenancy). - WithData(t, data).Build() - rtest.ValidateAndNormalize(t, registry, policy) - return rtest.MustDecode[*pbcatalog.FailoverPolicy](t, policy) - } + newService := func(name string, data *pbcatalog.Service) *types.DecodedService { + svc := rtest.Resource(pbcatalog.ServiceType, name). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, data).Build() + rtest.ValidateAndNormalize(t, registry, svc) + return rtest.MustDecode[*pbcatalog.Service](t, svc) + } - backendName := func(name, port string) string { - return fmt.Sprintf("catalog.v2beta1.Service/%s.local.%s/%s?port=%s", tenancy.Partition, tenancy.Namespace, name, port) - } + newHTTPRoute := func(name string, data *pbmesh.HTTPRoute) *types.DecodedHTTPRoute { + svc := rtest.Resource(pbmesh.HTTPRouteType, name). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, data).Build() + rtest.ValidateAndNormalize(t, registry, svc) + return rtest.MustDecode[*pbmesh.HTTPRoute](t, svc) + } + newGRPCRoute := func(name string, data *pbmesh.GRPCRoute) *types.DecodedGRPCRoute { + svc := rtest.Resource(pbmesh.GRPCRouteType, name). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, data).Build() + rtest.ValidateAndNormalize(t, registry, svc) + return rtest.MustDecode[*pbmesh.GRPCRoute](t, svc) + } + newTCPRoute := func(name string, data *pbmesh.TCPRoute) *types.DecodedTCPRoute { + svc := rtest.Resource(pbmesh.TCPRouteType, name). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, data).Build() + rtest.ValidateAndNormalize(t, registry, svc) + return rtest.MustDecode[*pbmesh.TCPRoute](t, svc) + } - var ( - apiServiceID = rtest.Resource(pbcatalog.ServiceType, "api"). - WithTenancy(tenancy). - ID() - apiServiceRef = resource.Reference(apiServiceID, "") - apiComputedRoutesID = rtest.Resource(pbmesh.ComputedRoutesType, "api"). - WithTenancy(tenancy). - ID() + newDestPolicy := func(name string, data *pbmesh.DestinationPolicy) *types.DecodedDestinationPolicy { + policy := rtest.Resource(pbmesh.DestinationPolicyType, name). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, data).Build() + rtest.ValidateAndNormalize(t, registry, policy) + return rtest.MustDecode[*pbmesh.DestinationPolicy](t, policy) + } - fooServiceID = rtest.Resource(pbcatalog.ServiceType, "foo"). - WithTenancy(tenancy). - ID() - fooServiceRef = resource.Reference(fooServiceID, "") + newFailPolicy := func(name string, data *pbcatalog.FailoverPolicy) *types.DecodedFailoverPolicy { + policy := rtest.Resource(pbcatalog.FailoverPolicyType, name). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, data).Build() + rtest.ValidateAndNormalize(t, registry, policy) + return rtest.MustDecode[*pbcatalog.FailoverPolicy](t, policy) + } - barServiceID = rtest.Resource(pbcatalog.ServiceType, "bar"). - WithTenancy(tenancy). - ID() - barServiceRef = resource.Reference(barServiceID, "") + backendName := func(name, port string) string { + return fmt.Sprintf("catalog.v2beta1.Service/default.local.default/%s?port=%s", name, port) + } - deadServiceID = rtest.Resource(pbcatalog.ServiceType, "dead"). - WithTenancy(tenancy). + var ( + apiServiceID = rtest.Resource(pbcatalog.ServiceType, "api"). + WithTenancy(resource.DefaultNamespacedTenancy()). + ID() + apiServiceRef = resource.Reference(apiServiceID, "") + apiComputedRoutesID = rtest.Resource(pbmesh.ComputedRoutesType, "api"). + WithTenancy(resource.DefaultNamespacedTenancy()). ID() - deadServiceRef = resource.Reference(deadServiceID, "") - ) - - t.Run("none", func(t *testing.T) { - run(t, loader.NewRelatedResources(), nil, nil) - }) - - t.Run("no aligned service", func(t *testing.T) { - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID) - expect := []*ComputedRoutesResult{ - { - ID: apiComputedRoutesID, - Data: nil, - }, - } - run(t, related, expect, nil) - }) - - t.Run("aligned service not in mesh", func(t *testing.T) { - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources(newService("api", &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - }, - })) - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - Data: nil, - }} - run(t, related, expect, nil) - }) - t.Run("aligned service in mesh but no actual ports", func(t *testing.T) { - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources(newService("api", &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - })) - expect := []*ComputedRoutesResult{{ + fooServiceID = rtest.Resource(pbcatalog.ServiceType, "foo"). + WithTenancy(resource.DefaultNamespacedTenancy()). + ID() + fooServiceRef = resource.Reference(fooServiceID, "") + + barServiceID = rtest.Resource(pbcatalog.ServiceType, "bar"). + WithTenancy(resource.DefaultNamespacedTenancy()). + ID() + barServiceRef = resource.Reference(barServiceID, "") + + deadServiceID = rtest.Resource(pbcatalog.ServiceType, "dead"). + WithTenancy(resource.DefaultNamespacedTenancy()). + ID() + deadServiceRef = resource.Reference(deadServiceID, "") + ) + + t.Run("none", func(t *testing.T) { + run(t, loader.NewRelatedResources(), nil, nil) + }) + + t.Run("no aligned service", func(t *testing.T) { + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID) + expect := []*ComputedRoutesResult{ + { ID: apiComputedRoutesID, Data: nil, - }} - run(t, related, expect, nil) - }) + }, + } + run(t, related, expect, nil) + }) - t.Run("tcp service with default route", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ + t.Run("aligned service not in mesh", func(t *testing.T) { + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources(newService("api", &pbcatalog.Service{ Workloads: &pbcatalog.WorkloadSelector{ Prefixes: []string{"api-"}, }, Ports: []*pbcatalog.ServicePort{ {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + }, + })) + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + Data: nil, + }} + run(t, related, expect, nil) + }) + + t.Run("aligned service in mesh but no actual ports", func(t *testing.T) { + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources(newService("api", &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, }, - } - - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources(newService("api", apiServiceData)) + })) + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + Data: nil, + }} + run(t, related, expect, nil) + }) + + t.Run("tcp service with default route", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + } - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "tcp": { - Config: &pbmesh.ComputedPortRoutes_Tcp{ - Tcp: &pbmesh.ComputedTCPRoute{ - Rules: []*pbmesh.ComputedTCPRouteRule{{ - BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ - BackendTarget: backendName("api", "tcp"), - }}, + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources(newService("api", apiServiceData)) + + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "tcp": { + Config: &pbmesh.ComputedPortRoutes_Tcp{ + Tcp: &pbmesh.ComputedTCPRoute{ + Rules: []*pbmesh.ComputedTCPRouteRule{{ + BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ + BackendTarget: backendName("api", "tcp"), }}, - }, - }, - UsingDefaultConfig: true, - ParentRef: newParentRef(apiServiceRef, "tcp"), - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "tcp"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "tcp", ""), - DestinationConfig: defaultDestConfig(), - }, + }}, }, }, - }, - }}, - } - run(t, related, expect, nil) - }) - - for protoName, protocol := range map[string]pbcatalog.Protocol{ - "http": pbcatalog.Protocol_PROTOCOL_HTTP, - "http2": pbcatalog.Protocol_PROTOCOL_HTTP2, - } { - t.Run(protoName+" service with default route", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: protoName, Protocol: protocol}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - } - - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources(newService("api", apiServiceData)) - - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - protoName: { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/", - }, - }}, - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("api", protoName), - }}, - }}, - }, - }, - UsingDefaultConfig: true, - ParentRef: newParentRef(apiServiceRef, protoName), - Protocol: protocol, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", protoName): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, protoName, ""), - DestinationConfig: defaultDestConfig(), - }, - }, + UsingDefaultConfig: true, + ParentRef: newParentRef(apiServiceRef, "tcp"), + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "tcp"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "tcp", ""), + DestinationConfig: defaultDestConfig(), }, }, }, - }} - run(t, related, expect, nil) - }) + }, + }}, } - - t.Run("grpc service with default route", func(t *testing.T) { + run(t, related, expect, nil) + }) + + for protoName, protocol := range map[string]pbcatalog.Protocol{ + "http": pbcatalog.Protocol_PROTOCOL_HTTP, + "http2": pbcatalog.Protocol_PROTOCOL_HTTP2, + } { + t.Run(protoName+" service with default route", func(t *testing.T) { apiServiceData := &pbcatalog.Service{ Workloads: &pbcatalog.WorkloadSelector{ Prefixes: []string{"api-"}, }, Ports: []*pbcatalog.ServicePort{ - {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + {TargetPort: protoName, Protocol: protocol}, {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, }, } @@ -321,25 +262,30 @@ func TestGenerateComputedRoutes(t *testing.T) { apiServiceRef, }, PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "grpc": { - Config: &pbmesh.ComputedPortRoutes_Grpc{ - Grpc: &pbmesh.ComputedGRPCRoute{ - Rules: []*pbmesh.ComputedGRPCRouteRule{{ - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: backendName("api", "grpc"), + protoName: { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/", + }, + }}, + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("api", protoName), }}, }}, }, }, UsingDefaultConfig: true, - ParentRef: newParentRef(apiServiceRef, "grpc"), - Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, + ParentRef: newParentRef(apiServiceRef, protoName), + Protocol: protocol, Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "grpc"): { + backendName("api", protoName): { Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "grpc", ""), + BackendRef: newBackendRef(apiServiceRef, protoName, ""), DestinationConfig: defaultDestConfig(), }, }, @@ -349,1031 +295,894 @@ func TestGenerateComputedRoutes(t *testing.T) { }} run(t, related, expect, nil) }) + } - t.Run("all ports with a mix of routes", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - }, - } + t.Run("grpc service with default route", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + } - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources(newService("api", apiServiceData)) + + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "grpc": { + Config: &pbmesh.ComputedPortRoutes_Grpc{ + Grpc: &pbmesh.ComputedGRPCRoute{ + Rules: []*pbmesh.ComputedGRPCRouteRule{{ + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: backendName("api", "grpc"), + }}, + }}, + }, + }, + UsingDefaultConfig: true, + ParentRef: newParentRef(apiServiceRef, "grpc"), + Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "grpc"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "grpc", ""), + DestinationConfig: defaultDestConfig(), + }, + }, + }, }, - } + }, + }} + run(t, related, expect, nil) + }) + + t.Run("all ports with a mix of routes", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + }, + } - tcpRoute1 := &pbmesh.TCPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "tcp"), - }, - Rules: []*pbmesh.TCPRouteRule{{ - BackendRefs: []*pbmesh.TCPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + }, + } + + tcpRoute1 := &pbmesh.TCPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "tcp"), + }, + Rules: []*pbmesh.TCPRouteRule{{ + BackendRefs: []*pbmesh.TCPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), }}, - } + }}, + } - httpRoute1 := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http2"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, + httpRoute1 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http2"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), }}, - } + }}, + } - grpcRoute1 := &pbmesh.GRPCRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "grpc"), - }, - Rules: []*pbmesh.GRPCRouteRule{{ - BackendRefs: []*pbmesh.GRPCBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, + grpcRoute1 := &pbmesh.GRPCRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "grpc"), + }, + Rules: []*pbmesh.GRPCRouteRule{{ + BackendRefs: []*pbmesh.GRPCBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), }}, - } + }}, + } - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources( - newService("api", apiServiceData), - newService("foo", fooServiceData), - newTCPRoute("api-tcp-route1", tcpRoute1), - newHTTPRoute("api-http-route1", httpRoute1), - newGRPCRoute("api-grpc-route1", grpcRoute1), - ) + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources( + newService("api", apiServiceData), + newService("foo", fooServiceData), + newTCPRoute("api-tcp-route1", tcpRoute1), + newHTTPRoute("api-http-route1", httpRoute1), + newGRPCRoute("api-grpc-route1", grpcRoute1), + ) - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - fooServiceRef, - newRef(pbmesh.GRPCRouteType, "api-grpc-route1", tenancy), - newRef(pbmesh.HTTPRouteType, "api-http-route1", tenancy), - newRef(pbmesh.TCPRouteType, "api-tcp-route1", tenancy), + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + newRef(pbmesh.GRPCRouteType, "api-grpc-route1"), + newRef(pbmesh.HTTPRouteType, "api-http-route1"), + newRef(pbmesh.TCPRouteType, "api-tcp-route1"), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "tcp": { + Config: &pbmesh.ComputedPortRoutes_Tcp{ + Tcp: &pbmesh.ComputedTCPRoute{ + Rules: []*pbmesh.ComputedTCPRouteRule{{ + BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ + BackendTarget: backendName("foo", "tcp"), + }}, + }}, + }, + }, + ParentRef: newParentRef(apiServiceRef, "tcp"), + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "tcp"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "tcp", ""), + DestinationConfig: defaultDestConfig(), + }, + }, }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "tcp": { - Config: &pbmesh.ComputedPortRoutes_Tcp{ - Tcp: &pbmesh.ComputedTCPRoute{ - Rules: []*pbmesh.ComputedTCPRouteRule{{ - BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ - BackendTarget: backendName("foo", "tcp"), + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http"), }}, - }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, + }, }, }, - ParentRef: newParentRef(apiServiceRef, "tcp"), - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "tcp"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "tcp", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), }, }, - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, + }, + "http2": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http2"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), + }, + ParentRef: newParentRef(apiServiceRef, "http2"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http2"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http2", ""), + DestinationConfig: defaultDestConfig(), + }, + }, + }, + "grpc": { + Config: &pbmesh.ComputedPortRoutes_Grpc{ + Grpc: &pbmesh.ComputedGRPCRoute{ + Rules: []*pbmesh.ComputedGRPCRouteRule{ + { + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: backendName("foo", "grpc"), + }}, + }, + { + Matches: []*pbmesh.GRPCRouteMatch{{}}, + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, + }, }, }, }, - "http2": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http2"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - }, - }, - }, - ParentRef: newParentRef(apiServiceRef, "http2"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http2"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http2", ""), - DestinationConfig: defaultDestConfig(), - }, + ParentRef: newParentRef(apiServiceRef, "grpc"), + Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "grpc"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "grpc", ""), + DestinationConfig: defaultDestConfig(), }, }, - "grpc": { - Config: &pbmesh.ComputedPortRoutes_Grpc{ - Grpc: &pbmesh.ComputedGRPCRoute{ - Rules: []*pbmesh.ComputedGRPCRouteRule{ - { - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: backendName("foo", "grpc"), - }}, - }, - { - Matches: []*pbmesh.GRPCRouteMatch{{}}, - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - }, - }, + }, + }, + }, + }} + run(t, related, expect, nil) + }) + + t.Run("all ports with a wildcard route only bypassing the protocol", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + }, + } + + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + }, + } + + httpRoute1 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), ""), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), + }}, + }}, + } + + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources( + newService("api", apiServiceData), + newService("foo", fooServiceData), + newHTTPRoute("api-http-route1", httpRoute1), + ) + + chunk := func(portName string, protocol pbcatalog.Protocol) *pbmesh.ComputedPortRoutes { + return &pbmesh.ComputedPortRoutes{ + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", portName), + }}, }, - ParentRef: newParentRef(apiServiceRef, "grpc"), - Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "grpc"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "grpc", ""), - DestinationConfig: defaultDestConfig(), - }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, }, - }} - run(t, related, expect, nil) - }) - - t.Run("all ports with a wildcard route only bypassing the protocol", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + ParentRef: newParentRef(apiServiceRef, portName), + Protocol: protocol, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", portName): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, portName, ""), + DestinationConfig: defaultDestConfig(), + }, }, } + } - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - {TargetPort: "http2", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - }, - } + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + newRef(pbmesh.HTTPRouteType, "api-http-route1"), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + // note: tcp has been upgraded to http in the presence of an HTTPRoute + "tcp": chunk("tcp", pbcatalog.Protocol_PROTOCOL_HTTP), + "http": chunk("http", pbcatalog.Protocol_PROTOCOL_HTTP), + "http2": chunk("http2", pbcatalog.Protocol_PROTOCOL_HTTP2), + "grpc": chunk("grpc", pbcatalog.Protocol_PROTOCOL_GRPC), + }, + }, + }} + run(t, related, expect, nil) + }) + + t.Run("stale-weird: stale mapper causes visit of irrelevant xRoute", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } - httpRoute1 := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), ""), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } + + httpRoute1 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), ""), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), }}, - } + }}, + } - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources( - newService("api", apiServiceData), - newService("foo", fooServiceData), - newHTTPRoute("api-http-route1", httpRoute1), - ) + apiSvc := newService("api", apiServiceData) + fooSvc := newService("foo", fooServiceData) + apiHTTPRoute1 := newHTTPRoute("api-http-route1", httpRoute1) - chunk := func(portName string, protocol pbcatalog.Protocol) *pbmesh.ComputedPortRoutes { - return &pbmesh.ComputedPortRoutes{ - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", portName), + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). // deliberately skip adding 'foo' here to exercise the bug + AddResources(apiSvc, fooSvc, apiHTTPRoute1) + + // Update this after the fact, but don't update the inner indexing in + // the 'related' struct. + { + httpRoute1.ParentRefs[0] = newParentRef(newRef(pbcatalog.ServiceType, "foo"), "") + apiHTTPRoute1.Data = httpRoute1 + + anyData, err := anypb.New(httpRoute1) + require.NoError(t, err) + apiHTTPRoute1.Resource.Data = anyData + } + + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/", + }, }}, - }, - { - Matches: defaultHTTPRouteMatches(), BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, + BackendTarget: backendName("api", "http"), }}, - }, + }}, }, }, - }, - ParentRef: newParentRef(apiServiceRef, portName), - Protocol: protocol, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", portName): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, portName, ""), - DestinationConfig: defaultDestConfig(), + UsingDefaultConfig: true, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), + }, }, }, - } - } - - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - fooServiceRef, - newRef(pbmesh.HTTPRouteType, "api-http-route1", tenancy), - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - // note: tcp has been upgraded to http in the presence of an HTTPRoute - "tcp": chunk("tcp", pbcatalog.Protocol_PROTOCOL_HTTP), - "http": chunk("http", pbcatalog.Protocol_PROTOCOL_HTTP), - "http2": chunk("http2", pbcatalog.Protocol_PROTOCOL_HTTP2), - "grpc": chunk("grpc", pbcatalog.Protocol_PROTOCOL_GRPC), - }, - }, - }} - run(t, related, expect, nil) - }) - - t.Run("stale-weird: stale mapper causes visit of irrelevant xRoute", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } + }, + }} + run(t, related, expect, nil) + }) + + t.Run("stale-weird: parent ref uses invalid port", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } - httpRoute1 := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), ""), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, + httpRoute1 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + // Using bad parent port (www). + newParentRef(newRef(pbcatalog.ServiceType, "api"), "www"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "http", ""), }}, - } + }}, + } - apiSvc := newService("api", apiServiceData) - fooSvc := newService("foo", fooServiceData) - apiHTTPRoute1 := newHTTPRoute("api-http-route1", httpRoute1) + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources( + newService("api", apiServiceData), + newService("foo", fooServiceData), + newHTTPRoute("api-http-route1", httpRoute1), + ) - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). // deliberately skip adding 'foo' here to exercise the bug - AddResources(apiSvc, fooSvc, apiHTTPRoute1) + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/", + }, + }}, + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("api", "http"), + }}, + }}, + }, + }, + UsingDefaultConfig: true, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("api", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(apiServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), + }, + }, + }, + }, + }, + }} + run(t, related, expect, nil) + }) + + t.Run("overlapping xRoutes", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } - // Update this after the fact, but don't update the inner indexing in - // the 'related' struct. - { - httpRoute1.ParentRefs[0] = newParentRef(newRef(pbcatalog.ServiceType, "foo", tenancy), "") - apiHTTPRoute1.Data = httpRoute1 + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } - anyData, err := anypb.New(httpRoute1) - require.NoError(t, err) - apiHTTPRoute1.Resource.Data = anyData - } + httpRouteData := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + // Using bad parent port (www). + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "http", ""), + }}, + }}, + } + httpRoute := newHTTPRoute("api-http-route", httpRouteData) + + tcpRouteData := &pbmesh.TCPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + // Using bad parent port (www). + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + }, + Rules: []*pbmesh.TCPRouteRule{{ + BackendRefs: []*pbmesh.TCPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "http", ""), + }}, + }}, + } + tcpRoute := newTCPRoute("api-tcp-route", tcpRouteData) + // Force them to have the same generation, so that we fall back on + // lexicographic sort on the names as tiebreaker. + // + // api-http-route < api-tcp-route + tcpRoute.Resource.Generation = httpRoute.Resource.Generation + + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources( + newService("api", apiServiceData), + newService("foo", fooServiceData), + httpRoute, + tcpRoute, + ) - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/", - }, + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + resource.Reference(httpRoute.Resource.Id, ""), + resource.Reference(tcpRoute.Resource.Id, ""), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http"), }}, + }, + { + Matches: defaultHTTPRouteMatches(), BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("api", "http"), + BackendTarget: types.NullRouteBackend, }}, - }}, + }, }, }, - UsingDefaultConfig: true, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, + }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), }, }, }, }, - }} - run(t, related, expect, nil) - }) + }, + }} + + expectPending := make(PendingStatuses) + expectPending[resource.NewReferenceKey(tcpRoute.Resource.Id)] = &PendingResourceStatusUpdate{ + ID: tcpRoute.Resource.Id, + Generation: tcpRoute.Resource.Generation, + NewConditions: []*pbresource.Condition{ + ConditionConflictNotBoundToParentRef( + apiServiceRef, + "http", + pbmesh.HTTPRouteType, + ), + }, + } - t.Run("stale-weird: parent ref uses invalid port", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } + run(t, related, expect, expectPending) + }) + + t.Run("two http routes", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } - httpRoute1 := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - // Using bad parent port (www). - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "www"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "http", ""), - }}, - }}, - } + barServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"bar-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources( - newService("api", apiServiceData), - newService("foo", fooServiceData), - newHTTPRoute("api-http-route1", httpRoute1), - ) + httpRoute1 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/gir", + }, + }}, + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), + }}, + }}, + } - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, + httpRoute2 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/zim", }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/", - }, - }}, - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("api", "http"), - }}, - }}, - }, - }, - UsingDefaultConfig: true, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("api", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(apiServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, - }, - }, - }, - }, - }} - run(t, related, expect, nil) - }) - - t.Run("overlapping xRoutes", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - - httpRouteData := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - // Using bad parent port (www). - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "http", ""), - }}, - }}, - } - httpRoute := newHTTPRoute("api-http-route", httpRouteData) - - tcpRouteData := &pbmesh.TCPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - // Using bad parent port (www). - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), - }, - Rules: []*pbmesh.TCPRouteRule{{ - BackendRefs: []*pbmesh.TCPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "http", ""), - }}, - }}, - } - tcpRoute := newTCPRoute("api-tcp-route", tcpRouteData) - // Force them to have the same generation, so that we fall back on - // lexicographic sort on the names as tiebreaker. - // - // api-http-route < api-tcp-route - tcpRoute.Resource.Generation = httpRoute.Resource.Generation - - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources( - newService("api", apiServiceData), - newService("foo", fooServiceData), - httpRoute, - tcpRoute, - ) - - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - fooServiceRef, - resource.Reference(httpRoute.Resource.Id, ""), - resource.Reference(tcpRoute.Resource.Id, ""), - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - }, - }, - }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, - }, - }, - }, - }, - }} - - expectPending := make(PendingStatuses) - expectPending[resource.NewReferenceKey(tcpRoute.Resource.Id)] = &PendingResourceStatusUpdate{ - ID: tcpRoute.Resource.Id, - Generation: tcpRoute.Resource.Generation, - NewConditions: []*pbresource.Condition{ - ConditionConflictNotBoundToParentRef( - apiServiceRef, - "http", - pbmesh.HTTPRouteType, - ), - }, - } - - run(t, related, expect, expectPending) - }) - - t.Run("two http routes", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - - barServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"bar-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - - httpRoute1 := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/gir", - }, - }}, - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, - }}, - } - - httpRoute2 := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/zim", - }, - }}, - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(barServiceRef, "", ""), - }}, }}, - } - - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources( - newService("api", apiServiceData), - newService("foo", fooServiceData), - newService("bar", barServiceData), - newHTTPRoute("api-http-route1", httpRoute1), - newHTTPRoute("api-http-route2", httpRoute2), - ) - - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - barServiceRef, - fooServiceRef, - newRef(pbmesh.HTTPRouteType, "api-http-route1", tenancy), - newRef(pbmesh.HTTPRouteType, "api-http-route2", tenancy), - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/gir", - }, - }}, - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http"), - }}, - }, - { - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/zim", - }, - }}, - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("bar", "http"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - }, - }, - }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, - backendName("bar", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(barServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, - }, - }, - }, - }, - }} - run(t, related, expect, nil) - }) - - t.Run("http route with empty match path", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - - httpRoute1 := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: nil, - }}, - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(barServiceRef, "", ""), }}, - } - - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources( - newService("api", apiServiceData), - newService("foo", fooServiceData), - newHTTPRoute("api-http-route1", httpRoute1), - ) - - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - fooServiceRef, - newRef(pbmesh.HTTPRouteType, "api-http-route1", tenancy), - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http"), - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - }, - }, - }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, - }, - }, - }, - }, - }} - run(t, related, expect, nil) - }) - - t.Run("stale-weird: destination with no service", func(t *testing.T) { - t.Run("http", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } + }}, + } - httpRoute1 := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), - }, - Rules: []*pbmesh.HTTPRouteRule{{ - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, - }}, - } - - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources( - newService("api", apiServiceData), - newHTTPRoute("api-http-route1", httpRoute1), - ) - - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - newRef(pbmesh.HTTPRouteType, "api-http-route1", tenancy), - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - }, - }, - }, - }, - }, - }, - }} - run(t, related, expect, nil) - }) - t.Run("grpc", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - }, - } + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources( + newService("api", apiServiceData), + newService("foo", fooServiceData), + newService("bar", barServiceData), + newHTTPRoute("api-http-route1", httpRoute1), + newHTTPRoute("api-http-route2", httpRoute2), + ) - grpcRoute1 := &pbmesh.GRPCRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "grpc"), - }, - Rules: []*pbmesh.GRPCRouteRule{{ - BackendRefs: []*pbmesh.GRPCBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, - }}, - } - - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources( - newService("api", apiServiceData), - newGRPCRoute("api-grpc-route1", grpcRoute1), - ) - - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - newRef(pbmesh.GRPCRouteType, "api-grpc-route1", tenancy), - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "grpc": { - ParentRef: newParentRef(apiServiceRef, "grpc"), - Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, - Config: &pbmesh.ComputedPortRoutes_Grpc{ - Grpc: &pbmesh.ComputedGRPCRoute{ - Rules: []*pbmesh.ComputedGRPCRouteRule{ - { - Matches: defaultGRPCRouteMatches(), - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + barServiceRef, + fooServiceRef, + newRef(pbmesh.HTTPRouteType, "api-http-route1"), + newRef(pbmesh.HTTPRouteType, "api-http-route2"), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/gir", }, - { - Matches: defaultGRPCRouteMatches(), - BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, + }}, + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http"), + }}, + }, + { + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/zim", }, - }, + }}, + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("bar", "http"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), + }, + backendName("bar", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(barServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), + }, + }, }, - }} - run(t, related, expect, nil) - }) - t.Run("tcp", func(t *testing.T) { - apiServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"api-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - }, - } + }, + }, + }} + run(t, related, expect, nil) + }) + + t.Run("http route with empty match path", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } - tcpRoute1 := &pbmesh.TCPRoute{ - ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "tcp"), - }, - Rules: []*pbmesh.TCPRouteRule{{ - BackendRefs: []*pbmesh.TCPBackendRef{{ - BackendRef: newBackendRef(fooServiceRef, "", ""), - }}, - }}, - } - - related := loader.NewRelatedResources(). - AddComputedRoutesIDs(apiComputedRoutesID). - AddResources( - newService("api", apiServiceData), - newTCPRoute("api-tcp-route1", tcpRoute1), - ) - - expect := []*ComputedRoutesResult{{ - ID: apiComputedRoutesID, - OwnerID: apiServiceID, - Data: &pbmesh.ComputedRoutes{ - BoundReferences: []*pbresource.Reference{ - apiServiceRef, - newRef(pbmesh.TCPRouteType, "api-tcp-route1", tenancy), - }, - PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "tcp": { - ParentRef: newParentRef(apiServiceRef, "tcp"), - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - Config: &pbmesh.ComputedPortRoutes_Tcp{ - Tcp: &pbmesh.ComputedTCPRoute{ - Rules: []*pbmesh.ComputedTCPRouteRule{ - { - BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ - BackendTarget: types.NullRouteBackend, - }}, - }, - }, + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } + + httpRoute1 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: nil, + }}, + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), + }}, + }}, + } + + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources( + newService("api", apiServiceData), + newService("foo", fooServiceData), + newHTTPRoute("api-http-route1", httpRoute1), + ) + + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + newRef(pbmesh.HTTPRouteType, "api-http-route1"), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, }, }, }, }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), + }, + }, }, - }} - run(t, related, expect, nil) - }) - }) + }, + }, + }} + run(t, related, expect, nil) + }) - t.Run("stale-weird: http destination with service not in mesh", func(t *testing.T) { + t.Run("stale-weird: destination with no service", func(t *testing.T) { + t.Run("http", func(t *testing.T) { apiServiceData := &pbcatalog.Service{ Workloads: &pbcatalog.WorkloadSelector{ Prefixes: []string{"api-"}, @@ -1384,18 +1193,9 @@ func TestGenerateComputedRoutes(t *testing.T) { }, } - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - httpRoute1 := &pbmesh.HTTPRoute{ ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), }, Rules: []*pbmesh.HTTPRouteRule{{ BackendRefs: []*pbmesh.HTTPBackendRef{{ @@ -1408,7 +1208,6 @@ func TestGenerateComputedRoutes(t *testing.T) { AddComputedRoutesIDs(apiComputedRoutesID). AddResources( newService("api", apiServiceData), - newService("foo", fooServiceData), newHTTPRoute("api-http-route1", httpRoute1), ) @@ -1418,8 +1217,7 @@ func TestGenerateComputedRoutes(t *testing.T) { Data: &pbmesh.ComputedRoutes{ BoundReferences: []*pbresource.Reference{ apiServiceRef, - fooServiceRef, - newRef(pbmesh.HTTPRouteType, "api-http-route1", tenancy), + newRef(pbmesh.HTTPRouteType, "api-http-route1"), }, PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ "http": { @@ -1449,63 +1247,33 @@ func TestGenerateComputedRoutes(t *testing.T) { }} run(t, related, expect, nil) }) - - t.Run("http route with dest policy", func(t *testing.T) { + t.Run("grpc", func(t *testing.T) { apiServiceData := &pbcatalog.Service{ Workloads: &pbcatalog.WorkloadSelector{ Prefixes: []string{"api-"}, }, Ports: []*pbcatalog.ServicePort{ {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "grpc", Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, }, } - httpRoute1 := &pbmesh.HTTPRoute{ + grpcRoute1 := &pbmesh.GRPCRoute{ ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), + newParentRef(newRef(pbcatalog.ServiceType, "api"), "grpc"), }, - Rules: []*pbmesh.HTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/", - }, - }}, - BackendRefs: []*pbmesh.HTTPBackendRef{{ + Rules: []*pbmesh.GRPCRouteRule{{ + BackendRefs: []*pbmesh.GRPCBackendRef{{ BackendRef: newBackendRef(fooServiceRef, "", ""), }}, }}, } - destPolicy := &pbmesh.DestinationPolicy{ - PortConfigs: map[string]*pbmesh.DestinationConfig{ - "http": { - ConnectTimeout: durationpb.New(55 * time.Second), - }, - }, - } - portDestConfig := &pbmesh.DestinationConfig{ - ConnectTimeout: durationpb.New(55 * time.Second), - } - related := loader.NewRelatedResources(). AddComputedRoutesIDs(apiComputedRoutesID). AddResources( newService("api", apiServiceData), - newService("foo", fooServiceData), - newHTTPRoute("api-http-route1", httpRoute1), - newDestPolicy("foo", destPolicy), + newGRPCRoute("api-grpc-route1", grpcRoute1), ) expect := []*ComputedRoutesResult{{ @@ -1514,118 +1282,63 @@ func TestGenerateComputedRoutes(t *testing.T) { Data: &pbmesh.ComputedRoutes{ BoundReferences: []*pbresource.Reference{ apiServiceRef, - fooServiceRef, - newRef(pbmesh.DestinationPolicyType, "foo", tenancy), - newRef(pbmesh.HTTPRouteType, "api-http-route1", tenancy), + newRef(pbmesh.GRPCRouteType, "api-grpc-route1"), }, PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ + "grpc": { + ParentRef: newParentRef(apiServiceRef, "grpc"), + Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, + Config: &pbmesh.ComputedPortRoutes_Grpc{ + Grpc: &pbmesh.ComputedGRPCRoute{ + Rules: []*pbmesh.ComputedGRPCRouteRule{ { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http"), + Matches: defaultGRPCRouteMatches(), + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ + BackendTarget: types.NullRouteBackend, }}, }, { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + Matches: defaultGRPCRouteMatches(), + BackendRefs: []*pbmesh.ComputedGRPCBackendRef{{ BackendTarget: types.NullRouteBackend, }}, }, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http", ""), - DestinationConfig: portDestConfig, - }, - }, }, }, }, }} run(t, related, expect, nil) }) - - t.Run("http route with failover policy", func(t *testing.T) { + t.Run("tcp", func(t *testing.T) { apiServiceData := &pbcatalog.Service{ Workloads: &pbcatalog.WorkloadSelector{ Prefixes: []string{"api-"}, }, Ports: []*pbcatalog.ServicePort{ {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - - fooServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"foo-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - } - - barServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"bar-"}, - }, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, }, } - httpRoute1 := &pbmesh.HTTPRoute{ + tcpRoute1 := &pbmesh.TCPRoute{ ParentRefs: []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", tenancy), "http"), + newParentRef(newRef(pbcatalog.ServiceType, "api"), "tcp"), }, - Rules: []*pbmesh.HTTPRouteRule{{ - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/", - }, - }}, - BackendRefs: []*pbmesh.HTTPBackendRef{{ + Rules: []*pbmesh.TCPRouteRule{{ + BackendRefs: []*pbmesh.TCPBackendRef{{ BackendRef: newBackendRef(fooServiceRef, "", ""), }}, }}, } - failoverPolicy := &pbcatalog.FailoverPolicy{ - Config: &pbcatalog.FailoverConfig{ - Destinations: []*pbcatalog.FailoverDestination{ - {Ref: barServiceRef}, - {Ref: deadServiceRef}, // no service - }, - }, - } - portFailoverConfig := &pbmesh.ComputedFailoverConfig{ - Destinations: []*pbmesh.ComputedFailoverDestination{ - {BackendTarget: backendName("bar", "http")}, - // we skip the dead route - }, - } - related := loader.NewRelatedResources(). AddComputedRoutesIDs(apiComputedRoutesID). AddResources( newService("api", apiServiceData), - newService("foo", fooServiceData), - newService("bar", barServiceData), - newHTTPRoute("api-http-route1", httpRoute1), - newFailPolicy("foo", failoverPolicy), + newTCPRoute("api-tcp-route1", tcpRoute1), ) expect := []*ComputedRoutesResult{{ @@ -1633,54 +1346,339 @@ func TestGenerateComputedRoutes(t *testing.T) { OwnerID: apiServiceID, Data: &pbmesh.ComputedRoutes{ BoundReferences: []*pbresource.Reference{ - newRef(pbcatalog.FailoverPolicyType, "foo", tenancy), apiServiceRef, - barServiceRef, - fooServiceRef, - newRef(pbmesh.HTTPRouteType, "api-http-route1", tenancy), + newRef(pbmesh.TCPRouteType, "api-tcp-route1"), }, PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ - "http": { - Config: &pbmesh.ComputedPortRoutes_Http{ - Http: &pbmesh.ComputedHTTPRoute{ - Rules: []*pbmesh.ComputedHTTPRouteRule{ - { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ - BackendTarget: backendName("foo", "http"), - }}, - }, + "tcp": { + ParentRef: newParentRef(apiServiceRef, "tcp"), + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + Config: &pbmesh.ComputedPortRoutes_Tcp{ + Tcp: &pbmesh.ComputedTCPRoute{ + Rules: []*pbmesh.ComputedTCPRouteRule{ { - Matches: defaultHTTPRouteMatches(), - BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendRefs: []*pbmesh.ComputedTCPBackendRef{{ BackendTarget: types.NullRouteBackend, }}, }, }, }, }, - ParentRef: newParentRef(apiServiceRef, "http"), - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - Targets: map[string]*pbmesh.BackendTargetDetails{ - backendName("foo", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(fooServiceRef, "http", ""), - FailoverConfig: portFailoverConfig, - DestinationConfig: defaultDestConfig(), - }, - backendName("bar", "http"): { - Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_INDIRECT, - MeshPort: "mesh", - BackendRef: newBackendRef(barServiceRef, "http", ""), - DestinationConfig: defaultDestConfig(), - }, - }, }, }, }, }} run(t, related, expect, nil) }) - } + }) + + t.Run("stale-weird: http destination with service not in mesh", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } + + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } + + httpRoute1 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), + }}, + }}, + } + + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources( + newService("api", apiServiceData), + newService("foo", fooServiceData), + newHTTPRoute("api-http-route1", httpRoute1), + ) + + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + newRef(pbmesh.HTTPRouteType, "api-http-route1"), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, + }, + }, + }, + }, + }, + }, + }, + }} + run(t, related, expect, nil) + }) + + t.Run("http route with dest policy", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } + + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } + + httpRoute1 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/", + }, + }}, + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), + }}, + }}, + } + + destPolicy := &pbmesh.DestinationPolicy{ + PortConfigs: map[string]*pbmesh.DestinationConfig{ + "http": { + ConnectTimeout: durationpb.New(55 * time.Second), + }, + }, + } + portDestConfig := &pbmesh.DestinationConfig{ + ConnectTimeout: durationpb.New(55 * time.Second), + } + + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources( + newService("api", apiServiceData), + newService("foo", fooServiceData), + newHTTPRoute("api-http-route1", httpRoute1), + newDestPolicy("foo", destPolicy), + ) + + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + apiServiceRef, + fooServiceRef, + newRef(pbmesh.DestinationPolicyType, "foo"), + newRef(pbmesh.HTTPRouteType, "api-http-route1"), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, + }, + }, + }, + }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http", ""), + DestinationConfig: portDestConfig, + }, + }, + }, + }, + }, + }} + run(t, related, expect, nil) + }) + + t.Run("http route with failover policy", func(t *testing.T) { + apiServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"api-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } + + fooServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"foo-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } + + barServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"bar-"}, + }, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + } + + httpRoute1 := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{ + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), + }, + Rules: []*pbmesh.HTTPRouteRule{{ + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/", + }, + }}, + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: newBackendRef(fooServiceRef, "", ""), + }}, + }}, + } + + failoverPolicy := &pbcatalog.FailoverPolicy{ + Config: &pbcatalog.FailoverConfig{ + Destinations: []*pbcatalog.FailoverDestination{ + {Ref: barServiceRef}, + {Ref: deadServiceRef}, // no service + }, + }, + } + portFailoverConfig := &pbmesh.ComputedFailoverConfig{ + Destinations: []*pbmesh.ComputedFailoverDestination{ + {BackendTarget: backendName("bar", "http")}, + // we skip the dead route + }, + } + + related := loader.NewRelatedResources(). + AddComputedRoutesIDs(apiComputedRoutesID). + AddResources( + newService("api", apiServiceData), + newService("foo", fooServiceData), + newService("bar", barServiceData), + newHTTPRoute("api-http-route1", httpRoute1), + newFailPolicy("foo", failoverPolicy), + ) + + expect := []*ComputedRoutesResult{{ + ID: apiComputedRoutesID, + OwnerID: apiServiceID, + Data: &pbmesh.ComputedRoutes{ + BoundReferences: []*pbresource.Reference{ + newRef(pbcatalog.FailoverPolicyType, "foo"), + apiServiceRef, + barServiceRef, + fooServiceRef, + newRef(pbmesh.HTTPRouteType, "api-http-route1"), + }, + PortedConfigs: map[string]*pbmesh.ComputedPortRoutes{ + "http": { + Config: &pbmesh.ComputedPortRoutes_Http{ + Http: &pbmesh.ComputedHTTPRoute{ + Rules: []*pbmesh.ComputedHTTPRouteRule{ + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: backendName("foo", "http"), + }}, + }, + { + Matches: defaultHTTPRouteMatches(), + BackendRefs: []*pbmesh.ComputedHTTPBackendRef{{ + BackendTarget: types.NullRouteBackend, + }}, + }, + }, + }, + }, + ParentRef: newParentRef(apiServiceRef, "http"), + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + Targets: map[string]*pbmesh.BackendTargetDetails{ + backendName("foo", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_DIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(fooServiceRef, "http", ""), + FailoverConfig: portFailoverConfig, + DestinationConfig: defaultDestConfig(), + }, + backendName("bar", "http"): { + Type: pbmesh.BackendTargetDetailsType_BACKEND_TARGET_DETAILS_TYPE_INDIRECT, + MeshPort: "mesh", + BackendRef: newBackendRef(barServiceRef, "http", ""), + DestinationConfig: defaultDestConfig(), + }, + }, + }, + }, + }, + }} + run(t, related, expect, nil) + }) } diff --git a/internal/mesh/internal/controllers/routes/loader/loader_test.go b/internal/mesh/internal/controllers/routes/loader/loader_test.go index 0db050fee6425..a665635d05f7f 100644 --- a/internal/mesh/internal/controllers/routes/loader/loader_test.go +++ b/internal/mesh/internal/controllers/routes/loader/loader_test.go @@ -7,10 +7,11 @@ import ( "testing" "time" + "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/require" "google.golang.org/protobuf/types/known/durationpb" - "github.com/hashicorp/go-hclog" + pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" "github.com/hashicorp/consul/internal/catalog" @@ -20,7 +21,6 @@ import ( "github.com/hashicorp/consul/internal/resource" rtest "github.com/hashicorp/consul/internal/resource/resourcetest" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/proto/private/prototest" "github.com/hashicorp/consul/sdk/testutil" @@ -28,9 +28,7 @@ import ( func TestLoadResourcesForComputedRoutes(t *testing.T) { ctx := testutil.TestContext(t) - rclient := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - Run(t) + rclient := svctest.RunResourceService(t, types.Register, catalog.RegisterTypes) rt := controller.Runtime{ Client: rclient, Logger: testutil.Logger(t), diff --git a/internal/mesh/internal/controllers/routes/ref_validation_test.go b/internal/mesh/internal/controllers/routes/ref_validation_test.go index 71933a2a5d935..3f6db4207865b 100644 --- a/internal/mesh/internal/controllers/routes/ref_validation_test.go +++ b/internal/mesh/internal/controllers/routes/ref_validation_test.go @@ -52,11 +52,11 @@ func TestComputeNewRouteRefConditions(t *testing.T) { t.Run("with no service", func(t *testing.T) { sg := newTestServiceGetter() got := computeNewRouteRefConditions(sg, []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), ""), + newParentRef(newRef(pbcatalog.ServiceType, "api"), ""), }, nil) require.Len(t, got, 1) prototest.AssertContainsElement(t, got, ConditionMissingParentRef( - newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), + newRef(pbcatalog.ServiceType, "api"), )) }) @@ -65,11 +65,11 @@ func TestComputeNewRouteRefConditions(t *testing.T) { "http": pbcatalog.Protocol_PROTOCOL_HTTP, })) got := computeNewRouteRefConditions(sg, []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), ""), + newParentRef(newRef(pbcatalog.ServiceType, "api"), ""), }, nil) require.Len(t, got, 1) prototest.AssertContainsElement(t, got, ConditionParentRefOutsideMesh( - newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), + newRef(pbcatalog.ServiceType, "api"), )) }) @@ -79,11 +79,11 @@ func TestComputeNewRouteRefConditions(t *testing.T) { "mesh": pbcatalog.Protocol_PROTOCOL_MESH, })) got := computeNewRouteRefConditions(sg, []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), "mesh"), + newParentRef(newRef(pbcatalog.ServiceType, "api"), "mesh"), }, nil) require.Len(t, got, 1) prototest.AssertContainsElement(t, got, ConditionParentRefUsingMeshPort( - newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), + newRef(pbcatalog.ServiceType, "api"), "mesh", )) }) @@ -94,11 +94,11 @@ func TestComputeNewRouteRefConditions(t *testing.T) { "mesh": pbcatalog.Protocol_PROTOCOL_MESH, })) got := computeNewRouteRefConditions(sg, []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), "web"), + newParentRef(newRef(pbcatalog.ServiceType, "api"), "web"), }, nil) require.Len(t, got, 1) prototest.AssertContainsElement(t, got, ConditionUnknownParentRefPort( - newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), + newRef(pbcatalog.ServiceType, "api"), "web", )) }) @@ -109,7 +109,7 @@ func TestComputeNewRouteRefConditions(t *testing.T) { "mesh": pbcatalog.Protocol_PROTOCOL_MESH, })) got := computeNewRouteRefConditions(sg, []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), ""), + newParentRef(newRef(pbcatalog.ServiceType, "api"), ""), }, nil) require.Empty(t, got) }) @@ -120,7 +120,7 @@ func TestComputeNewRouteRefConditions(t *testing.T) { "mesh": pbcatalog.Protocol_PROTOCOL_MESH, })) got := computeNewRouteRefConditions(sg, []*pbmesh.ParentReference{ - newParentRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), "http"), + newParentRef(newRef(pbcatalog.ServiceType, "api"), "http"), }, nil) require.Empty(t, got) }) @@ -130,11 +130,11 @@ func TestComputeNewRouteRefConditions(t *testing.T) { t.Run("with no service", func(t *testing.T) { sg := newTestServiceGetter() got := computeNewRouteRefConditions(sg, nil, []*pbmesh.BackendReference{ - newBackendRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), "", ""), + newBackendRef(newRef(pbcatalog.ServiceType, "api"), "", ""), }) require.Len(t, got, 1) prototest.AssertContainsElement(t, got, ConditionMissingBackendRef( - newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), + newRef(pbcatalog.ServiceType, "api"), )) }) @@ -143,11 +143,11 @@ func TestComputeNewRouteRefConditions(t *testing.T) { "http": pbcatalog.Protocol_PROTOCOL_HTTP, })) got := computeNewRouteRefConditions(sg, nil, []*pbmesh.BackendReference{ - newBackendRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), "", ""), + newBackendRef(newRef(pbcatalog.ServiceType, "api"), "", ""), }) require.Len(t, got, 1) prototest.AssertContainsElement(t, got, ConditionBackendRefOutsideMesh( - newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), + newRef(pbcatalog.ServiceType, "api"), )) }) @@ -157,11 +157,11 @@ func TestComputeNewRouteRefConditions(t *testing.T) { "mesh": pbcatalog.Protocol_PROTOCOL_MESH, })) got := computeNewRouteRefConditions(sg, nil, []*pbmesh.BackendReference{ - newBackendRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), "mesh", ""), + newBackendRef(newRef(pbcatalog.ServiceType, "api"), "mesh", ""), }) require.Len(t, got, 1) prototest.AssertContainsElement(t, got, ConditionBackendRefUsingMeshPort( - newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), + newRef(pbcatalog.ServiceType, "api"), "mesh", )) }) @@ -172,11 +172,11 @@ func TestComputeNewRouteRefConditions(t *testing.T) { "mesh": pbcatalog.Protocol_PROTOCOL_MESH, })) got := computeNewRouteRefConditions(sg, nil, []*pbmesh.BackendReference{ - newBackendRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), "web", ""), + newBackendRef(newRef(pbcatalog.ServiceType, "api"), "web", ""), }) require.Len(t, got, 1) prototest.AssertContainsElement(t, got, ConditionUnknownBackendRefPort( - newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), + newRef(pbcatalog.ServiceType, "api"), "web", )) }) @@ -187,7 +187,7 @@ func TestComputeNewRouteRefConditions(t *testing.T) { "mesh": pbcatalog.Protocol_PROTOCOL_MESH, })) got := computeNewRouteRefConditions(sg, nil, []*pbmesh.BackendReference{ - newBackendRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), "", ""), + newBackendRef(newRef(pbcatalog.ServiceType, "api"), "", ""), }) require.Empty(t, got) }) @@ -198,20 +198,16 @@ func TestComputeNewRouteRefConditions(t *testing.T) { "mesh": pbcatalog.Protocol_PROTOCOL_MESH, })) got := computeNewRouteRefConditions(sg, nil, []*pbmesh.BackendReference{ - newBackendRef(newRef(pbcatalog.ServiceType, "api", resource.DefaultNamespacedTenancy()), "http", ""), + newBackendRef(newRef(pbcatalog.ServiceType, "api"), "http", ""), }) require.Empty(t, got) }) }) } -func newRef(typ *pbresource.Type, name string, tenancy *pbresource.Tenancy) *pbresource.Reference { - if tenancy == nil { - tenancy = resource.DefaultNamespacedTenancy() - } - +func newRef(typ *pbresource.Type, name string) *pbresource.Reference { return rtest.Resource(typ, name). - WithTenancy(tenancy). + WithTenancy(resource.DefaultNamespacedTenancy()). Reference("") } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/destination_multiport_test.go b/internal/mesh/internal/controllers/sidecarproxy/builder/destination_multiport_test.go index 5c9098d28ffd0..289c8c76548e1 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/destination_multiport_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/destination_multiport_test.go @@ -10,6 +10,8 @@ import ( "github.com/stretchr/testify/require" + pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/internal/mesh/internal/controllers/routes/routestest" "github.com/hashicorp/consul/internal/mesh/internal/types" "github.com/hashicorp/consul/internal/mesh/internal/types/intermediate" @@ -17,247 +19,243 @@ import ( "github.com/hashicorp/consul/internal/resource/resourcetest" "github.com/hashicorp/consul/internal/testing/golden" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" ) func TestBuildMultiportImplicitDestinations(t *testing.T) { + // TODO(rb/v2): add a fetchertest package to construct implicit upstreams + // correctly from inputs. the following is far too manual and error prone + // to be an accurate representation of what implicit upstreams look like. const ( apiApp = "api-app" apiApp2 = "api-app2" trustDomain = "foo.consul" datacenter = "dc1" ) - - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - // TODO(rb/v2): add a fetchertest package to construct implicit upstreams - // correctly from inputs. the following is far too manual and error prone - // to be an accurate representation of what implicit upstreams look like. - proxyCfg := &pbmesh.ComputedProxyConfiguration{ - DynamicConfig: &pbmesh.DynamicConfig{ - Mode: pbmesh.ProxyMode_PROXY_MODE_TRANSPARENT, - TransparentProxy: &pbmesh.TransparentProxy{ - OutboundListenerPort: 15001, - }, + proxyCfg := &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{ + Mode: pbmesh.ProxyMode_PROXY_MODE_TRANSPARENT, + TransparentProxy: &pbmesh.TransparentProxy{ + OutboundListenerPort: 15001, }, - } + }, + } - multiportServiceData := &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "tcp", - VirtualPort: 7070, - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - }, - { - TargetPort: "tcp2", - VirtualPort: 8081, - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, - }, - { - TargetPort: "http", - VirtualPort: 8080, - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, - { - TargetPort: "mesh", - VirtualPort: 20000, - Protocol: pbcatalog.Protocol_PROTOCOL_MESH, - }, + multiportServiceData := &pbcatalog.Service{ + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "tcp", + VirtualPort: 7070, + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, }, - } + { + TargetPort: "tcp2", + VirtualPort: 8081, + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + }, + { + TargetPort: "http", + VirtualPort: 8080, + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, + }, + { + TargetPort: "mesh", + VirtualPort: 20000, + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, + }, + }, + } - multiportEndpointsData := &pbcatalog.ServiceEndpoints{ - Endpoints: []*pbcatalog.Endpoint{ - { - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: "10.0.0.1"}, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, + multiportEndpointsData := &pbcatalog.ServiceEndpoints{ + Endpoints: []*pbcatalog.Endpoint{ + { + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "10.0.0.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, }, }, - } - apiAppService := resourcetest.Resource(pbcatalog.ServiceType, apiApp). - WithTenancy(tenancy). - WithData(t, multiportServiceData). - Build() + }, + } + apiAppService := resourcetest.Resource(pbcatalog.ServiceType, apiApp). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, multiportServiceData). + Build() - apiApp2Service := resourcetest.Resource(pbcatalog.ServiceType, apiApp2). - WithTenancy(tenancy). - WithData(t, multiportServiceData). - Build() + apiApp2Service := resourcetest.Resource(pbcatalog.ServiceType, apiApp2). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, multiportServiceData). + Build() - apiAppEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, apiApp). - WithOwner(apiAppService.Id). - WithData(t, multiportEndpointsData). - WithTenancy(tenancy).Build() + apiAppEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, apiApp). + WithOwner(apiAppService.Id). + WithData(t, multiportEndpointsData). + WithTenancy(resource.DefaultNamespacedTenancy()).Build() - apiApp2Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, apiApp2). - WithOwner(apiApp2Service.Id). - WithData(t, multiportEndpointsData). - WithTenancy(tenancy).Build() + apiApp2Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, apiApp2). + WithOwner(apiApp2Service.Id). + WithData(t, multiportEndpointsData). + WithTenancy(resource.DefaultNamespacedTenancy()).Build() - mwEndpointsData := &pbcatalog.ServiceEndpoints{ // variant on apiAppEndpoints - Endpoints: []*pbcatalog.Endpoint{ - { - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: "10.0.0.1"}, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, + mwEndpointsData := &pbcatalog.ServiceEndpoints{ // variant on apiAppEndpoints + Endpoints: []*pbcatalog.Endpoint{ + { + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "10.0.0.1"}, }, - { - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: "10.0.0.2"}, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, }, }, - } - mwEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, apiApp). - WithOwner(apiAppService.Id). - WithData(t, mwEndpointsData). - WithTenancy(tenancy).Build() + { + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "10.0.0.2"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + }, + }, + } + mwEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, apiApp). + WithOwner(apiAppService.Id). + WithData(t, mwEndpointsData). + WithTenancy(resource.DefaultNamespacedTenancy()).Build() - apiAppIdentity := &pbresource.Reference{ - Name: fmt.Sprintf("%s-identity", apiApp), - Tenancy: apiAppEndpoints.Id.Tenancy, - } + apiAppIdentity := &pbresource.Reference{ + Name: fmt.Sprintf("%s-identity", apiApp), + Tenancy: apiAppEndpoints.Id.Tenancy, + } - apiApp2Identity := &pbresource.Reference{ - Name: fmt.Sprintf("%s-identity", apiApp2), - Tenancy: apiApp2Endpoints.Id.Tenancy, - } + apiApp2Identity := &pbresource.Reference{ + Name: fmt.Sprintf("%s-identity", apiApp2), + Tenancy: apiApp2Endpoints.Id.Tenancy, + } - apiAppComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, apiAppService.Id) - apiAppComputedRoutes := routestest.BuildComputedRoutes(t, apiAppComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, apiAppService), - ) - require.NotNil(t, apiAppComputedRoutes) + apiAppComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, apiAppService.Id) + apiAppComputedRoutes := routestest.BuildComputedRoutes(t, apiAppComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](t, apiAppService), + ) + require.NotNil(t, apiAppComputedRoutes) - apiApp2ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, apiApp2Service.Id) - apiApp2ComputedRoutes := routestest.BuildComputedRoutes(t, apiApp2ComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, apiApp2Service), - ) - require.NotNil(t, apiApp2ComputedRoutes) + apiApp2ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, apiApp2Service.Id) + apiApp2ComputedRoutes := routestest.BuildComputedRoutes(t, apiApp2ComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](t, apiApp2Service), + ) + require.NotNil(t, apiApp2ComputedRoutes) - newImplicitDestination := func( - svc *pbresource.Resource, - endpoints *pbresource.Resource, - computedRoutes *types.DecodedComputedRoutes, - identities []*pbresource.Reference, - virtualIPs []string, - ) []*intermediate.Destination { - svcDec := resourcetest.MustDecode[*pbcatalog.Service](t, svc) - seDec := resourcetest.MustDecode[*pbcatalog.ServiceEndpoints](t, endpoints) + newImplicitDestination := func( + svc *pbresource.Resource, + endpoints *pbresource.Resource, + computedRoutes *types.DecodedComputedRoutes, + identities []*pbresource.Reference, + virtualIPs []string, + ) []*intermediate.Destination { + svcDec := resourcetest.MustDecode[*pbcatalog.Service](t, svc) + seDec := resourcetest.MustDecode[*pbcatalog.ServiceEndpoints](t, endpoints) - var out []*intermediate.Destination - for _, port := range svcDec.Data.Ports { - portName := port.TargetPort - if port.Protocol == pbcatalog.Protocol_PROTOCOL_MESH { - continue - } + var out []*intermediate.Destination + for _, port := range svcDec.Data.Ports { + portName := port.TargetPort + if port.Protocol == pbcatalog.Protocol_PROTOCOL_MESH { + continue + } - dest := &intermediate.Destination{ - Service: svcDec, - ComputedPortRoutes: routestest.MutateTargets(t, computedRoutes.Data, portName, func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(svc.Id, details.BackendRef.Ref) && details.BackendRef.Port == portName: - details.ServiceEndpointsId = endpoints.Id - details.ServiceEndpoints = seDec.Data - details.IdentityRefs = identities - } - }), - VirtualIPs: virtualIPs, - } - out = append(out, dest) + dest := &intermediate.Destination{ + Service: svcDec, + ComputedPortRoutes: routestest.MutateTargets(t, computedRoutes.Data, portName, func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(svc.Id, details.BackendRef.Ref) && details.BackendRef.Port == portName: + details.ServiceEndpointsId = endpoints.Id + details.ServiceEndpoints = seDec.Data + details.IdentityRefs = identities + } + }), + VirtualIPs: virtualIPs, } - return out + out = append(out, dest) } + return out + } - apiAppDestinations := newImplicitDestination( - apiAppService, - apiAppEndpoints, - apiAppComputedRoutes, - []*pbresource.Reference{apiAppIdentity}, - []string{"1.1.1.1"}, - ) - - apiApp2Destinations := newImplicitDestination( - apiApp2Service, - apiApp2Endpoints, - apiApp2ComputedRoutes, - []*pbresource.Reference{apiApp2Identity}, - []string{"2.2.2.2", "3.3.3.3"}, - ) + apiAppDestinations := newImplicitDestination( + apiAppService, + apiAppEndpoints, + apiAppComputedRoutes, + []*pbresource.Reference{apiAppIdentity}, + []string{"1.1.1.1"}, + ) - mwDestinations := newImplicitDestination( - apiAppService, - mwEndpoints, - apiAppComputedRoutes, - []*pbresource.Reference{apiAppIdentity}, - []string{"1.1.1.1"}, - ) + apiApp2Destinations := newImplicitDestination( + apiApp2Service, + apiApp2Endpoints, + apiApp2ComputedRoutes, + []*pbresource.Reference{apiApp2Identity}, + []string{"2.2.2.2", "3.3.3.3"}, + ) - twoImplicitDestinations := append( - append([]*intermediate.Destination{}, apiAppDestinations...), - apiApp2Destinations..., - ) + mwDestinations := newImplicitDestination( + apiAppService, + mwEndpoints, + apiAppComputedRoutes, + []*pbresource.Reference{apiAppIdentity}, + []string{"1.1.1.1"}, + ) - cases := map[string]struct { - getDestinations func() []*intermediate.Destination - }{ - // Most basic test that multiport configuration works - "destination/multiport-l4-and-l7-single-implicit-destination-tproxy": { - getDestinations: func() []*intermediate.Destination { return apiAppDestinations }, - }, - // Test shows that with multiple workloads for a service exposing the same ports, the routers - // and clusters do not get duplicated. - "destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy": { - getDestinations: func() []*intermediate.Destination { return mwDestinations }, - }, - // Test shows that with multiple workloads for a service exposing the same ports, the routers - // and clusters do not get duplicated. - "destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy": { - getDestinations: func() []*intermediate.Destination { return twoImplicitDestinations }, - }, - } + twoImplicitDestinations := append( + append([]*intermediate.Destination{}, apiAppDestinations...), + apiApp2Destinations..., + ) - for name, c := range cases { - t.Run(resourcetest.AppendTenancyInfoSubtest(t.Name(), name, tenancy), func(t *testing.T) { - proxyTmpl := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), trustDomain, datacenter, false, proxyCfg). - BuildDestinations(c.getDestinations()). - Build() + cases := map[string]struct { + getDestinations func() []*intermediate.Destination + }{ + // Most basic test that multiport configuration works + "destination/multiport-l4-and-l7-single-implicit-destination-tproxy": { + getDestinations: func() []*intermediate.Destination { return apiAppDestinations }, + }, + // Test shows that with multiple workloads for a service exposing the same ports, the routers + // and clusters do not get duplicated. + "destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy": { + getDestinations: func() []*intermediate.Destination { return mwDestinations }, + }, + // Test shows that with multiple workloads for a service exposing the same ports, the routers + // and clusters do not get duplicated. + "destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy": { + getDestinations: func() []*intermediate.Destination { return twoImplicitDestinations }, + }, + } - // sort routers because of test flakes where order was flip flopping. - actualRouters := proxyTmpl.ProxyState.Listeners[0].Routers - sort.Slice(actualRouters, func(i, j int) bool { - return actualRouters[i].String() < actualRouters[j].String() - }) + for name, c := range cases { + t.Run(name, func(t *testing.T) { + proxyTmpl := New(testProxyStateTemplateID(), testIdentityRef(), trustDomain, datacenter, false, proxyCfg). + BuildDestinations(c.getDestinations()). + Build() - actual := protoToJSON(t, proxyTmpl) - expected := JSONToProxyTemplate(t, golden.GetBytes(t, actual, name+"-"+tenancy.Partition+"-"+tenancy.Namespace+".golden")) + // sort routers because of test flakes where order was flip flopping. + actualRouters := proxyTmpl.ProxyState.Listeners[0].Routers + sort.Slice(actualRouters, func(i, j int) bool { + return actualRouters[i].String() < actualRouters[j].String() + }) - // sort routers on listener from golden file - expectedRouters := expected.ProxyState.Listeners[0].Routers - sort.Slice(expectedRouters, func(i, j int) bool { - return expectedRouters[i].String() < expectedRouters[j].String() - }) + actual := protoToJSON(t, proxyTmpl) + expected := JSONToProxyTemplate(t, golden.GetBytes(t, actual, name+".golden")) - // convert back to json after sorting so that test output does not contain extraneous fields. - require.Equal(t, protoToJSON(t, expected), protoToJSON(t, proxyTmpl)) + // sort routers on listener from golden file + expectedRouters := expected.ProxyState.Listeners[0].Routers + sort.Slice(expectedRouters, func(i, j int) bool { + return expectedRouters[i].String() < expectedRouters[j].String() }) - } - }, t) + + // convert back to json after sorting so that test output does not contain extraneous fields. + require.Equal(t, protoToJSON(t, expected), protoToJSON(t, proxyTmpl)) + }) + } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/destinations.go b/internal/mesh/internal/controllers/sidecarproxy/builder/destinations.go index c078c3273e439..aea4360b83108 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/destinations.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/destinations.go @@ -248,7 +248,7 @@ func (b *Builder) buildDestination( panic(fmt.Sprintf("it should not be possible to have a tcp protocol here: %v", effectiveProtocol)) } - rb := lb.addL7Router(routeName, statPrefix, effectiveProtocol) + rb := lb.addL7Router(routeName, "", effectiveProtocol) if destination.Explicit == nil { rb.addIPAndPortMatch(destination.VirtualIPs, virtualPortNumber) } @@ -290,6 +290,7 @@ func (b *Builder) buildDestination( clusterName := fmt.Sprintf("%s.%s", portName, sni) egName := "" + if details.FailoverConfig != nil { egName = fmt.Sprintf("%s%d~%s", xdscommon.FailoverClusterNamePrefix, 0, clusterName) } @@ -372,7 +373,7 @@ func (b *ListenerBuilder) addL4RouterForDirect(clusterName, statPrefix string) * router := &pbproxystate.Router{} if statPrefix == "" { - statPrefix = fmt.Sprintf("upstream.%s", clusterName) + statPrefix = "upstream." } router.Destination = &pbproxystate.Router_L4{ diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/destinations_test.go b/internal/mesh/internal/controllers/sidecarproxy/builder/destinations_test.go index a6bfe7e305dca..c6b5a76592549 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/destinations_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/destinations_test.go @@ -71,167 +71,97 @@ func TestBuildExplicitDestinations(t *testing.T) { types.Register(registry) catalog.RegisterTypes(registry) - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - api1Service := resourcetest.Resource(pbcatalog.ServiceType, "api-1"). - WithTenancy(tenancy). - WithData(t, serviceData). - Build() - - api2Service := resourcetest.Resource(pbcatalog.ServiceType, "api-2"). - WithTenancy(tenancy). - WithData(t, serviceData). - Build() - - api3Service := resourcetest.Resource(pbcatalog.ServiceType, "api-3"). - WithTenancy(tenancy). - WithData(t, serviceData). - Build() - - backup1Service := resourcetest.Resource(pbcatalog.ServiceType, "backup-1"). - WithTenancy(tenancy). - WithData(t, serviceData). - Build() - - for _, res := range []*pbresource.Resource{ - api1Service, api2Service, api3Service, backup1Service, - } { - resourcetest.ValidateAndNormalize(t, registry, res) - } - - api1Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-1"). - WithTenancy(tenancy). - WithData(t, endpointsData). - Build() - - api2Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-2"). - WithTenancy(tenancy). - WithData(t, endpointsData). - Build() - - backup1Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "backup-1"). - WithTenancy(tenancy). - WithData(t, endpointsData). - Build() - - for _, res := range []*pbresource.Resource{ - api1Endpoints, api2Endpoints, backup1Endpoints, - } { - resourcetest.ValidateAndNormalize(t, registry, res) - } - - api1Identity := &pbresource.Reference{ - Name: "api1-identity", - Tenancy: api1Endpoints.Id.Tenancy, - } - - api2Identity := &pbresource.Reference{ - Name: "api2-identity", - Tenancy: api2Endpoints.Id.Tenancy, - } - - backup1Identity := &pbresource.Reference{ - Name: "backup1-identity", - Tenancy: backup1Endpoints.Id.Tenancy, - } - - api1DestPolicy := resourcetest.Resource(pbmesh.DestinationPolicyType, api1Service.Id.Name). - WithTenancy(api1Service.Id.GetTenancy()). - WithData(t, &pbmesh.DestinationPolicy{ - PortConfigs: map[string]*pbmesh.DestinationConfig{ - "http": { - ConnectTimeout: durationpb.New(55 * time.Second), - RequestTimeout: durationpb.New(77 * time.Second), - // LoadBalancer *LoadBalancer `protobuf:"bytes,3,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"` - }, + api1Service := resourcetest.Resource(pbcatalog.ServiceType, "api-1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, serviceData). + Build() + + api2Service := resourcetest.Resource(pbcatalog.ServiceType, "api-2"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, serviceData). + Build() + + api3Service := resourcetest.Resource(pbcatalog.ServiceType, "api-3"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, serviceData). + Build() + + backup1Service := resourcetest.Resource(pbcatalog.ServiceType, "backup-1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, serviceData). + Build() + + for _, res := range []*pbresource.Resource{ + api1Service, api2Service, api3Service, backup1Service, + } { + resourcetest.ValidateAndNormalize(t, registry, res) + } + + api1Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, endpointsData). + Build() + + api2Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-2"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, endpointsData). + Build() + + backup1Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "backup-1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, endpointsData). + Build() + + for _, res := range []*pbresource.Resource{ + api1Endpoints, api2Endpoints, backup1Endpoints, + } { + resourcetest.ValidateAndNormalize(t, registry, res) + } + + api1Identity := &pbresource.Reference{ + Name: "api1-identity", + Tenancy: api1Endpoints.Id.Tenancy, + } + + api2Identity := &pbresource.Reference{ + Name: "api2-identity", + Tenancy: api2Endpoints.Id.Tenancy, + } + + backup1Identity := &pbresource.Reference{ + Name: "backup1-identity", + Tenancy: backup1Endpoints.Id.Tenancy, + } + + api1DestPolicy := resourcetest.Resource(pbmesh.DestinationPolicyType, api1Service.Id.Name). + WithTenancy(api1Service.Id.GetTenancy()). + WithData(t, &pbmesh.DestinationPolicy{ + PortConfigs: map[string]*pbmesh.DestinationConfig{ + "http": { + ConnectTimeout: durationpb.New(55 * time.Second), + RequestTimeout: durationpb.New(77 * time.Second), + // LoadBalancer *LoadBalancer `protobuf:"bytes,3,opt,name=load_balancer,json=loadBalancer,proto3" json:"load_balancer,omitempty"` }, - }). - Build() - - api1HTTPRoute := resourcetest.Resource(pbmesh.HTTPRouteType, "api-1-http-route"). - WithTenancy(tenancy). - WithData(t, &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{{ - Ref: resource.Reference(api1Service.Id, ""), - Port: "http", - }}, - Rules: []*pbmesh.HTTPRouteRule{ - { - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/split", - }, - }}, - BackendRefs: []*pbmesh.HTTPBackendRef{ - { - BackendRef: &pbmesh.BackendReference{ - Ref: resource.Reference(api2Service.Id, ""), - }, - Weight: 60, - }, - { - BackendRef: &pbmesh.BackendReference{ - Ref: resource.Reference(api1Service.Id, ""), - }, - Weight: 40, - }, - { - BackendRef: &pbmesh.BackendReference{ - Ref: resource.Reference(api3Service.Id, ""), - }, - Weight: 10, - }, - }, - }, - { - Matches: []*pbmesh.HTTPRouteMatch{{ - Path: &pbmesh.HTTPPathMatch{ - Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, - Value: "/", - }, - }}, - BackendRefs: []*pbmesh.HTTPBackendRef{{ - BackendRef: &pbmesh.BackendReference{ - Ref: resource.Reference(api1Service.Id, ""), - }, - }}, - Timeouts: &pbmesh.HTTPRouteTimeouts{ - Request: durationpb.New(606 * time.Second), // differnet than the 77s - }, - Retries: &pbmesh.HTTPRouteRetries{ - Number: wrapperspb.UInt32(4), - OnConnectFailure: true, + }, + }). + Build() + + api1HTTPRoute := resourcetest.Resource(pbmesh.HTTPRouteType, "api-1-http-route"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{{ + Ref: resource.Reference(api1Service.Id, ""), + Port: "http", + }}, + Rules: []*pbmesh.HTTPRouteRule{ + { + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/split", }, - }, - }, - }). - Build() - resourcetest.ValidateAndNormalize(t, registry, api1HTTPRoute) - - api1FailoverPolicy := resourcetest.Resource(pbcatalog.FailoverPolicyType, "api-1"). - WithTenancy(tenancy). - WithData(t, &pbcatalog.FailoverPolicy{ - PortConfigs: map[string]*pbcatalog.FailoverConfig{ - "http": { - Destinations: []*pbcatalog.FailoverDestination{{ - Ref: resource.Reference(backup1Service.Id, ""), - Port: "http", - }}, - }, - }, - }). - Build() - resourcetest.ValidateAndNormalize(t, registry, api1FailoverPolicy) - - api1TCPRoute := resourcetest.Resource(pbmesh.TCPRouteType, "api-1-tcp-route"). - WithTenancy(tenancy). - WithData(t, &pbmesh.TCPRoute{ - ParentRefs: []*pbmesh.ParentReference{{ - Ref: resource.Reference(api1Service.Id, ""), - Port: "tcp", - }}, - Rules: []*pbmesh.TCPRouteRule{{ - BackendRefs: []*pbmesh.TCPBackendRef{ + }}, + BackendRefs: []*pbmesh.HTTPBackendRef{ { BackendRef: &pbmesh.BackendReference{ Ref: resource.Reference(api2Service.Id, ""), @@ -251,336 +181,401 @@ func TestBuildExplicitDestinations(t *testing.T) { Weight: 10, }, }, - }}, - }). - Build() - resourcetest.ValidateAndNormalize(t, registry, api1TCPRoute) - - api1TCP2Route := resourcetest.Resource(pbmesh.TCPRouteType, "api-1-tcp2-route"). - WithTenancy(tenancy). - WithData(t, &pbmesh.TCPRoute{ - ParentRefs: []*pbmesh.ParentReference{{ - Ref: resource.Reference(api1Service.Id, ""), - Port: "tcp2", - }}, - Rules: []*pbmesh.TCPRouteRule{{ - BackendRefs: []*pbmesh.TCPBackendRef{ - { - BackendRef: &pbmesh.BackendReference{ - Ref: resource.Reference(api2Service.Id, ""), - }, - Weight: 60, - }, - { - BackendRef: &pbmesh.BackendReference{ - Ref: resource.Reference(api1Service.Id, ""), - }, - Weight: 40, + }, + { + Matches: []*pbmesh.HTTPRouteMatch{{ + Path: &pbmesh.HTTPPathMatch{ + Type: pbmesh.PathMatchType_PATH_MATCH_TYPE_PREFIX, + Value: "/", }, - { - BackendRef: &pbmesh.BackendReference{ - Ref: resource.Reference(api3Service.Id, ""), - }, - Weight: 10, + }}, + BackendRefs: []*pbmesh.HTTPBackendRef{{ + BackendRef: &pbmesh.BackendReference{ + Ref: resource.Reference(api1Service.Id, ""), }, + }}, + Timeouts: &pbmesh.HTTPRouteTimeouts{ + Request: durationpb.New(606 * time.Second), // differnet than the 77s + }, + Retries: &pbmesh.HTTPRouteRetries{ + Number: wrapperspb.UInt32(4), + OnConnectFailure: true, }, - }}, - }). - Build() - - api1ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, api1Service.Id) - api1ComputedRoutes := routestest.BuildComputedRoutes(t, api1ComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), - resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), - resourcetest.MustDecode[*pbcatalog.Service](t, backup1Service), - // notably we do NOT include api3Service here so we trigger a null route to be generated - resourcetest.MustDecode[*pbmesh.DestinationPolicy](t, api1DestPolicy), - resourcetest.MustDecode[*pbmesh.HTTPRoute](t, api1HTTPRoute), - resourcetest.MustDecode[*pbmesh.TCPRoute](t, api1TCPRoute), - resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, api1FailoverPolicy), - resourcetest.MustDecode[*pbmesh.TCPRoute](t, api1TCP2Route), - ) - require.NotNil(t, api1ComputedRoutes) - - api2ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, api2Service.Id) - api2ComputedRoutes := routestest.BuildComputedRoutes(t, api2ComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), - ) - require.NotNil(t, api2ComputedRoutes) - - destinationIpPort := &intermediate.Destination{ - Explicit: &pbmesh.Destination{ - DestinationRef: resource.Reference(api1Endpoints.Id, ""), - DestinationPort: "tcp", - Datacenter: "dc1", - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{Ip: "1.1.1.1", Port: 1234}, - }, - }, - Service: resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), - ComputedPortRoutes: routestest.MutateTargets(t, api1ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": - details.ServiceEndpointsId = api1Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api1Identity} - case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": - details.ServiceEndpointsId = api2Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api2Identity} - } - }), - } - - destinationIpPort2 := &intermediate.Destination{ - Explicit: &pbmesh.Destination{ - DestinationRef: resource.Reference(api1Endpoints.Id, ""), - DestinationPort: "tcp2", - Datacenter: "dc1", - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{Ip: "1.1.1.1", Port: 2345}, }, }, - Service: resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), - ComputedPortRoutes: routestest.MutateTargets(t, api1ComputedRoutes.Data, "tcp2", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp2": - details.ServiceEndpointsId = api1Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api1Identity} - case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp2": - details.ServiceEndpointsId = api2Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api2Identity} - } - }), - } - - destinationUnix := &intermediate.Destination{ - Explicit: &pbmesh.Destination{ - DestinationRef: resource.Reference(api2Endpoints.Id, ""), - DestinationPort: "tcp", - Datacenter: "dc1", - ListenAddr: &pbmesh.Destination_Unix{ - Unix: &pbmesh.UnixSocketAddress{Path: "/path/to/socket", Mode: "0666"}, + }). + Build() + resourcetest.ValidateAndNormalize(t, registry, api1HTTPRoute) + + api1FailoverPolicy := resourcetest.Resource(pbcatalog.FailoverPolicyType, "api-1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, &pbcatalog.FailoverPolicy{ + PortConfigs: map[string]*pbcatalog.FailoverConfig{ + "http": { + Destinations: []*pbcatalog.FailoverDestination{{ + Ref: resource.Reference(backup1Service.Id, ""), + Port: "http", + }}, }, }, - Service: resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), - ComputedPortRoutes: routestest.MutateTargets(t, api2ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": - details.ServiceEndpointsId = api2Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api2Identity} - } - }), - } - - destinationUnix2 := &intermediate.Destination{ - Explicit: &pbmesh.Destination{ - DestinationRef: resource.Reference(api2Endpoints.Id, ""), - DestinationPort: "tcp2", - Datacenter: "dc1", - ListenAddr: &pbmesh.Destination_Unix{ - Unix: &pbmesh.UnixSocketAddress{Path: "/path/to/socket", Mode: "0666"}, + }). + Build() + resourcetest.ValidateAndNormalize(t, registry, api1FailoverPolicy) + + api1TCPRoute := resourcetest.Resource(pbmesh.TCPRouteType, "api-1-tcp-route"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, &pbmesh.TCPRoute{ + ParentRefs: []*pbmesh.ParentReference{{ + Ref: resource.Reference(api1Service.Id, ""), + Port: "tcp", + }}, + Rules: []*pbmesh.TCPRouteRule{{ + BackendRefs: []*pbmesh.TCPBackendRef{ + { + BackendRef: &pbmesh.BackendReference{ + Ref: resource.Reference(api2Service.Id, ""), + }, + Weight: 60, + }, + { + BackendRef: &pbmesh.BackendReference{ + Ref: resource.Reference(api1Service.Id, ""), + }, + Weight: 40, + }, + { + BackendRef: &pbmesh.BackendReference{ + Ref: resource.Reference(api3Service.Id, ""), + }, + Weight: 10, + }, }, - }, - Service: resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), - ComputedPortRoutes: routestest.MutateTargets(t, api2ComputedRoutes.Data, "tcp2", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp2": - details.ServiceEndpointsId = api2Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api2Identity} - } - }), - } - destinationIpPortHTTP := &intermediate.Destination{ - Explicit: &pbmesh.Destination{ - DestinationRef: resource.Reference(api1Endpoints.Id, ""), - DestinationPort: "http", - Datacenter: "dc1", - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{Ip: "1.1.1.1", Port: 1234}, + }}, + }). + Build() + resourcetest.ValidateAndNormalize(t, registry, api1TCPRoute) + + api1TCP2Route := resourcetest.Resource(pbmesh.TCPRouteType, "api-1-tcp2-route"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, &pbmesh.TCPRoute{ + ParentRefs: []*pbmesh.ParentReference{{ + Ref: resource.Reference(api1Service.Id, ""), + Port: "tcp2", + }}, + Rules: []*pbmesh.TCPRouteRule{{ + BackendRefs: []*pbmesh.TCPBackendRef{ + { + BackendRef: &pbmesh.BackendReference{ + Ref: resource.Reference(api2Service.Id, ""), + }, + Weight: 60, + }, + { + BackendRef: &pbmesh.BackendReference{ + Ref: resource.Reference(api1Service.Id, ""), + }, + Weight: 40, + }, + { + BackendRef: &pbmesh.BackendReference{ + Ref: resource.Reference(api3Service.Id, ""), + }, + Weight: 10, + }, }, + }}, + }). + Build() + + api1ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, api1Service.Id) + api1ComputedRoutes := routestest.BuildComputedRoutes(t, api1ComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), + resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), + resourcetest.MustDecode[*pbcatalog.Service](t, backup1Service), + // notably we do NOT include api3Service here so we trigger a null route to be generated + resourcetest.MustDecode[*pbmesh.DestinationPolicy](t, api1DestPolicy), + resourcetest.MustDecode[*pbmesh.HTTPRoute](t, api1HTTPRoute), + resourcetest.MustDecode[*pbmesh.TCPRoute](t, api1TCPRoute), + resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, api1FailoverPolicy), + resourcetest.MustDecode[*pbmesh.TCPRoute](t, api1TCP2Route), + ) + require.NotNil(t, api1ComputedRoutes) + + api2ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, api2Service.Id) + api2ComputedRoutes := routestest.BuildComputedRoutes(t, api2ComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), + ) + require.NotNil(t, api2ComputedRoutes) + + destinationIpPort := &intermediate.Destination{ + Explicit: &pbmesh.Destination{ + DestinationRef: resource.Reference(api1Endpoints.Id, ""), + DestinationPort: "tcp", + Datacenter: "dc1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{Ip: "1.1.1.1", Port: 1234}, }, - Service: resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), - ComputedPortRoutes: routestest.MutateTargets(t, api1ComputedRoutes.Data, "http", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "http": - details.ServiceEndpointsId = api1Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api1Identity} - case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "http": - details.ServiceEndpointsId = api2Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api2Identity} - case resource.ReferenceOrIDMatch(backup1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "http": - details.ServiceEndpointsId = backup1Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{backup1Identity} - } - }), - } - _ = backup1Identity - - cases := map[string]struct { - destinations []*intermediate.Destination - }{ - "destination/l4-single-destination-ip-port-bind-address": { - destinations: []*intermediate.Destination{destinationIpPort}, + }, + Service: resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), + ComputedPortRoutes: routestest.MutateTargets(t, api1ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": + details.ServiceEndpointsId = api1Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api1Identity} + case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": + details.ServiceEndpointsId = api2Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api2Identity} + } + }), + } + + destinationIpPort2 := &intermediate.Destination{ + Explicit: &pbmesh.Destination{ + DestinationRef: resource.Reference(api1Endpoints.Id, ""), + DestinationPort: "tcp2", + Datacenter: "dc1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{Ip: "1.1.1.1", Port: 2345}, }, - "destination/l4-single-destination-unix-socket-bind-address": { - destinations: []*intermediate.Destination{destinationUnix}, + }, + Service: resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), + ComputedPortRoutes: routestest.MutateTargets(t, api1ComputedRoutes.Data, "tcp2", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp2": + details.ServiceEndpointsId = api1Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api1Identity} + case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp2": + details.ServiceEndpointsId = api2Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api2Identity} + } + }), + } + + destinationUnix := &intermediate.Destination{ + Explicit: &pbmesh.Destination{ + DestinationRef: resource.Reference(api2Endpoints.Id, ""), + DestinationPort: "tcp", + Datacenter: "dc1", + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{Path: "/path/to/socket", Mode: "0666"}, }, - "destination/l4-multi-destination": { - destinations: []*intermediate.Destination{destinationIpPort, destinationUnix, destinationIpPort2, destinationUnix2}, + }, + Service: resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), + ComputedPortRoutes: routestest.MutateTargets(t, api2ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": + details.ServiceEndpointsId = api2Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api2Identity} + } + }), + } + + destinationUnix2 := &intermediate.Destination{ + Explicit: &pbmesh.Destination{ + DestinationRef: resource.Reference(api2Endpoints.Id, ""), + DestinationPort: "tcp2", + Datacenter: "dc1", + ListenAddr: &pbmesh.Destination_Unix{ + Unix: &pbmesh.UnixSocketAddress{Path: "/path/to/socket", Mode: "0666"}, }, - "destination/mixed-multi-destination": { - destinations: []*intermediate.Destination{destinationIpPort, destinationUnix, destinationIpPortHTTP}, + }, + Service: resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), + ComputedPortRoutes: routestest.MutateTargets(t, api2ComputedRoutes.Data, "tcp2", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp2": + details.ServiceEndpointsId = api2Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api2Identity} + } + }), + } + destinationIpPortHTTP := &intermediate.Destination{ + Explicit: &pbmesh.Destination{ + DestinationRef: resource.Reference(api1Endpoints.Id, ""), + DestinationPort: "http", + Datacenter: "dc1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{Ip: "1.1.1.1", Port: 1234}, }, - } + }, + Service: resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), + ComputedPortRoutes: routestest.MutateTargets(t, api1ComputedRoutes.Data, "http", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "http": + details.ServiceEndpointsId = api1Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api1Identity} + case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "http": + details.ServiceEndpointsId = api2Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api2Identity} + case resource.ReferenceOrIDMatch(backup1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "http": + details.ServiceEndpointsId = backup1Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{backup1Identity} + } + }), + } + _ = backup1Identity - for name, c := range cases { - t.Run(resourcetest.AppendTenancyInfoSubtest(t.Name(), name, tenancy), func(t *testing.T) { - proxyTmpl := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), "foo.consul", "dc1", false, nil). - BuildDestinations(c.destinations). - Build() + cases := map[string]struct { + destinations []*intermediate.Destination + }{ + "destination/l4-single-destination-ip-port-bind-address": { + destinations: []*intermediate.Destination{destinationIpPort}, + }, + "destination/l4-single-destination-unix-socket-bind-address": { + destinations: []*intermediate.Destination{destinationUnix}, + }, + "destination/l4-multi-destination": { + destinations: []*intermediate.Destination{destinationIpPort, destinationUnix, destinationIpPort2, destinationUnix2}, + }, + "destination/mixed-multi-destination": { + destinations: []*intermediate.Destination{destinationIpPort, destinationUnix, destinationIpPortHTTP}, + }, + } - actual := protoToJSON(t, proxyTmpl) - expected := golden.Get(t, actual, name+"-"+tenancy.Partition+"-"+tenancy.Namespace+".golden") + for name, c := range cases { + t.Run(name, func(t *testing.T) { + proxyTmpl := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", false, nil). + BuildDestinations(c.destinations). + Build() - require.JSONEq(t, expected, actual) - }) - } - }, t) + actual := protoToJSON(t, proxyTmpl) + expected := golden.Get(t, actual, name+".golden") + require.JSONEq(t, expected, actual) + }) + } } func TestBuildImplicitDestinations(t *testing.T) { - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - api1Service := resourcetest.Resource(pbcatalog.ServiceType, "api-1"). - WithTenancy(tenancy). - WithData(t, serviceData). - Build() - - api2Service := resourcetest.Resource(pbcatalog.ServiceType, "api-2"). - WithTenancy(tenancy). - WithData(t, serviceData). - Build() - - api1Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-1"). - WithOwner(api1Service.Id). - WithTenancy(tenancy). - WithData(t, endpointsData).Build() - - api2Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-2"). - WithOwner(api2Service.Id). - WithTenancy(tenancy). - WithData(t, endpointsData).Build() - - api1Identity := &pbresource.Reference{ - Name: "api1-identity", - Tenancy: api1Endpoints.Id.Tenancy, - } - - api2Identity := &pbresource.Reference{ - Name: "api2-identity", - Tenancy: api2Endpoints.Id.Tenancy, - } - - api1ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, api1Service.Id) - api1ComputedRoutes := routestest.BuildComputedRoutes(t, api1ComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), - ) - require.NotNil(t, api1ComputedRoutes) - - api2ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, api2Service.Id) - api2ComputedRoutes := routestest.BuildComputedRoutes(t, api2ComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), - ) - require.NotNil(t, api2ComputedRoutes) - - proxyCfg := &pbmesh.ComputedProxyConfiguration{ - DynamicConfig: &pbmesh.DynamicConfig{ - Mode: pbmesh.ProxyMode_PROXY_MODE_TRANSPARENT, - TransparentProxy: &pbmesh.TransparentProxy{ - OutboundListenerPort: 15001, - }, - }, - } - - destination1 := &intermediate.Destination{ - Service: resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), - ComputedPortRoutes: routestest.MutateTargets(t, api1ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": - details.ServiceEndpointsId = api1Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api1Identity} - } - }), - VirtualIPs: []string{"1.1.1.1"}, - } - - destination2 := &intermediate.Destination{ - Service: resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), - ComputedPortRoutes: routestest.MutateTargets(t, api2ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": - details.ServiceEndpointsId = api2Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api2Identity} - } - }), - VirtualIPs: []string{"2.2.2.2", "3.3.3.3"}, - } - - destination3 := &intermediate.Destination{ - Explicit: &pbmesh.Destination{ - DestinationRef: resource.Reference(api1Endpoints.Id, ""), - DestinationPort: "tcp", - Datacenter: "dc1", - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{Ip: "1.1.1.1", Port: 1234}, - }, - }, - Service: resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), - ComputedPortRoutes: routestest.MutateTargets(t, api1ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": - details.ServiceEndpointsId = api1Endpoints.Id - details.ServiceEndpoints = endpointsData - details.IdentityRefs = []*pbresource.Reference{api1Identity} - } - }), - } - - cases := map[string]struct { - destinations []*intermediate.Destination - }{ - "destination/l4-single-implicit-destination-tproxy": { - destinations: []*intermediate.Destination{destination1}, - }, - "destination/l4-multiple-implicit-destinations-tproxy": { - destinations: []*intermediate.Destination{destination1, destination2}, + api1Service := resourcetest.Resource(pbcatalog.ServiceType, "api-1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, serviceData). + Build() + + api2Service := resourcetest.Resource(pbcatalog.ServiceType, "api-2"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, serviceData). + Build() + + api1Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-1"). + WithOwner(api1Service.Id). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, endpointsData).Build() + + api2Endpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-2"). + WithOwner(api2Service.Id). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, endpointsData).Build() + + api1Identity := &pbresource.Reference{ + Name: "api1-identity", + Tenancy: api1Endpoints.Id.Tenancy, + } + + api2Identity := &pbresource.Reference{ + Name: "api2-identity", + Tenancy: api2Endpoints.Id.Tenancy, + } + + api1ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, api1Service.Id) + api1ComputedRoutes := routestest.BuildComputedRoutes(t, api1ComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), + ) + require.NotNil(t, api1ComputedRoutes) + + api2ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, api2Service.Id) + api2ComputedRoutes := routestest.BuildComputedRoutes(t, api2ComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), + ) + require.NotNil(t, api2ComputedRoutes) + + proxyCfg := &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{ + Mode: pbmesh.ProxyMode_PROXY_MODE_TRANSPARENT, + TransparentProxy: &pbmesh.TransparentProxy{ + OutboundListenerPort: 15001, }, - "destination/l4-implicit-and-explicit-destinations-tproxy": { - destinations: []*intermediate.Destination{destination2, destination3}, + }, + } + + destination1 := &intermediate.Destination{ + Service: resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), + ComputedPortRoutes: routestest.MutateTargets(t, api1ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": + details.ServiceEndpointsId = api1Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api1Identity} + } + }), + VirtualIPs: []string{"1.1.1.1"}, + } + + destination2 := &intermediate.Destination{ + Service: resourcetest.MustDecode[*pbcatalog.Service](t, api2Service), + ComputedPortRoutes: routestest.MutateTargets(t, api2ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": + details.ServiceEndpointsId = api2Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api2Identity} + } + }), + VirtualIPs: []string{"2.2.2.2", "3.3.3.3"}, + } + + destination3 := &intermediate.Destination{ + Explicit: &pbmesh.Destination{ + DestinationRef: resource.Reference(api1Endpoints.Id, ""), + DestinationPort: "tcp", + Datacenter: "dc1", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{Ip: "1.1.1.1", Port: 1234}, }, - } + }, + Service: resourcetest.MustDecode[*pbcatalog.Service](t, api1Service), + ComputedPortRoutes: routestest.MutateTargets(t, api1ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": + details.ServiceEndpointsId = api1Endpoints.Id + details.ServiceEndpoints = endpointsData + details.IdentityRefs = []*pbresource.Reference{api1Identity} + } + }), + } - for name, c := range cases { - t.Run(resourcetest.AppendTenancyInfoSubtest(t.Name(), name, tenancy), func(t *testing.T) { - proxyTmpl := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), "foo.consul", "dc1", false, proxyCfg). - BuildDestinations(c.destinations). - Build() + cases := map[string]struct { + destinations []*intermediate.Destination + }{ + "destination/l4-single-implicit-destination-tproxy": { + destinations: []*intermediate.Destination{destination1}, + }, + "destination/l4-multiple-implicit-destinations-tproxy": { + destinations: []*intermediate.Destination{destination1, destination2}, + }, + "destination/l4-implicit-and-explicit-destinations-tproxy": { + destinations: []*intermediate.Destination{destination2, destination3}, + }, + } + + for name, c := range cases { + t.Run(name, func(t *testing.T) { + proxyTmpl := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", false, proxyCfg). + BuildDestinations(c.destinations). + Build() - actual := protoToJSON(t, proxyTmpl) - expected := golden.Get(t, actual, name+"-"+tenancy.Partition+"-"+tenancy.Namespace+".golden") + actual := protoToJSON(t, proxyTmpl) + expected := golden.Get(t, actual, name+".golden") - require.JSONEq(t, expected, actual) - }) - } - }, t) + require.JSONEq(t, expected, actual) + }) + } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths_test.go b/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths_test.go index 8bfcc5fbe7f17..c2c9217f40932 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/expose_paths_test.go @@ -4,8 +4,6 @@ package builder import ( - "github.com/hashicorp/consul/internal/resource/resourcetest" - "github.com/hashicorp/consul/proto-public/pbresource" "testing" "github.com/stretchr/testify/require" @@ -18,94 +16,88 @@ import ( // This file contains tests only for error and edge cases cases. The happy case is tested in local_app_test.go func TestBuildExposePaths_NilChecks(t *testing.T) { - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - testutil.RunStep(t, "proxy cfg is nil", func(t *testing.T) { - b := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), "foo.consul", "dc1", true, nil) - require.NotPanics(t, func() { - b.buildExposePaths(nil) - }) + testutil.RunStep(t, "proxy cfg is nil", func(t *testing.T) { + b := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", true, nil) + require.NotPanics(t, func() { + b.buildExposePaths(nil) }) + }) - testutil.RunStep(t, "dynamic cfg is nil", func(t *testing.T) { - b := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), "foo.consul", "dc1", true, &pbmesh.ComputedProxyConfiguration{}) - require.NotPanics(t, func() { - b.buildExposePaths(nil) - }) + testutil.RunStep(t, "dynamic cfg is nil", func(t *testing.T) { + b := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", true, &pbmesh.ComputedProxyConfiguration{}) + require.NotPanics(t, func() { + b.buildExposePaths(nil) }) + }) - testutil.RunStep(t, "expose cfg is nil", func(t *testing.T) { - b := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), "foo.consul", "dc1", true, &pbmesh.ComputedProxyConfiguration{ - DynamicConfig: &pbmesh.DynamicConfig{}, - }) - require.NotPanics(t, func() { - b.buildExposePaths(nil) - }) + testutil.RunStep(t, "expose cfg is nil", func(t *testing.T) { + b := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", true, &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{}, }) - }, t) + require.NotPanics(t, func() { + b.buildExposePaths(nil) + }) + }) } func TestBuildExposePaths_NoExternalMeshWorkloadAddress(t *testing.T) { - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - workload := &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: "1.1.1.1", External: true}, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080}, - "mesh": {Port: 20000}, - }, - } + workload := &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1", External: true}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + "mesh": {Port: 20000}, + }, + } - proxycfg := &pbmesh.ComputedProxyConfiguration{ - DynamicConfig: &pbmesh.DynamicConfig{ - ExposeConfig: &pbmesh.ExposeConfig{ - ExposePaths: []*pbmesh.ExposePath{ - { - ListenerPort: 1234, - LocalPathPort: 9090, - Path: "/health", - }, + proxycfg := &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{ + ExposeConfig: &pbmesh.ExposeConfig{ + ExposePaths: []*pbmesh.ExposePath{ + { + ListenerPort: 1234, + LocalPathPort: 9090, + Path: "/health", }, }, }, - } + }, + } - b := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), "foo.consul", "dc1", true, proxycfg) - b.buildExposePaths(workload) - require.Empty(t, b.proxyStateTemplate.ProxyState.Listeners) - }, t) + b := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", true, proxycfg) + b.buildExposePaths(workload) + require.Empty(t, b.proxyStateTemplate.ProxyState.Listeners) } func TestBuildExposePaths_InvalidProtocol(t *testing.T) { - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - workload := &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: "1.1.1.1"}, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - } + workload := &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "1.1.1.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + } - proxycfg := &pbmesh.ComputedProxyConfiguration{ - DynamicConfig: &pbmesh.DynamicConfig{ - ExposeConfig: &pbmesh.ExposeConfig{ - ExposePaths: []*pbmesh.ExposePath{ - { - ListenerPort: 1234, - LocalPathPort: 9090, - Path: "/health", - Protocol: 3, - }, + proxycfg := &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{ + ExposeConfig: &pbmesh.ExposeConfig{ + ExposePaths: []*pbmesh.ExposePath{ + { + ListenerPort: 1234, + LocalPathPort: 9090, + Path: "/health", + Protocol: 3, }, }, }, - } + }, + } - b := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), "foo.consul", "dc1", true, proxycfg) - require.PanicsWithValue(t, "unsupported expose paths protocol", func() { - b.buildExposePaths(workload) - }) - }, t) + b := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", true, proxycfg) + require.PanicsWithValue(t, "unsupported expose paths protocol", func() { + b.buildExposePaths(workload) + }) } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_multiport_test.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_multiport_test.go index 4a60d0f8b37e9..12cbb387af3a0 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_multiport_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_multiport_test.go @@ -7,167 +7,164 @@ import ( "sort" "testing" + "github.com/hashicorp/consul/internal/testing/golden" + "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/internal/resource/resourcetest" - "github.com/hashicorp/consul/internal/testing/golden" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" ) func TestBuildLocalApp_Multiport(t *testing.T) { - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - cases := map[string]struct { - workload *pbcatalog.Workload - }{ - "source/multiport-l7-single-workload-address-without-ports": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - "grpc-port": {Port: 9091, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + cases := map[string]struct { + workload *pbcatalog.Workload + }{ + "source/multiport-l7-single-workload-address-without-ports": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", }, }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + "grpc-port": {Port: 9091, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, }, - "source/multiport-l7-multiple-workload-addresses-without-ports": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - { - Host: "10.0.0.2", - }, + }, + "source/multiport-l7-multiple-workload-addresses-without-ports": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - "grpc-port": {Port: 9091, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + { + Host: "10.0.0.2", }, }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + "grpc-port": {Port: 9091, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, }, - "source/multiport-l7-multiple-workload-addresses-with-specific-ports": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - Ports: []string{"admin-port"}, - }, - { - Host: "10.0.0.2", - Ports: []string{"api-port"}, - }, - { - Host: "10.0.0.3", - Ports: []string{"mesh"}, - }, + }, + "source/multiport-l7-multiple-workload-addresses-with-specific-ports": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", + Ports: []string{"admin-port"}, + }, + { + Host: "10.0.0.2", + Ports: []string{"api-port"}, }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + { + Host: "10.0.0.3", + Ports: []string{"mesh"}, }, }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, }, - "source/multiport-l4-single-workload-address-without-ports": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + "source/multiport-l4-single-workload-address-without-ports": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", }, }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, }, - "source/multiport-l4-multiple-workload-addresses-without-ports": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - { - Host: "10.0.0.2", - }, + }, + "source/multiport-l4-multiple-workload-addresses-without-ports": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + { + Host: "10.0.0.2", }, }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, }, - "source/multiport-l4-multiple-workload-addresses-with-specific-ports": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - Ports: []string{"admin-port"}, - }, - { - Host: "10.0.0.2", - Ports: []string{"api-port"}, - }, - { - Host: "10.0.0.3", - Ports: []string{"mesh"}, - }, + }, + "source/multiport-l4-multiple-workload-addresses-with-specific-ports": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", + Ports: []string{"admin-port"}, + }, + { + Host: "10.0.0.2", + Ports: []string{"api-port"}, }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + { + Host: "10.0.0.3", + Ports: []string{"mesh"}, }, }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "admin-port": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "api-port": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, }, - "source/multiport-l4-workload-with-only-mesh-port": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + "source/multiport-l4-workload-with-only-mesh-port": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", }, }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, }, - } - - for name, c := range cases { - t.Run(resourcetest.AppendTenancyInfoSubtest(t.Name(), name, tenancy), func(t *testing.T) { - proxyTmpl := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), "foo.consul", "dc1", false, nil). - BuildLocalApp(c.workload, nil). - Build() + }, + } - // sort routers because of test flakes where order was flip flopping. - actualRouters := proxyTmpl.ProxyState.Listeners[0].Routers - sort.Slice(actualRouters, func(i, j int) bool { - return actualRouters[i].String() < actualRouters[j].String() - }) + for name, c := range cases { + t.Run(name, func(t *testing.T) { + proxyTmpl := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", false, nil). + BuildLocalApp(c.workload, nil). + Build() - actual := protoToJSON(t, proxyTmpl) - expected := JSONToProxyTemplate(t, golden.GetBytes(t, actual, name+"-"+tenancy.Partition+"-"+tenancy.Namespace+".golden")) + // sort routers because of test flakes where order was flip flopping. + actualRouters := proxyTmpl.ProxyState.Listeners[0].Routers + sort.Slice(actualRouters, func(i, j int) bool { + return actualRouters[i].String() < actualRouters[j].String() + }) - // sort routers on listener from golden file - expectedRouters := expected.ProxyState.Listeners[0].Routers - sort.Slice(expectedRouters, func(i, j int) bool { - return expectedRouters[i].String() < expectedRouters[j].String() - }) + actual := protoToJSON(t, proxyTmpl) + expected := JSONToProxyTemplate(t, golden.GetBytes(t, actual, name+".golden")) - // convert back to json after sorting so that test output does not contain extraneous fields. - require.Equal(t, protoToJSON(t, expected), protoToJSON(t, proxyTmpl)) + // sort routers on listener from golden file + expectedRouters := expected.ProxyState.Listeners[0].Routers + sort.Slice(expectedRouters, func(i, j int) bool { + return expectedRouters[i].String() < expectedRouters[j].String() }) - } - }, t) + + // convert back to json after sorting so that test output does not contain extraneous fields. + require.Equal(t, protoToJSON(t, expected), protoToJSON(t, proxyTmpl)) + }) + } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go index 20e99d911566c..33dcab7155228 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/local_app_test.go @@ -4,13 +4,14 @@ package builder import ( + "google.golang.org/protobuf/types/known/durationpb" "sort" "testing" "time" "github.com/stretchr/testify/require" - "google.golang.org/protobuf/types/known/durationpb" + "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/resourcetest" "github.com/hashicorp/consul/internal/testing/golden" pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1" @@ -22,228 +23,201 @@ import ( ) func TestBuildLocalApp(t *testing.T) { - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - cases := map[string]struct { - workload *pbcatalog.Workload - ctp *pbauth.ComputedTrafficPermissions - defaultAllow bool - }{ - "source/single-workload-address-without-ports": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "http": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - "http2": {Port: 8082, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - "grpc": {Port: 8083, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + cases := map[string]struct { + workload *pbcatalog.Workload + ctp *pbauth.ComputedTrafficPermissions + defaultAllow bool + }{ + "source/l4-single-workload-address-without-ports": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", }, }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "port1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "port2": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, }, - "source/multiple-workload-addresses-without-ports": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - { - Host: "10.0.0.2", - }, + }, + "source/l4-multiple-workload-addresses-without-ports": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "http": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - "http2": {Port: 8082, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - "grpc": {Port: 8083, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + { + Host: "10.0.0.2", }, }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "port1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "port2": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, }, - "source/multiple-workload-addresses-with-specific-ports": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "127.0.0.1", - Ports: []string{"tcp", "grpc", "mesh"}, - }, - { - Host: "10.0.0.2", - Ports: []string{"http", "http2", "mesh"}, - }, + }, + "source/l4-multiple-workload-addresses-with-specific-ports": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "127.0.0.1", + Ports: []string{"port1"}, }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "http": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - "http2": {Port: 8082, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - "grpc": {Port: 8083, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + { + Host: "10.0.0.2", + Ports: []string{"port2"}, }, }, - ctp: &pbauth.ComputedTrafficPermissions{ - AllowPermissions: []*pbauth.Permission{ - { - Sources: []*pbauth.Source{ - { - IdentityName: "foo", - Namespace: "default", - Partition: "default", - }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "port1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "port2": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + }, + ctp: &pbauth.ComputedTrafficPermissions{ + AllowPermissions: []*pbauth.Permission{ + { + Sources: []*pbauth.Source{ + { + IdentityName: "foo", + Namespace: "default", + Partition: "default", }, }, }, }, - defaultAllow: true, }, - } - - for name, c := range cases { - t.Run(resourcetest.AppendTenancyInfoSubtest(t.Name(), name, tenancy), func(t *testing.T) { - proxyTmpl := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), "foo.consul", "dc1", true, nil). - BuildLocalApp(c.workload, nil). - Build() - - // sort routers because of test flakes where order was flip flopping. - actualRouters := proxyTmpl.ProxyState.Listeners[0].Routers - sort.Slice(actualRouters, func(i, j int) bool { - return actualRouters[i].String() < actualRouters[j].String() - }) - - actual := protoToJSON(t, proxyTmpl) - expected := JSONToProxyTemplate(t, golden.GetBytes(t, actual, name+"-"+tenancy.Partition+"-"+tenancy.Namespace+".golden")) + defaultAllow: true, + }, + } - // sort routers on listener from golden file - expectedRouters := expected.ProxyState.Listeners[0].Routers - sort.Slice(expectedRouters, func(i, j int) bool { - return expectedRouters[i].String() < expectedRouters[j].String() - }) + for name, c := range cases { + t.Run(name, func(t *testing.T) { + proxyTmpl := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", c.defaultAllow, nil). + BuildLocalApp(c.workload, c.ctp). + Build() + actual := protoToJSON(t, proxyTmpl) + expected := golden.Get(t, actual, name+".golden") - // convert back to json after sorting so that test output does not contain extraneous fields. - require.Equal(t, protoToJSON(t, expected), protoToJSON(t, proxyTmpl)) - }) - } - }, t) + require.JSONEq(t, expected, actual) + }) + } } func TestBuildLocalApp_WithProxyConfiguration(t *testing.T) { - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - cases := map[string]struct { - workload *pbcatalog.Workload - proxyCfg *pbmesh.ComputedProxyConfiguration - }{ - "source/l7-expose-paths": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "port1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "port2": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + cases := map[string]struct { + workload *pbcatalog.Workload + proxyCfg *pbmesh.ComputedProxyConfiguration + }{ + "source/l7-expose-paths": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", }, }, - proxyCfg: &pbmesh.ComputedProxyConfiguration{ - DynamicConfig: &pbmesh.DynamicConfig{ - ExposeConfig: &pbmesh.ExposeConfig{ - ExposePaths: []*pbmesh.ExposePath{ - { - ListenerPort: 1234, - Path: "/health", - LocalPathPort: 9090, - Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP, - }, - { - ListenerPort: 1235, - Path: "GetHealth", - LocalPathPort: 9091, - Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP2, - }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "port1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "port2": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + }, + proxyCfg: &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{ + ExposeConfig: &pbmesh.ExposeConfig{ + ExposePaths: []*pbmesh.ExposePath{ + { + ListenerPort: 1234, + Path: "/health", + LocalPathPort: 9090, + Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP, + }, + { + ListenerPort: 1235, + Path: "GetHealth", + LocalPathPort: 9091, + Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP2, }, }, }, }, }, - // source/local-and-inbound-connections shows that configuring LocalCOnnection - // and InboundConnections in DynamicConfig will set fields on standard clusters and routes, - // but will not set fields on exposed path clusters and routes. - "source/local-and-inbound-connections": { - workload: &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "port1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "port2": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - "port3": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + // source/local-and-inbound-connections shows that configuring LocalCOnnection + // and InboundConnections in DynamicConfig will set fields on standard clusters and routes, + // but will not set fields on exposed path clusters and routes. + "source/local-and-inbound-connections": { + workload: &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", }, }, - proxyCfg: &pbmesh.ComputedProxyConfiguration{ - DynamicConfig: &pbmesh.DynamicConfig{ - LocalConnection: map[string]*pbmesh.ConnectionConfig{ - "port1": { - ConnectTimeout: durationpb.New(6 * time.Second), - RequestTimeout: durationpb.New(7 * time.Second)}, - "port3": { - ConnectTimeout: durationpb.New(8 * time.Second), - RequestTimeout: durationpb.New(9 * time.Second)}, - }, - InboundConnections: &pbmesh.InboundConnectionsConfig{ - MaxInboundConnections: 123, - BalanceInboundConnections: pbmesh.BalanceConnections(pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_EXACT), - }, - ExposeConfig: &pbmesh.ExposeConfig{ - ExposePaths: []*pbmesh.ExposePath{ - { - ListenerPort: 1234, - Path: "/health", - LocalPathPort: 9090, - Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP, - }, - { - ListenerPort: 1235, - Path: "GetHealth", - LocalPathPort: 9091, - Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP2, - }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "port1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "port2": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + "port3": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + }, + proxyCfg: &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{ + LocalConnection: map[string]*pbmesh.ConnectionConfig{ + "port1": { + ConnectTimeout: durationpb.New(6 * time.Second), + RequestTimeout: durationpb.New(7 * time.Second)}, + "port3": { + ConnectTimeout: durationpb.New(8 * time.Second), + RequestTimeout: durationpb.New(9 * time.Second)}, + }, + InboundConnections: &pbmesh.InboundConnectionsConfig{ + MaxInboundConnections: 123, + BalanceInboundConnections: pbmesh.BalanceConnections(pbproxystate.BalanceConnections_BALANCE_CONNECTIONS_EXACT), + }, + ExposeConfig: &pbmesh.ExposeConfig{ + ExposePaths: []*pbmesh.ExposePath{ + { + ListenerPort: 1234, + Path: "/health", + LocalPathPort: 9090, + Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP, + }, + { + ListenerPort: 1235, + Path: "GetHealth", + LocalPathPort: 9091, + Protocol: pbmesh.ExposePathProtocol_EXPOSE_PATH_PROTOCOL_HTTP2, }, }, }, }, }, - } - - for name, c := range cases { - t.Run(resourcetest.AppendTenancyInfoSubtest(t.Name(), name, tenancy), func(t *testing.T) { - proxyTmpl := New(testProxyStateTemplateID(tenancy), testIdentityRef(tenancy), "foo.consul", "dc1", true, c.proxyCfg). - BuildLocalApp(c.workload, nil). - Build() + }, + } - // sort routers because of test flakes where order was flip flopping. - actualRouters := proxyTmpl.ProxyState.Listeners[0].Routers - sort.Slice(actualRouters, func(i, j int) bool { - return actualRouters[i].String() < actualRouters[j].String() - }) + for name, c := range cases { + t.Run(name, func(t *testing.T) { + proxyTmpl := New(testProxyStateTemplateID(), testIdentityRef(), "foo.consul", "dc1", true, c.proxyCfg). + BuildLocalApp(c.workload, nil). + Build() - actual := protoToJSON(t, proxyTmpl) - expected := JSONToProxyTemplate(t, golden.GetBytes(t, actual, name+"-"+tenancy.Partition+"-"+tenancy.Namespace+".golden")) + // sort routers because of test flakes where order was flip flopping. + actualRouters := proxyTmpl.ProxyState.Listeners[0].Routers + sort.Slice(actualRouters, func(i, j int) bool { + return actualRouters[i].String() < actualRouters[j].String() + }) - // sort routers on listener from golden file - expectedRouters := expected.ProxyState.Listeners[0].Routers - sort.Slice(expectedRouters, func(i, j int) bool { - return expectedRouters[i].String() < expectedRouters[j].String() - }) + actual := protoToJSON(t, proxyTmpl) + expected := JSONToProxyTemplate(t, golden.GetBytes(t, actual, name+".golden")) - // convert back to json after sorting so that test output does not contain extraneous fields. - require.Equal(t, protoToJSON(t, expected), protoToJSON(t, proxyTmpl)) + // sort routers on listener from golden file + expectedRouters := expected.ProxyState.Listeners[0].Routers + sort.Slice(expectedRouters, func(i, j int) bool { + return expectedRouters[i].String() < expectedRouters[j].String() }) - } - }, t) + + // convert back to json after sorting so that test output does not contain extraneous fields. + require.Equal(t, protoToJSON(t, expected), protoToJSON(t, proxyTmpl)) + }) + } } func TestBuildL4TrafficPermissions(t *testing.T) { @@ -566,16 +540,20 @@ func TestBuildL4TrafficPermissions(t *testing.T) { } } -func testProxyStateTemplateID(tenancy *pbresource.Tenancy) *pbresource.ID { +func testProxyStateTemplateID() *pbresource.ID { return resourcetest.Resource(pbmesh.ProxyStateTemplateType, "test"). - WithTenancy(tenancy). + WithTenancy(resource.DefaultNamespacedTenancy()). ID() } -func testIdentityRef(tenancy *pbresource.Tenancy) *pbresource.Reference { +func testIdentityRef() *pbresource.Reference { return &pbresource.Reference{ - Name: "test-identity", - Tenancy: tenancy, - Type: pbauth.WorkloadIdentityType, + Name: "test-identity", + Tenancy: &pbresource.Tenancy{ + Namespace: "default", + Partition: "default", + PeerName: "local", + }, + Type: pbauth.WorkloadIdentityType, } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-default-bar.golden deleted file mode 100644 index 63166314d217b..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-default-bar.golden +++ /dev/null @@ -1,194 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "default/local/bar/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.bar.default.dc1" - } - } - ] - }, - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.bar.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-default-default.golden deleted file mode 100644 index 098beac1af9bb..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-default-default.golden +++ /dev/null @@ -1,194 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "default/local/default/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.default.default.dc1" - } - } - ] - }, - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.default.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.default.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-foo-bar.golden deleted file mode 100644 index 42829063e0862..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-foo-bar.golden +++ /dev/null @@ -1,194 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "foo/local/bar/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.bar.foo.dc1" - } - } - ] - }, - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.bar.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-foo-default.golden deleted file mode 100644 index 45a3e5cb9ce45..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-implicit-and-explicit-destinations-tproxy-foo-default.golden +++ /dev/null @@ -1,194 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "foo/local/default/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.default.foo.dc1" - } - } - ] - }, - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.default.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-default-bar.golden deleted file mode 100644 index 1e2570b51c7b2..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-default-bar.golden +++ /dev/null @@ -1,320 +0,0 @@ -{ - "proxyState": { - "clusters": { - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-1.bar.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-1.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-1.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-2.bar.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "default/local/bar/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.bar.default.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.bar.dc1.internal.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.bar.dc1.internal.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "default/local/bar/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.bar.default.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - }, - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 2345 - }, - "name": "default/local/bar/api-1:tcp2:1.1.1.1:2345", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp2.api-1.bar.default.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp2.api-2.bar.dc1.internal.foo.consul", - "weight": 60 - }, - { - "name": "tcp2.api-1.bar.dc1.internal.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "default/local/bar/api-2:tcp2:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp2.api-2.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-2.bar.default.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-1.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-default-default.golden deleted file mode 100644 index 1f925e4b5a2b7..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-default-default.golden +++ /dev/null @@ -1,320 +0,0 @@ -{ - "proxyState": { - "clusters": { - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-1.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-1.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-1.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-2.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "default/local/default/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.default.default.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.default.dc1.internal.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "default/local/default/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.default.default.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - }, - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 2345 - }, - "name": "default/local/default/api-1:tcp2:1.1.1.1:2345", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp2.api-1.default.default.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp2.api-2.default.dc1.internal.foo.consul", - "weight": 60 - }, - { - "name": "tcp2.api-1.default.dc1.internal.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "default/local/default/api-2:tcp2:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp2.api-2.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-2.default.default.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.default.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-1.default.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-foo-bar.golden deleted file mode 100644 index 362d0d150f8af..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-foo-bar.golden +++ /dev/null @@ -1,320 +0,0 @@ -{ - "proxyState": { - "clusters": { - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-1.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-1.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "foo/local/bar/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.bar.foo.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "foo/local/bar/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.bar.foo.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - }, - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 2345 - }, - "name": "foo/local/bar/api-1:tcp2:1.1.1.1:2345", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp2.api-1.bar.foo.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp2.api-2.bar.foo.dc1.internal-v1.foo.consul", - "weight": 60 - }, - { - "name": "tcp2.api-1.bar.foo.dc1.internal-v1.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "foo/local/bar/api-2:tcp2:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp2.api-2.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-2.bar.foo.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-foo-default.golden deleted file mode 100644 index 08abcc6b4d45a..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multi-destination-foo-default.golden +++ /dev/null @@ -1,320 +0,0 @@ -{ - "proxyState": { - "clusters": { - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-1.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-1.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-1.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "foo/local/default/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.default.foo.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "foo/local/default/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.default.foo.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - }, - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 2345 - }, - "name": "foo/local/default/api-1:tcp2:1.1.1.1:2345", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp2.api-1.default.foo.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp2.api-2.default.foo.dc1.internal-v1.foo.consul", - "weight": 60 - }, - { - "name": "tcp2.api-1.default.foo.dc1.internal-v1.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "foo/local/default/api-2:tcp2:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp2.api-2.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-2.default.foo.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-1.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-default-bar.golden deleted file mode 100644 index 2229cda1a8dc2..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-default-bar.golden +++ /dev/null @@ -1,193 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.bar.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp.api-2.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.bar.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-default-default.golden deleted file mode 100644 index e00c9d08e0105..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-default-default.golden +++ /dev/null @@ -1,193 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.default.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp.api-2.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.default.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.default.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-foo-bar.golden deleted file mode 100644 index 36e2a40ace404..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-foo-bar.golden +++ /dev/null @@ -1,193 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.bar.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.bar.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-foo-default.golden deleted file mode 100644 index a00eb8d334c57..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-multiple-implicit-destinations-tproxy-foo-default.golden +++ /dev/null @@ -1,193 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.default.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.default.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-default-bar.golden deleted file mode 100644 index f3ab005e066dc..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-default-bar.golden +++ /dev/null @@ -1,165 +0,0 @@ -{ - "proxyState": { - "clusters": { - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "default/local/bar/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.bar.default.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.bar.dc1.internal.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.bar.dc1.internal.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-default-default.golden deleted file mode 100644 index ae2d99c942619..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-default-default.golden +++ /dev/null @@ -1,165 +0,0 @@ -{ - "proxyState": { - "clusters": { - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "default/local/default/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.default.default.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.default.dc1.internal.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.default.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-foo-bar.golden deleted file mode 100644 index 69b47e5e3a8e9..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-foo-bar.golden +++ /dev/null @@ -1,165 +0,0 @@ -{ - "proxyState": { - "clusters": { - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "foo/local/bar/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.bar.foo.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-foo-default.golden deleted file mode 100644 index 35788a96d9b7e..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-ip-port-bind-address-foo-default.golden +++ /dev/null @@ -1,165 +0,0 @@ -{ - "proxyState": { - "clusters": { - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "foo/local/default/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.default.foo.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-default-bar.golden deleted file mode 100644 index a39efdd4b58c4..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-default-bar.golden +++ /dev/null @@ -1,97 +0,0 @@ -{ - "proxyState": { - "clusters": { - "tcp.api-2.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "name": "default/local/bar/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.bar.default.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - } - ] - }, - "requiredEndpoints": { - "tcp.api-2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-default-default.golden deleted file mode 100644 index 2af48e9f29e31..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-default-default.golden +++ /dev/null @@ -1,97 +0,0 @@ -{ - "proxyState": { - "clusters": { - "tcp.api-2.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "name": "default/local/default/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.default.default.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - } - ] - }, - "requiredEndpoints": { - "tcp.api-2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-foo-bar.golden deleted file mode 100644 index d56ced93a8b9b..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-foo-bar.golden +++ /dev/null @@ -1,97 +0,0 @@ -{ - "proxyState": { - "clusters": { - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "name": "foo/local/bar/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.bar.foo.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - } - ] - }, - "requiredEndpoints": { - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-foo-default.golden deleted file mode 100644 index b0768db9b0496..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-destination-unix-socket-bind-address-foo-default.golden +++ /dev/null @@ -1,97 +0,0 @@ -{ - "proxyState": { - "clusters": { - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "name": "foo/local/default/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.default.foo.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - } - ] - }, - "requiredEndpoints": { - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-default-bar.golden deleted file mode 100644 index c3017193ca8de..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-default-bar.golden +++ /dev/null @@ -1,128 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.bar.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-default-default.golden deleted file mode 100644 index 50e871481174c..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-default-default.golden +++ /dev/null @@ -1,128 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.default.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.default.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-foo-bar.golden deleted file mode 100644 index 75d3698d91b75..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-foo-bar.golden +++ /dev/null @@ -1,128 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.bar.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-foo-default.golden deleted file mode 100644 index df5c92a34668e..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/l4-single-implicit-destination-tproxy-foo-default.golden +++ /dev/null @@ -1,128 +0,0 @@ -{ - "proxyState": { - "clusters": { - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-1.default.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ] - }, - "requiredEndpoints": { - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-default-bar.golden deleted file mode 100644 index f4c131189c919..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-default-bar.golden +++ /dev/null @@ -1,415 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-1.bar.dc1.internal.foo.consul": { - "altStatName": "http.api-1.bar.dc1.internal.foo.consul", - "failoverGroup": { - "config": { - "connectTimeout": "55s", - "useAltStatName": true - }, - "endpointGroups": [ - { - "dynamic": { - "config": { - "connectTimeout": "55s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - }, - "name": "failover-target~0~http.api-1.bar.dc1.internal.foo.consul" - }, - { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "backup-1.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/backup1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - }, - "name": "failover-target~1~http.api-1.bar.dc1.internal.foo.consul" - } - ] - }, - "name": "http.api-1.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "http.api-2.bar.dc1.internal.foo.consul": { - "altStatName": "http.api-2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "default/local/bar/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.bar.default.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.bar.dc1.internal.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.bar.dc1.internal.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "default/local/bar/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.bar.default.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - }, - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "default/local/bar/api-1:http:1.1.1.1:1234", - "routers": [ - { - "l7": { - "route": { - "name": "default/local/bar/api-1:http:1.1.1.1:1234" - }, - "statPrefix": "upstream.http.api-1.bar.default.dc1" - } - } - ] - } - ], - "routes": { - "default/local/bar/api-1:http:1.1.1.1:1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "default/local/bar/api-1:http:1.1.1.1:1234", - "routeRules": [ - { - "destination": { - "destinationConfiguration": { - "timeoutConfig": { - "timeout": "77s" - } - }, - "weightedClusters": { - "clusters": [ - { - "name": "http.api-2.bar.dc1.internal.foo.consul", - "weight": 60 - }, - { - "name": "http.api-1.bar.dc1.internal.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - }, - "match": { - "pathMatch": { - "prefix": "/split" - } - } - }, - { - "destination": { - "cluster": { - "name": "http.api-1.bar.dc1.internal.foo.consul" - }, - "destinationConfiguration": { - "retryPolicy": { - "numRetries": 4, - "retryOn": "connect-failure" - }, - "timeoutConfig": { - "timeout": "606s" - } - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - }, - { - "destination": { - "cluster": { - "name": "null_route_cluster" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "failover-target~1~http.api-1.bar.dc1.internal.foo.consul": { - "id": { - "name": "backup-1", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-1.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-1.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-default-default.golden deleted file mode 100644 index cbd28e7a70a44..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-default-default.golden +++ /dev/null @@ -1,415 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-1.default.dc1.internal.foo.consul": { - "altStatName": "http.api-1.default.dc1.internal.foo.consul", - "failoverGroup": { - "config": { - "connectTimeout": "55s", - "useAltStatName": true - }, - "endpointGroups": [ - { - "dynamic": { - "config": { - "connectTimeout": "55s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - }, - "name": "failover-target~0~http.api-1.default.dc1.internal.foo.consul" - }, - { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "backup-1.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/backup1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - }, - "name": "failover-target~1~http.api-1.default.dc1.internal.foo.consul" - } - ] - }, - "name": "http.api-1.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "http.api-2.default.dc1.internal.foo.consul": { - "altStatName": "http.api-2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-1.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "default/local/default/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.default.default.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.default.dc1.internal.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.default.dc1.internal.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "default/local/default/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.default.default.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - }, - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "default/local/default/api-1:http:1.1.1.1:1234", - "routers": [ - { - "l7": { - "route": { - "name": "default/local/default/api-1:http:1.1.1.1:1234" - }, - "statPrefix": "upstream.http.api-1.default.default.dc1" - } - } - ] - } - ], - "routes": { - "default/local/default/api-1:http:1.1.1.1:1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "default/local/default/api-1:http:1.1.1.1:1234", - "routeRules": [ - { - "destination": { - "destinationConfiguration": { - "timeoutConfig": { - "timeout": "77s" - } - }, - "weightedClusters": { - "clusters": [ - { - "name": "http.api-2.default.dc1.internal.foo.consul", - "weight": 60 - }, - { - "name": "http.api-1.default.dc1.internal.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - }, - "match": { - "pathMatch": { - "prefix": "/split" - } - } - }, - { - "destination": { - "cluster": { - "name": "http.api-1.default.dc1.internal.foo.consul" - }, - "destinationConfiguration": { - "retryPolicy": { - "numRetries": 4, - "retryOn": "connect-failure" - }, - "timeoutConfig": { - "timeout": "606s" - } - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - }, - { - "destination": { - "cluster": { - "name": "null_route_cluster" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "failover-target~1~http.api-1.default.dc1.internal.foo.consul": { - "id": { - "name": "backup-1", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-1.default.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-1.default.dc1.internal.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-foo-bar.golden deleted file mode 100644 index 8e69b843d76f5..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-foo-bar.golden +++ /dev/null @@ -1,415 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-1.bar.foo.dc1.internal-v1.foo.consul", - "failoverGroup": { - "config": { - "connectTimeout": "55s", - "useAltStatName": true - }, - "endpointGroups": [ - { - "dynamic": { - "config": { - "connectTimeout": "55s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - }, - "name": "failover-target~0~http.api-1.bar.foo.dc1.internal-v1.foo.consul" - }, - { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "backup-1.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/backup1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - }, - "name": "failover-target~1~http.api-1.bar.foo.dc1.internal-v1.foo.consul" - } - ] - }, - "name": "http.api-1.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "http.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "foo/local/bar/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.bar.foo.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "foo/local/bar/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.bar.foo.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - }, - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "foo/local/bar/api-1:http:1.1.1.1:1234", - "routers": [ - { - "l7": { - "route": { - "name": "foo/local/bar/api-1:http:1.1.1.1:1234" - }, - "statPrefix": "upstream.http.api-1.bar.foo.dc1" - } - } - ] - } - ], - "routes": { - "foo/local/bar/api-1:http:1.1.1.1:1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "foo/local/bar/api-1:http:1.1.1.1:1234", - "routeRules": [ - { - "destination": { - "destinationConfiguration": { - "timeoutConfig": { - "timeout": "77s" - } - }, - "weightedClusters": { - "clusters": [ - { - "name": "http.api-2.bar.foo.dc1.internal-v1.foo.consul", - "weight": 60 - }, - { - "name": "http.api-1.bar.foo.dc1.internal-v1.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - }, - "match": { - "pathMatch": { - "prefix": "/split" - } - } - }, - { - "destination": { - "cluster": { - "name": "http.api-1.bar.foo.dc1.internal-v1.foo.consul" - }, - "destinationConfiguration": { - "retryPolicy": { - "numRetries": 4, - "retryOn": "connect-failure" - }, - "timeoutConfig": { - "timeout": "606s" - } - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - }, - { - "destination": { - "cluster": { - "name": "null_route_cluster" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "failover-target~1~http.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "backup-1", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-1.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-foo-default.golden deleted file mode 100644 index 8dd309c84d145..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination-foo-default.golden +++ /dev/null @@ -1,415 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-1.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-1.default.foo.dc1.internal-v1.foo.consul", - "failoverGroup": { - "config": { - "connectTimeout": "55s", - "useAltStatName": true - }, - "endpointGroups": [ - { - "dynamic": { - "config": { - "connectTimeout": "55s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - }, - "name": "failover-target~0~http.api-1.default.foo.dc1.internal-v1.foo.consul" - }, - { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "backup-1.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/backup1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - }, - "name": "failover-target~1~http.api-1.default.foo.dc1.internal-v1.foo.consul" - } - ] - }, - "name": "http.api-1.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "http.api-2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "null_route_cluster": { - "endpointGroup": { - "static": { - "config": { - "connectTimeout": "10s" - } - } - }, - "name": "null_route_cluster", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-1.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api1-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "foo/local/default/api-1:tcp:1.1.1.1:1234", - "routers": [ - { - "l4": { - "statPrefix": "upstream.tcp.api-1.default.foo.dc1", - "weightedClusters": { - "clusters": [ - { - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul", - "weight": 60 - }, - { - "name": "tcp.api-1.default.foo.dc1.internal-v1.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - } - } - ] - }, - { - "direction": "DIRECTION_OUTBOUND", - "name": "foo/local/default/api-2:tcp:/path/to/socket", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-2.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-2.default.foo.dc1" - } - } - ], - "unixSocket": { - "mode": "0666", - "path": "/path/to/socket" - } - }, - { - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "1.1.1.1", - "port": 1234 - }, - "name": "foo/local/default/api-1:http:1.1.1.1:1234", - "routers": [ - { - "l7": { - "route": { - "name": "foo/local/default/api-1:http:1.1.1.1:1234" - }, - "statPrefix": "upstream.http.api-1.default.foo.dc1" - } - } - ] - } - ], - "routes": { - "foo/local/default/api-1:http:1.1.1.1:1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "foo/local/default/api-1:http:1.1.1.1:1234", - "routeRules": [ - { - "destination": { - "destinationConfiguration": { - "timeoutConfig": { - "timeout": "77s" - } - }, - "weightedClusters": { - "clusters": [ - { - "name": "http.api-2.default.foo.dc1.internal-v1.foo.consul", - "weight": 60 - }, - { - "name": "http.api-1.default.foo.dc1.internal-v1.foo.consul", - "weight": 40 - }, - { - "name": "null_route_cluster", - "weight": 10 - } - ] - } - }, - "match": { - "pathMatch": { - "prefix": "/split" - } - } - }, - { - "destination": { - "cluster": { - "name": "http.api-1.default.foo.dc1.internal-v1.foo.consul" - }, - "destinationConfiguration": { - "retryPolicy": { - "numRetries": 4, - "retryOn": "connect-failure" - }, - "timeoutConfig": { - "timeout": "606s" - } - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - }, - { - "destination": { - "cluster": { - "name": "null_route_cluster" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "failover-target~1~http.api-1.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "backup-1", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-1.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-1.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-1", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination.golden index cbd28e7a70a44..ca69db7dfcb0d 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/mixed-multi-destination.golden @@ -234,7 +234,7 @@ "route": { "name": "default/local/default/api-1:http:1.1.1.1:1234" }, - "statPrefix": "upstream.http.api-1.default.default.dc1" + "statPrefix": "upstream." } } ] diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-default-bar.golden deleted file mode 100644 index 332d7a1485aaf..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-default-bar.golden +++ /dev/null @@ -1,495 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.bar.dc1.internal.foo.consul": { - "altStatName": "http.api-app.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "http.api-app2.bar.dc1.internal.foo.consul": { - "altStatName": "http.api-app2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app2.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.bar.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app2.bar.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app2.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app2.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.bar.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp.api-app2.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app2.bar.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "default/local/bar/api-app:http" - }, - "statPrefix": "upstream.http.api-app.bar.default.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "default/local/bar/api-app2:http" - }, - "statPrefix": "upstream.http.api-app2.bar.default.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.bar.default.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app2.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app2.bar.default.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "default/local/bar/api-app2:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "default/local/bar/api-app2:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app2.bar.dc1.internal.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "default/local/bar/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "default/local/bar/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.bar.dc1.internal.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-app2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app2.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-default-default.golden deleted file mode 100644 index 94e8e1c21577d..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-default-default.golden +++ /dev/null @@ -1,495 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "http.api-app2.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app2.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app2.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app2.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.default.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp.api-app2.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app2.default.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "default/local/default/api-app:http" - }, - "statPrefix": "upstream.http.api-app.default.default.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "default/local/default/api-app2:http" - }, - "statPrefix": "upstream.http.api-app2.default.default.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.default.default.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app2.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app2.default.default.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "default/local/default/api-app2:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "default/local/default/api-app2:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app2.default.dc1.internal.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "default/local/default/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "default/local/default/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.default.dc1.internal.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-app2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app2.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-foo-bar.golden deleted file mode 100644 index 9cd2ab07228a2..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-foo-bar.golden +++ /dev/null @@ -1,495 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-app.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "http.api-app2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-app2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-app2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app2.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-app2.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app2.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.bar.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp.api-app2.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app2.bar.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "foo/local/bar/api-app:http" - }, - "statPrefix": "upstream.http.api-app.bar.foo.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "foo/local/bar/api-app2:http" - }, - "statPrefix": "upstream.http.api-app2.bar.foo.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.bar.foo.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app2.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app2.bar.foo.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "foo/local/bar/api-app2:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "foo/local/bar/api-app2:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app2.bar.foo.dc1.internal-v1.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "foo/local/bar/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "foo/local/bar/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.bar.foo.dc1.internal-v1.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-app2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app2.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-foo-default.golden deleted file mode 100644 index 6345d04a701b1..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy-foo-default.golden +++ /dev/null @@ -1,495 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-app.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "http.api-app2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-app2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-app.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-app2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app2.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-app2.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app2.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app2-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app2.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.default.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp.api-app2.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app2.default.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "foo/local/default/api-app:http" - }, - "statPrefix": "upstream.http.api-app.default.foo.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "foo/local/default/api-app2:http" - }, - "statPrefix": "upstream.http.api-app2.default.foo.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.default.foo.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app2.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app2.default.foo.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "2.2.2.2", - "prefixLen": 32 - }, - { - "addressPrefix": "3.3.3.3", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "foo/local/default/api-app2:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "foo/local/default/api-app2:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app2.default.foo.dc1.internal-v1.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "foo/local/default/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "foo/local/default/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.default.foo.dc1.internal-v1.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "http.api-app2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app2.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app2", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden index 94e8e1c21577d..3192629710d92 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden @@ -1,8 +1,8 @@ { "proxyState": { "clusters": { - "http.api-app.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app.default.dc1.internal.foo.consul", + "tcp2.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -11,7 +11,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~http" + "consul~tcp2" ], "outboundMesh": { "identityKey": "test-identity", @@ -26,11 +26,11 @@ } } }, - "name": "http.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" + "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_TCP" }, - "http.api-app2.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app2.default.dc1.internal.foo.consul", + "tcp2.api-app2.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app2.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -39,7 +39,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~http" + "consul~tcp2" ], "outboundMesh": { "identityKey": "test-identity", @@ -54,22 +54,11 @@ } } }, - "name": "http.api-app2.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", + "name": "tcp2.api-app2.default.dc1.internal.foo.consul", "protocol": "PROTOCOL_TCP" }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", + "http.api-app.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -78,7 +67,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp" + "consul~http" ], "outboundMesh": { "identityKey": "test-identity", @@ -93,11 +82,11 @@ } } }, - "name": "tcp.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" + "name": "http.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" }, - "tcp.api-app2.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app2.default.dc1.internal.foo.consul", + "http.api-app2.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app2.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -106,7 +95,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp" + "consul~http" ], "outboundMesh": { "identityKey": "test-identity", @@ -121,11 +110,22 @@ } } }, - "name": "tcp.api-app2.default.dc1.internal.foo.consul", + "name": "http.api-app2.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" + }, + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", "protocol": "PROTOCOL_TCP" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", + "tcp.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -134,7 +134,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp2" + "consul~tcp" ], "outboundMesh": { "identityKey": "test-identity", @@ -149,11 +149,11 @@ } } }, - "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "name": "tcp.api-app.default.dc1.internal.foo.consul", "protocol": "PROTOCOL_TCP" }, - "tcp2.api-app2.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app2.default.dc1.internal.foo.consul", + "tcp.api-app2.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app2.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -162,7 +162,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp2" + "consul~tcp" ], "outboundMesh": { "identityKey": "test-identity", @@ -177,7 +177,7 @@ } } }, - "name": "tcp2.api-app2.default.dc1.internal.foo.consul", + "name": "tcp.api-app2.default.dc1.internal.foo.consul", "protocol": "PROTOCOL_TCP" } }, @@ -257,7 +257,7 @@ "route": { "name": "default/local/default/api-app:http" }, - "statPrefix": "upstream.http.api-app.default.default.dc1" + "statPrefix": "upstream." }, "match": { "destinationPort": 8080, @@ -274,7 +274,7 @@ "route": { "name": "default/local/default/api-app2:http" }, - "statPrefix": "upstream.http.api-app2.default.default.dc1" + "statPrefix": "upstream." }, "match": { "destinationPort": 8080, @@ -383,7 +383,7 @@ } }, "requiredEndpoints": { - "http.api-app.default.dc1.internal.foo.consul": { + "tcp2.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -399,7 +399,7 @@ }, "port": "mesh" }, - "http.api-app2.default.dc1.internal.foo.consul": { + "tcp2.api-app2.default.dc1.internal.foo.consul": { "id": { "name": "api-app2", "tenancy": { @@ -415,7 +415,7 @@ }, "port": "mesh" }, - "tcp.api-app.default.dc1.internal.foo.consul": { + "http.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -431,7 +431,7 @@ }, "port": "mesh" }, - "tcp.api-app2.default.dc1.internal.foo.consul": { + "http.api-app2.default.dc1.internal.foo.consul": { "id": { "name": "api-app2", "tenancy": { @@ -447,7 +447,7 @@ }, "port": "mesh" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { + "tcp.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -463,7 +463,7 @@ }, "port": "mesh" }, - "tcp2.api-app2.default.dc1.internal.foo.consul": { + "tcp.api-app2.default.dc1.internal.foo.consul": { "id": { "name": "api-app2", "tenancy": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-default-bar.golden deleted file mode 100644 index 137a378492c02..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-default-bar.golden +++ /dev/null @@ -1,276 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.bar.dc1.internal.foo.consul": { - "altStatName": "http.api-app.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.bar.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.bar.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "default/local/bar/api-app:http" - }, - "statPrefix": "upstream.http.api-app.bar.default.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.bar.default.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "default/local/bar/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "default/local/bar/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.bar.dc1.internal.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-default-default.golden deleted file mode 100644 index 479a4e7aefd2f..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-default-default.golden +++ /dev/null @@ -1,276 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.default.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "default/local/default/api-app:http" - }, - "statPrefix": "upstream.http.api-app.default.default.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.default.default.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "default/local/default/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "default/local/default/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.default.dc1.internal.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-foo-bar.golden deleted file mode 100644 index c0e83c41893ba..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-foo-bar.golden +++ /dev/null @@ -1,276 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-app.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.bar.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "foo/local/bar/api-app:http" - }, - "statPrefix": "upstream.http.api-app.bar.foo.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.bar.foo.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "foo/local/bar/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "foo/local/bar/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.bar.foo.dc1.internal-v1.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-foo-default.golden deleted file mode 100644 index c6d0c28a34458..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy-foo-default.golden +++ /dev/null @@ -1,276 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-app.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-app.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.default.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "foo/local/default/api-app:http" - }, - "statPrefix": "upstream.http.api-app.default.foo.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.default.foo.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "foo/local/default/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "foo/local/default/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.default.foo.dc1.internal-v1.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden index 479a4e7aefd2f..2ab840e3da9bd 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden @@ -1,8 +1,8 @@ { "proxyState": { "clusters": { - "http.api-app.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app.default.dc1.internal.foo.consul", + "tcp2.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -11,7 +11,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~http" + "consul~tcp2" ], "outboundMesh": { "identityKey": "test-identity", @@ -26,22 +26,11 @@ } } }, - "name": "http.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", + "name": "tcp2.api-app.default.dc1.internal.foo.consul", "protocol": "PROTOCOL_TCP" }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", + "http.api-app.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -50,7 +39,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp" + "consul~http" ], "outboundMesh": { "identityKey": "test-identity", @@ -65,11 +54,22 @@ } } }, - "name": "tcp.api-app.default.dc1.internal.foo.consul", + "name": "http.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" + }, + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", "protocol": "PROTOCOL_TCP" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", + "tcp.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -78,7 +78,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp2" + "consul~tcp" ], "outboundMesh": { "identityKey": "test-identity", @@ -93,7 +93,7 @@ } } }, - "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "name": "tcp.api-app.default.dc1.internal.foo.consul", "protocol": "PROTOCOL_TCP" } }, @@ -152,7 +152,7 @@ "route": { "name": "default/local/default/api-app:http" }, - "statPrefix": "upstream.http.api-app.default.default.dc1" + "statPrefix": "upstream." }, "match": { "destinationPort": 8080, @@ -212,7 +212,7 @@ } }, "requiredEndpoints": { - "http.api-app.default.dc1.internal.foo.consul": { + "tcp2.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -228,7 +228,7 @@ }, "port": "mesh" }, - "tcp.api-app.default.dc1.internal.foo.consul": { + "http.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -244,7 +244,7 @@ }, "port": "mesh" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { + "tcp.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-default-bar.golden deleted file mode 100644 index 137a378492c02..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-default-bar.golden +++ /dev/null @@ -1,276 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.bar.dc1.internal.foo.consul": { - "altStatName": "http.api-app.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.bar.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.bar.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.bar.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.bar.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.bar.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "default/local/bar/api-app:http" - }, - "statPrefix": "upstream.http.api-app.bar.default.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.bar.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.bar.default.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "default/local/bar/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "default/local/bar/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.bar.dc1.internal.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.bar.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-default-default.golden deleted file mode 100644 index 479a4e7aefd2f..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-default-default.golden +++ /dev/null @@ -1,276 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.dc1.internal.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.default.default.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "default/local/default/api-app:http" - }, - "statPrefix": "upstream.http.api-app.default.default.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.default.dc1.internal.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.default.default.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "default/local/default/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "default/local/default/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.default.dc1.internal.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-foo-bar.golden deleted file mode 100644 index c0e83c41893ba..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-foo-bar.golden +++ /dev/null @@ -1,276 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-app.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.bar.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/bar/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.bar.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "foo/local/bar/api-app:http" - }, - "statPrefix": "upstream.http.api-app.bar.foo.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.bar.foo.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "foo/local/bar/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "foo/local/bar/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.bar.foo.dc1.internal-v1.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.bar.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-foo-default.golden deleted file mode 100644 index c6d0c28a34458..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy-foo-default.golden +++ /dev/null @@ -1,276 +0,0 @@ -{ - "proxyState": { - "clusters": { - "http.api-app.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "http.api-app.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~http" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "http.api-app.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", - "protocol": "PROTOCOL_TCP" - }, - "tcp.api-app.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp.api-app.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp.api-app.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - }, - "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul": { - "altStatName": "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul", - "endpointGroup": { - "dynamic": { - "config": { - "connectTimeout": "5s", - "disablePanicThreshold": true - }, - "outboundTls": { - "alpnProtocols": [ - "consul~tcp2" - ], - "outboundMesh": { - "identityKey": "test-identity", - "sni": "api-app.default.foo.dc1.internal-v1.foo.consul", - "validationContext": { - "spiffeIds": [ - "spiffe://foo.consul/ap/foo/ns/default/identity/api-app-identity" - ], - "trustBundlePeerNameKey": "local" - } - } - } - } - }, - "name": "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_TRANSPARENT" - ], - "defaultRouter": { - "l4": { - "cluster": { - "name": "original-destination" - }, - "statPrefix": "upstream.original-destination" - } - }, - "direction": "DIRECTION_OUTBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 15001 - }, - "name": "outbound_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "tcp.api-app.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp.api-app.default.foo.dc1" - }, - "match": { - "destinationPort": 7070, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l7": { - "route": { - "name": "foo/local/default/api-app:http" - }, - "statPrefix": "upstream.http.api-app.default.foo.dc1" - }, - "match": { - "destinationPort": 8080, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - }, - { - "l4": { - "cluster": { - "name": "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul" - }, - "statPrefix": "upstream.tcp2.api-app.default.foo.dc1" - }, - "match": { - "destinationPort": 8081, - "prefixRanges": [ - { - "addressPrefix": "1.1.1.1", - "prefixLen": 32 - } - ] - } - } - ] - } - ], - "routes": { - "foo/local/default/api-app:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "foo/local/default/api-app:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "http.api-app.default.foo.dc1.internal-v1.foo.consul" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredEndpoints": { - "http.api-app.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp.api-app.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - }, - "tcp2.api-app.default.foo.dc1.internal-v1.foo.consul": { - "id": { - "name": "api-app", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "catalog", - "groupVersion": "v2beta1", - "kind": "ServiceEndpoints" - } - }, - "port": "mesh" - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden index 479a4e7aefd2f..2ab840e3da9bd 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -1,8 +1,8 @@ { "proxyState": { "clusters": { - "http.api-app.default.dc1.internal.foo.consul": { - "altStatName": "http.api-app.default.dc1.internal.foo.consul", + "tcp2.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -11,7 +11,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~http" + "consul~tcp2" ], "outboundMesh": { "identityKey": "test-identity", @@ -26,22 +26,11 @@ } } }, - "name": "http.api-app.default.dc1.internal.foo.consul", - "protocol": "PROTOCOL_HTTP" - }, - "original-destination": { - "endpointGroup": { - "passthrough": { - "config": { - "connectTimeout": "5s" - } - } - }, - "name": "original-destination", + "name": "tcp2.api-app.default.dc1.internal.foo.consul", "protocol": "PROTOCOL_TCP" }, - "tcp.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", + "http.api-app.default.dc1.internal.foo.consul": { + "altStatName": "http.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -50,7 +39,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp" + "consul~http" ], "outboundMesh": { "identityKey": "test-identity", @@ -65,11 +54,22 @@ } } }, - "name": "tcp.api-app.default.dc1.internal.foo.consul", + "name": "http.api-app.default.dc1.internal.foo.consul", + "protocol": "PROTOCOL_HTTP" + }, + "original-destination": { + "endpointGroup": { + "passthrough": { + "config": { + "connectTimeout": "5s" + } + } + }, + "name": "original-destination", "protocol": "PROTOCOL_TCP" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { - "altStatName": "tcp2.api-app.default.dc1.internal.foo.consul", + "tcp.api-app.default.dc1.internal.foo.consul": { + "altStatName": "tcp.api-app.default.dc1.internal.foo.consul", "endpointGroup": { "dynamic": { "config": { @@ -78,7 +78,7 @@ }, "outboundTls": { "alpnProtocols": [ - "consul~tcp2" + "consul~tcp" ], "outboundMesh": { "identityKey": "test-identity", @@ -93,7 +93,7 @@ } } }, - "name": "tcp2.api-app.default.dc1.internal.foo.consul", + "name": "tcp.api-app.default.dc1.internal.foo.consul", "protocol": "PROTOCOL_TCP" } }, @@ -152,7 +152,7 @@ "route": { "name": "default/local/default/api-app:http" }, - "statPrefix": "upstream.http.api-app.default.default.dc1" + "statPrefix": "upstream." }, "match": { "destinationPort": 8080, @@ -212,7 +212,7 @@ } }, "requiredEndpoints": { - "http.api-app.default.dc1.internal.foo.consul": { + "tcp2.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -228,7 +228,7 @@ }, "port": "mesh" }, - "tcp.api-app.default.dc1.internal.foo.consul": { + "http.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { @@ -244,7 +244,7 @@ }, "port": "mesh" }, - "tcp2.api-app.default.dc1.internal.foo.consul": { + "tcp.api-app.default.dc1.internal.foo.consul": { "id": { "name": "api-app", "tenancy": { diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden similarity index 57% rename from internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-default-default.golden rename to internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden index 93a69b2bb033a..95ee222f3d26d 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-default-default.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -1,23 +1,16 @@ { "proxyState": { "clusters": { - "local_app:admin-port": { + "local_app:port1": { "endpointGroup": { "static": {} }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", + "name": "local_app:port1", "protocol": "PROTOCOL_TCP" } }, "endpoints": { - "local_app:admin-port": { + "local_app:port1": { "endpoints": [ { "hostPort": { @@ -26,16 +19,6 @@ } } ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] } }, "identity": { @@ -58,7 +41,7 @@ ], "direction": "DIRECTION_INBOUND", "hostPort": { - "host": "10.0.0.3", + "host": "10.0.0.2", "port": 20000 }, "name": "public_listener", @@ -76,38 +59,26 @@ }, "l4": { "cluster": { - "name": "local_app:admin-port" + "name": "local_app:port1" }, "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } + "trafficPermissions": { + "allowPermissions": [ + { + "principals": [ + { + "spiffe": { + "regex": "^spiffe://foo.consul/ap/default/ns/default/identity/foo$" + } + } + ] + } + ] } }, - "l4": { - "cluster": { - "name": "local_app:api-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, "match": { "alpnProtocols": [ - "consul~api-port" + "consul~port1" ] } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-without-ports.golden similarity index 59% rename from internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-default-default.golden rename to internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-without-ports.golden index 3831349ccdbd5..0cb52d9921557 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-default-default.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-multiple-workload-addresses-without-ports.golden @@ -1,23 +1,16 @@ { "proxyState": { "clusters": { - "local_app:admin-port": { + "local_app:port1": { "endpointGroup": { "static": {} }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", + "name": "local_app:port1", "protocol": "PROTOCOL_TCP" } }, "endpoints": { - "local_app:admin-port": { + "local_app:port1": { "endpoints": [ { "hostPort": { @@ -26,16 +19,6 @@ } } ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] } }, "identity": { @@ -76,38 +59,14 @@ }, "l4": { "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" + "name": "local_app:port1" }, "statPrefix": "public_listener", "trafficPermissions": {} }, "match": { "alpnProtocols": [ - "consul~api-port" + "consul~port1" ] } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-single-workload-address-without-ports.golden similarity index 59% rename from internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-default-default.golden rename to internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-single-workload-address-without-ports.golden index 3831349ccdbd5..0cb52d9921557 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-default-default.golden +++ b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l4-single-workload-address-without-ports.golden @@ -1,23 +1,16 @@ { "proxyState": { "clusters": { - "local_app:admin-port": { + "local_app:port1": { "endpointGroup": { "static": {} }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", + "name": "local_app:port1", "protocol": "PROTOCOL_TCP" } }, "endpoints": { - "local_app:admin-port": { + "local_app:port1": { "endpoints": [ { "hostPort": { @@ -26,16 +19,6 @@ } } ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] } }, "identity": { @@ -76,38 +59,14 @@ }, "l4": { "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" + "name": "local_app:port1" }, "statPrefix": "public_listener", "trafficPermissions": {} }, "match": { "alpnProtocols": [ - "consul~api-port" + "consul~port1" ] } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-default-bar.golden deleted file mode 100644 index 69a9d49fd30f6..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-default-bar.golden +++ /dev/null @@ -1,212 +0,0 @@ -{ - "proxyState": { - "clusters": { - "exposed_cluster_9090": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9090", - "protocol": "PROTOCOL_HTTP" - }, - "exposed_cluster_9091": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9091", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:port1": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:port1", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "exposed_cluster_9090": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "exposed_cluster_9091": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - }, - "local_app:port1": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:port1" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port1" - ] - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1234 - }, - "name": "exposed_path_health1234", - "routers": [ - { - "l7": { - "route": { - "name": "exposed_path_route_health1234" - }, - "statPrefix": "exposed_path_route_health1234", - "staticRoute": true - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1235 - }, - "name": "exposed_path_GetHealth1235", - "routers": [ - { - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "exposed_path_route_GetHealth1235" - }, - "statPrefix": "exposed_path_route_GetHealth1235", - "staticRoute": true - } - } - ] - } - ], - "routes": { - "exposed_path_route_GetHealth1235": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_GetHealth1235", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9091" - } - }, - "match": { - "pathMatch": { - "exact": "GetHealth" - } - } - } - ] - } - ] - }, - "exposed_path_route_health1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_health1234", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9090" - } - }, - "match": { - "pathMatch": { - "exact": "/health" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-default-default.golden deleted file mode 100644 index 2af5ce9c06d43..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-default-default.golden +++ /dev/null @@ -1,212 +0,0 @@ -{ - "proxyState": { - "clusters": { - "exposed_cluster_9090": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9090", - "protocol": "PROTOCOL_HTTP" - }, - "exposed_cluster_9091": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9091", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:port1": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:port1", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "exposed_cluster_9090": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "exposed_cluster_9091": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - }, - "local_app:port1": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:port1" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port1" - ] - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1234 - }, - "name": "exposed_path_health1234", - "routers": [ - { - "l7": { - "route": { - "name": "exposed_path_route_health1234" - }, - "statPrefix": "exposed_path_route_health1234", - "staticRoute": true - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1235 - }, - "name": "exposed_path_GetHealth1235", - "routers": [ - { - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "exposed_path_route_GetHealth1235" - }, - "statPrefix": "exposed_path_route_GetHealth1235", - "staticRoute": true - } - } - ] - } - ], - "routes": { - "exposed_path_route_GetHealth1235": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_GetHealth1235", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9091" - } - }, - "match": { - "pathMatch": { - "exact": "GetHealth" - } - } - } - ] - } - ] - }, - "exposed_path_route_health1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_health1234", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9090" - } - }, - "match": { - "pathMatch": { - "exact": "/health" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-foo-bar.golden deleted file mode 100644 index 4236759182389..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-foo-bar.golden +++ /dev/null @@ -1,212 +0,0 @@ -{ - "proxyState": { - "clusters": { - "exposed_cluster_9090": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9090", - "protocol": "PROTOCOL_HTTP" - }, - "exposed_cluster_9091": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9091", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:port1": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:port1", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "exposed_cluster_9090": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "exposed_cluster_9091": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - }, - "local_app:port1": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:port1" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port1" - ] - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1234 - }, - "name": "exposed_path_health1234", - "routers": [ - { - "l7": { - "route": { - "name": "exposed_path_route_health1234" - }, - "statPrefix": "exposed_path_route_health1234", - "staticRoute": true - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1235 - }, - "name": "exposed_path_GetHealth1235", - "routers": [ - { - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "exposed_path_route_GetHealth1235" - }, - "statPrefix": "exposed_path_route_GetHealth1235", - "staticRoute": true - } - } - ] - } - ], - "routes": { - "exposed_path_route_GetHealth1235": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_GetHealth1235", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9091" - } - }, - "match": { - "pathMatch": { - "exact": "GetHealth" - } - } - } - ] - } - ] - }, - "exposed_path_route_health1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_health1234", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9090" - } - }, - "match": { - "pathMatch": { - "exact": "/health" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-foo-default.golden deleted file mode 100644 index 769e098e2cf3f..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/l7-expose-paths-foo-default.golden +++ /dev/null @@ -1,212 +0,0 @@ -{ - "proxyState": { - "clusters": { - "exposed_cluster_9090": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9090", - "protocol": "PROTOCOL_HTTP" - }, - "exposed_cluster_9091": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9091", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:port1": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:port1", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "exposed_cluster_9090": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "exposed_cluster_9091": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - }, - "local_app:port1": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:port1" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port1" - ] - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1234 - }, - "name": "exposed_path_health1234", - "routers": [ - { - "l7": { - "route": { - "name": "exposed_path_route_health1234" - }, - "statPrefix": "exposed_path_route_health1234", - "staticRoute": true - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1235 - }, - "name": "exposed_path_GetHealth1235", - "routers": [ - { - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "exposed_path_route_GetHealth1235" - }, - "statPrefix": "exposed_path_route_GetHealth1235", - "staticRoute": true - } - } - ] - } - ], - "routes": { - "exposed_path_route_GetHealth1235": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_GetHealth1235", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9091" - } - }, - "match": { - "pathMatch": { - "exact": "GetHealth" - } - } - } - ] - } - ] - }, - "exposed_path_route_health1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_health1234", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9090" - } - }, - "match": { - "pathMatch": { - "exact": "/health" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-default-bar.golden deleted file mode 100644 index cd42af38430d7..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-default-bar.golden +++ /dev/null @@ -1,304 +0,0 @@ -{ - "proxyState": { - "clusters": { - "exposed_cluster_9090": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9090", - "protocol": "PROTOCOL_HTTP" - }, - "exposed_cluster_9091": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9091", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:port1": { - "endpointGroup": { - "static": { - "config": { - "circuitBreakers": { - "upstreamLimits": { - "maxConnections": 123 - } - }, - "connectTimeout": "6s" - } - } - }, - "name": "local_app:port1", - "protocol": "PROTOCOL_TCP" - }, - "local_app:port3": { - "endpointGroup": { - "static": { - "config": { - "circuitBreakers": { - "upstreamLimits": { - "maxConnections": 123 - } - }, - "connectTimeout": "8s" - } - } - }, - "name": "local_app:port3", - "protocol": "PROTOCOL_HTTP" - } - }, - "endpoints": { - "exposed_cluster_9090": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "exposed_cluster_9091": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - }, - "local_app:port1": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:port3": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "balanceConnections": "BALANCE_CONNECTIONS_EXACT", - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:port1" - }, - "maxInboundConnections": "123", - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port1" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "maxInboundConnections": "123", - "route": { - "name": "public_listener:port3" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port3" - ] - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1234 - }, - "name": "exposed_path_health1234", - "routers": [ - { - "l7": { - "route": { - "name": "exposed_path_route_health1234" - }, - "statPrefix": "exposed_path_route_health1234", - "staticRoute": true - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1235 - }, - "name": "exposed_path_GetHealth1235", - "routers": [ - { - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "exposed_path_route_GetHealth1235" - }, - "statPrefix": "exposed_path_route_GetHealth1235", - "staticRoute": true - } - } - ] - } - ], - "routes": { - "exposed_path_route_GetHealth1235": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_GetHealth1235", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9091" - } - }, - "match": { - "pathMatch": { - "exact": "GetHealth" - } - } - } - ] - } - ] - }, - "exposed_path_route_health1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_health1234", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9090" - } - }, - "match": { - "pathMatch": { - "exact": "/health" - } - } - } - ] - } - ] - }, - "public_listener:port3": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:port3", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:port3" - }, - "destinationConfiguration": { - "timeoutConfig": { - "timeout": "9s" - } - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-default-default.golden deleted file mode 100644 index 299b051ef69d4..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-default-default.golden +++ /dev/null @@ -1,304 +0,0 @@ -{ - "proxyState": { - "clusters": { - "exposed_cluster_9090": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9090", - "protocol": "PROTOCOL_HTTP" - }, - "exposed_cluster_9091": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9091", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:port1": { - "endpointGroup": { - "static": { - "config": { - "circuitBreakers": { - "upstreamLimits": { - "maxConnections": 123 - } - }, - "connectTimeout": "6s" - } - } - }, - "name": "local_app:port1", - "protocol": "PROTOCOL_TCP" - }, - "local_app:port3": { - "endpointGroup": { - "static": { - "config": { - "circuitBreakers": { - "upstreamLimits": { - "maxConnections": 123 - } - }, - "connectTimeout": "8s" - } - } - }, - "name": "local_app:port3", - "protocol": "PROTOCOL_HTTP" - } - }, - "endpoints": { - "exposed_cluster_9090": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "exposed_cluster_9091": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - }, - "local_app:port1": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:port3": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "balanceConnections": "BALANCE_CONNECTIONS_EXACT", - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:port1" - }, - "maxInboundConnections": "123", - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port1" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "maxInboundConnections": "123", - "route": { - "name": "public_listener:port3" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port3" - ] - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1234 - }, - "name": "exposed_path_health1234", - "routers": [ - { - "l7": { - "route": { - "name": "exposed_path_route_health1234" - }, - "statPrefix": "exposed_path_route_health1234", - "staticRoute": true - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1235 - }, - "name": "exposed_path_GetHealth1235", - "routers": [ - { - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "exposed_path_route_GetHealth1235" - }, - "statPrefix": "exposed_path_route_GetHealth1235", - "staticRoute": true - } - } - ] - } - ], - "routes": { - "exposed_path_route_GetHealth1235": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_GetHealth1235", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9091" - } - }, - "match": { - "pathMatch": { - "exact": "GetHealth" - } - } - } - ] - } - ] - }, - "exposed_path_route_health1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_health1234", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9090" - } - }, - "match": { - "pathMatch": { - "exact": "/health" - } - } - } - ] - } - ] - }, - "public_listener:port3": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:port3", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:port3" - }, - "destinationConfiguration": { - "timeoutConfig": { - "timeout": "9s" - } - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-foo-bar.golden deleted file mode 100644 index 401f78db4421e..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-foo-bar.golden +++ /dev/null @@ -1,304 +0,0 @@ -{ - "proxyState": { - "clusters": { - "exposed_cluster_9090": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9090", - "protocol": "PROTOCOL_HTTP" - }, - "exposed_cluster_9091": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9091", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:port1": { - "endpointGroup": { - "static": { - "config": { - "circuitBreakers": { - "upstreamLimits": { - "maxConnections": 123 - } - }, - "connectTimeout": "6s" - } - } - }, - "name": "local_app:port1", - "protocol": "PROTOCOL_TCP" - }, - "local_app:port3": { - "endpointGroup": { - "static": { - "config": { - "circuitBreakers": { - "upstreamLimits": { - "maxConnections": 123 - } - }, - "connectTimeout": "8s" - } - } - }, - "name": "local_app:port3", - "protocol": "PROTOCOL_HTTP" - } - }, - "endpoints": { - "exposed_cluster_9090": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "exposed_cluster_9091": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - }, - "local_app:port1": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:port3": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "balanceConnections": "BALANCE_CONNECTIONS_EXACT", - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:port1" - }, - "maxInboundConnections": "123", - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port1" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "maxInboundConnections": "123", - "route": { - "name": "public_listener:port3" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port3" - ] - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1234 - }, - "name": "exposed_path_health1234", - "routers": [ - { - "l7": { - "route": { - "name": "exposed_path_route_health1234" - }, - "statPrefix": "exposed_path_route_health1234", - "staticRoute": true - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1235 - }, - "name": "exposed_path_GetHealth1235", - "routers": [ - { - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "exposed_path_route_GetHealth1235" - }, - "statPrefix": "exposed_path_route_GetHealth1235", - "staticRoute": true - } - } - ] - } - ], - "routes": { - "exposed_path_route_GetHealth1235": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_GetHealth1235", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9091" - } - }, - "match": { - "pathMatch": { - "exact": "GetHealth" - } - } - } - ] - } - ] - }, - "exposed_path_route_health1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_health1234", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9090" - } - }, - "match": { - "pathMatch": { - "exact": "/health" - } - } - } - ] - } - ] - }, - "public_listener:port3": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:port3", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:port3" - }, - "destinationConfiguration": { - "timeoutConfig": { - "timeout": "9s" - } - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-foo-default.golden deleted file mode 100644 index 208ae29f3f428..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/local-and-inbound-connections-foo-default.golden +++ /dev/null @@ -1,304 +0,0 @@ -{ - "proxyState": { - "clusters": { - "exposed_cluster_9090": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9090", - "protocol": "PROTOCOL_HTTP" - }, - "exposed_cluster_9091": { - "endpointGroup": { - "static": {} - }, - "name": "exposed_cluster_9091", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:port1": { - "endpointGroup": { - "static": { - "config": { - "circuitBreakers": { - "upstreamLimits": { - "maxConnections": 123 - } - }, - "connectTimeout": "6s" - } - } - }, - "name": "local_app:port1", - "protocol": "PROTOCOL_TCP" - }, - "local_app:port3": { - "endpointGroup": { - "static": { - "config": { - "circuitBreakers": { - "upstreamLimits": { - "maxConnections": 123 - } - }, - "connectTimeout": "8s" - } - } - }, - "name": "local_app:port3", - "protocol": "PROTOCOL_HTTP" - } - }, - "endpoints": { - "exposed_cluster_9090": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "exposed_cluster_9091": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - }, - "local_app:port1": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:port3": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "balanceConnections": "BALANCE_CONNECTIONS_EXACT", - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:port1" - }, - "maxInboundConnections": "123", - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port1" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "maxInboundConnections": "123", - "route": { - "name": "public_listener:port3" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~port3" - ] - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1234 - }, - "name": "exposed_path_health1234", - "routers": [ - { - "l7": { - "route": { - "name": "exposed_path_route_health1234" - }, - "statPrefix": "exposed_path_route_health1234", - "staticRoute": true - } - } - ] - }, - { - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 1235 - }, - "name": "exposed_path_GetHealth1235", - "routers": [ - { - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "exposed_path_route_GetHealth1235" - }, - "statPrefix": "exposed_path_route_GetHealth1235", - "staticRoute": true - } - } - ] - } - ], - "routes": { - "exposed_path_route_GetHealth1235": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_GetHealth1235", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9091" - } - }, - "match": { - "pathMatch": { - "exact": "GetHealth" - } - } - } - ] - } - ] - }, - "exposed_path_route_health1234": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "exposed_path_route_health1234", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "exposed_cluster_9090" - } - }, - "match": { - "pathMatch": { - "exact": "/health" - } - } - } - ] - } - ] - }, - "public_listener:port3": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:port3", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:port3" - }, - "destinationConfiguration": { - "timeoutConfig": { - "timeout": "9s" - } - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-default-bar.golden deleted file mode 100644 index 9fb74bcac23a6..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-default-bar.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-default-default.golden deleted file mode 100644 index 70d0232467f1f..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-default-default.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-foo-bar.golden deleted file mode 100644 index 053dab78e252c..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-foo-bar.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-foo-default.golden deleted file mode 100644 index cce0e467791b6..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports-foo-default.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports.golden deleted file mode 100644 index 70d0232467f1f..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-with-specific-ports.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-default-bar.golden deleted file mode 100644 index 71727030fd3a5..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-default-bar.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-default-default.golden deleted file mode 100644 index b86daa2817148..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-default-default.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-foo-bar.golden deleted file mode 100644 index 091b51a8086bd..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-foo-bar.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-foo-default.golden deleted file mode 100644 index ef874be52ac62..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports-foo-default.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports.golden deleted file mode 100644 index b86daa2817148..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiple-workload-addresses-without-ports.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-default-bar.golden deleted file mode 100644 index 94089a6f0a59a..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-default-bar.golden +++ /dev/null @@ -1,130 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.3", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-foo-bar.golden deleted file mode 100644 index c1b2664d2e2d2..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-foo-bar.golden +++ /dev/null @@ -1,130 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.3", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-foo-default.golden deleted file mode 100644 index af5c54fa0e3ac..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-with-specific-ports-foo-default.golden +++ /dev/null @@ -1,130 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.3", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-default-bar.golden deleted file mode 100644 index 52a3257ee7524..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-default-bar.golden +++ /dev/null @@ -1,130 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-foo-bar.golden deleted file mode 100644 index 19fe7d3a1663a..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-foo-bar.golden +++ /dev/null @@ -1,130 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-foo-default.golden deleted file mode 100644 index 8279e5ee7b195..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-multiple-workload-addresses-without-ports-foo-default.golden +++ /dev/null @@ -1,130 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-default-bar.golden deleted file mode 100644 index 52a3257ee7524..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-default-bar.golden +++ /dev/null @@ -1,130 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-foo-bar.golden deleted file mode 100644 index 19fe7d3a1663a..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-foo-bar.golden +++ /dev/null @@ -1,130 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-foo-default.golden deleted file mode 100644 index 8279e5ee7b195..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-single-workload-address-without-ports-foo-default.golden +++ /dev/null @@ -1,130 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_TCP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:admin-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:api-port" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-default-bar.golden deleted file mode 100644 index 913b1b8e98c88..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-default-bar.golden +++ /dev/null @@ -1,61 +0,0 @@ -{ - "proxyState": { - "clusters": { - "black-hole-cluster": { - "endpointGroup": { - "static": {} - }, - "name": "black-hole-cluster", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "black-hole-cluster" - }, - "statPrefix": "public_listener" - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-default-default.golden deleted file mode 100644 index dc9afc44fa43d..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-default-default.golden +++ /dev/null @@ -1,61 +0,0 @@ -{ - "proxyState": { - "clusters": { - "black-hole-cluster": { - "endpointGroup": { - "static": {} - }, - "name": "black-hole-cluster", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "black-hole-cluster" - }, - "statPrefix": "public_listener" - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-foo-bar.golden deleted file mode 100644 index 9400538fc5c6d..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-foo-bar.golden +++ /dev/null @@ -1,61 +0,0 @@ -{ - "proxyState": { - "clusters": { - "black-hole-cluster": { - "endpointGroup": { - "static": {} - }, - "name": "black-hole-cluster", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "black-hole-cluster" - }, - "statPrefix": "public_listener" - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-foo-default.golden deleted file mode 100644 index 7e9283df7ad6c..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l4-workload-with-only-mesh-port-foo-default.golden +++ /dev/null @@ -1,61 +0,0 @@ -{ - "proxyState": { - "clusters": { - "black-hole-cluster": { - "endpointGroup": { - "static": {} - }, - "name": "black-hole-cluster", - "protocol": "PROTOCOL_TCP" - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "l4": { - "cluster": { - "name": "black-hole-cluster" - }, - "statPrefix": "public_listener" - } - } - ] - } - ] - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-default-bar.golden deleted file mode 100644 index 97f406874f620..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-default-bar.golden +++ /dev/null @@ -1,183 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.3", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-default-default.golden deleted file mode 100644 index dcba1dc58150a..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-default-default.golden +++ /dev/null @@ -1,183 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.3", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-foo-bar.golden deleted file mode 100644 index 60bf38e8ecb8b..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-foo-bar.golden +++ /dev/null @@ -1,183 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.3", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-foo-default.golden deleted file mode 100644 index 4ddca8f31b2b3..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-with-specific-ports-foo-default.golden +++ /dev/null @@ -1,183 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.3", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-default-bar.golden deleted file mode 100644 index c8849428f06e4..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-default-bar.golden +++ /dev/null @@ -1,250 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:grpc-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc-port", - "protocol": "PROTOCOL_GRPC" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "local_app:grpc-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:grpc-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-default-default.golden deleted file mode 100644 index 08d9faa234ea6..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-default-default.golden +++ /dev/null @@ -1,250 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:grpc-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc-port", - "protocol": "PROTOCOL_GRPC" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "local_app:grpc-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:grpc-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-foo-bar.golden deleted file mode 100644 index d5d96889b4380..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-foo-bar.golden +++ /dev/null @@ -1,250 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:grpc-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc-port", - "protocol": "PROTOCOL_GRPC" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "local_app:grpc-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:grpc-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-foo-default.golden deleted file mode 100644 index 89503e533e16e..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-multiple-workload-addresses-without-ports-foo-default.golden +++ /dev/null @@ -1,250 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:grpc-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc-port", - "protocol": "PROTOCOL_GRPC" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "local_app:grpc-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:grpc-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-default-bar.golden deleted file mode 100644 index c8849428f06e4..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-default-bar.golden +++ /dev/null @@ -1,250 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:grpc-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc-port", - "protocol": "PROTOCOL_GRPC" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "local_app:grpc-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:grpc-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-default-default.golden deleted file mode 100644 index 08d9faa234ea6..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-default-default.golden +++ /dev/null @@ -1,250 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:grpc-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc-port", - "protocol": "PROTOCOL_GRPC" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "local_app:grpc-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:grpc-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-foo-bar.golden deleted file mode 100644 index d5d96889b4380..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-foo-bar.golden +++ /dev/null @@ -1,250 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:grpc-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc-port", - "protocol": "PROTOCOL_GRPC" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "local_app:grpc-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:grpc-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-foo-default.golden deleted file mode 100644 index 89503e533e16e..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/multiport-l7-single-workload-address-without-ports-foo-default.golden +++ /dev/null @@ -1,250 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:admin-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:admin-port", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:api-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:api-port", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:grpc-port": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc-port", - "protocol": "PROTOCOL_GRPC" - } - }, - "endpoints": { - "local_app:admin-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - }, - "local_app:api-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9090 - } - } - ] - }, - "local_app:grpc-port": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 9091 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:admin-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~admin-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:api-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~api-port" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc-port" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc-port" - ] - } - } - ] - } - ], - "routes": { - "public_listener:admin-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:admin-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:admin-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:api-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:api-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:api-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:grpc-port": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc-port", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc-port" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-default-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-default-bar.golden deleted file mode 100644 index 71727030fd3a5..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-default-bar.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-default-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-default-default.golden deleted file mode 100644 index b86daa2817148..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-default-default.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-foo-bar.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-foo-bar.golden deleted file mode 100644 index 091b51a8086bd..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-foo-bar.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "bar", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "bar", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-foo-default.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-foo-default.golden deleted file mode 100644 index ef874be52ac62..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports-foo-default.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "foo", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "foo" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports.golden b/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports.golden deleted file mode 100644 index b86daa2817148..0000000000000 --- a/internal/mesh/internal/controllers/sidecarproxy/builder/testdata/source/single-workload-address-without-ports.golden +++ /dev/null @@ -1,291 +0,0 @@ -{ - "proxyState": { - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - } - }, - "requiredLeafCertificates": { - "test-identity": { - "name": "test-identity", - "namespace": "default", - "partition": "default" - } - }, - "requiredTrustBundles": { - "local": { - "peer": "local" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/sidecarproxy/cache/cache_test.go b/internal/mesh/internal/controllers/sidecarproxy/cache/cache_test.go index e0ade738e2fd1..2aa5484db498e 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/cache/cache_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/cache/cache_test.go @@ -24,408 +24,397 @@ import ( ) func TestIdentities(t *testing.T) { - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - cache := New() - - identityID1 := resourcetest.Resource(pbauth.WorkloadIdentityType, "workload-identity-1"). - WithTenancy(tenancy).ID() - identityID2 := resourcetest.Resource(pbauth.WorkloadIdentityType, "workload-identity-2"). - WithTenancy(tenancy).ID() - - w1 := resourcetest.Resource(pbcatalog.WorkloadType, "service-workload-1"). - WithData(t, &pbcatalog.Workload{ - Identity: identityID1.Name, - }). - WithTenancy(tenancy). - Build() - decW1 := resourcetest.MustDecode[*pbcatalog.Workload](t, w1) - w2 := resourcetest.Resource(pbcatalog.WorkloadType, "service-workload-2"). - WithData(t, &pbcatalog.Workload{ - Identity: identityID2.Name, - }). - WithTenancy(tenancy). - Build() - decW2 := resourcetest.MustDecode[*pbcatalog.Workload](t, w2) - - // Empty cache - require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID1)) - require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID2)) - - // Insert value and fetch it. - cache.TrackWorkload(decW1) - require.Equal(t, []*pbresource.ID{w1.Id}, cache.WorkloadsByWorkloadIdentity(identityID1)) - require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID2)) - - // Insert another value referencing the same identity. - decW2.GetData().Identity = identityID1.Name - cache.TrackWorkload(decW2) - require.ElementsMatch(t, []*pbresource.ID{w1.Id, w2.Id}, cache.WorkloadsByWorkloadIdentity(identityID1)) - require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID2)) - - // Now workload 1 uses identity 2 - decW1.GetData().Identity = identityID2.Name - cache.TrackWorkload(decW1) - require.Equal(t, []*pbresource.ID{w1.Id}, cache.WorkloadsByWorkloadIdentity(identityID2)) - require.Equal(t, []*pbresource.ID{w2.Id}, cache.WorkloadsByWorkloadIdentity(identityID1)) - - // Untrack workload 2 - cache.UntrackWorkload(w2.Id) - require.Equal(t, []*pbresource.ID{w1.Id}, cache.WorkloadsByWorkloadIdentity(identityID2)) - require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID1)) - - // Untrack workload 1 - cache.UntrackWorkload(w1.Id) - require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID2)) - require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID1)) - }, t) + cache := New() + + identityID1 := resourcetest.Resource(pbauth.WorkloadIdentityType, "workload-identity-1"). + WithTenancy(resource.DefaultNamespacedTenancy()).ID() + identityID2 := resourcetest.Resource(pbauth.WorkloadIdentityType, "workload-identity-2"). + WithTenancy(resource.DefaultNamespacedTenancy()).ID() + + w1 := resourcetest.Resource(pbcatalog.WorkloadType, "service-workload-1"). + WithData(t, &pbcatalog.Workload{ + Identity: identityID1.Name, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + decW1 := resourcetest.MustDecode[*pbcatalog.Workload](t, w1) + w2 := resourcetest.Resource(pbcatalog.WorkloadType, "service-workload-2"). + WithData(t, &pbcatalog.Workload{ + Identity: identityID2.Name, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + decW2 := resourcetest.MustDecode[*pbcatalog.Workload](t, w2) + + // Empty cache + require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID1)) + require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID2)) + + // Insert value and fetch it. + cache.TrackWorkload(decW1) + require.Equal(t, []*pbresource.ID{w1.Id}, cache.WorkloadsByWorkloadIdentity(identityID1)) + require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID2)) + + // Insert another value referencing the same identity. + decW2.GetData().Identity = identityID1.Name + cache.TrackWorkload(decW2) + require.ElementsMatch(t, []*pbresource.ID{w1.Id, w2.Id}, cache.WorkloadsByWorkloadIdentity(identityID1)) + require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID2)) + + // Now workload 1 uses identity 2 + decW1.GetData().Identity = identityID2.Name + cache.TrackWorkload(decW1) + require.Equal(t, []*pbresource.ID{w1.Id}, cache.WorkloadsByWorkloadIdentity(identityID2)) + require.Equal(t, []*pbresource.ID{w2.Id}, cache.WorkloadsByWorkloadIdentity(identityID1)) + + // Untrack workload 2 + cache.UntrackWorkload(w2.Id) + require.Equal(t, []*pbresource.ID{w1.Id}, cache.WorkloadsByWorkloadIdentity(identityID2)) + require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID1)) + + // Untrack workload 1 + cache.UntrackWorkload(w1.Id) + require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID2)) + require.Nil(t, cache.WorkloadsByWorkloadIdentity(identityID1)) } func TestMapComputedTrafficPermissions(t *testing.T) { - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - Run(t) - - ctp := resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, "workload-identity-1"). - WithTenancy(tenancy). - WithData(t, &pbauth.ComputedTrafficPermissions{}). - Build() - - c := New() - - // Empty results when the cache isn't populated. - requests, err := c.MapComputedTrafficPermissions(context.Background(), controller.Runtime{Client: client}, ctp) - require.NoError(t, err) - require.Len(t, requests, 0) - - identityID1 := resourcetest.Resource(pbauth.WorkloadIdentityType, "workload-identity-1"). - WithTenancy(tenancy).ID() - - w1 := resourcetest.Resource(pbcatalog.WorkloadType, "service-workload-1"). - WithData(t, &pbcatalog.Workload{ - Identity: identityID1.Name, - }). - WithTenancy(tenancy). - Build() - decW1 := resourcetest.MustDecode[*pbcatalog.Workload](t, w1) - w2 := resourcetest.Resource(pbcatalog.WorkloadType, "service-workload-2"). - WithData(t, &pbcatalog.Workload{ - Identity: identityID1.Name, - }). - WithTenancy(tenancy). - Build() - decW2 := resourcetest.MustDecode[*pbcatalog.Workload](t, w2) - - c.TrackWorkload(decW1) - - // Empty results when the cache isn't populated. - requests, err = c.MapComputedTrafficPermissions(context.Background(), controller.Runtime{Client: client}, ctp) - require.NoError(t, err) - prototest.AssertElementsMatch(t, - []controller.Request{{ID: resource.ReplaceType(pbmesh.ProxyStateTemplateType, w1.Id)}}, requests) - - c.TrackWorkload(decW2) - - // Empty results when the cache isn't populated. - requests, err = c.MapComputedTrafficPermissions(context.Background(), controller.Runtime{Client: client}, ctp) - require.NoError(t, err) - prototest.AssertElementsMatch(t, []controller.Request{ - {ID: resource.ReplaceType(pbmesh.ProxyStateTemplateType, w1.Id)}, - {ID: resource.ReplaceType(pbmesh.ProxyStateTemplateType, w2.Id)}, - }, requests) - }, t) + client := svctest.RunResourceService(t, types.Register, catalog.RegisterTypes) + ctp := resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, "workload-identity-1"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, &pbauth.ComputedTrafficPermissions{}). + Build() + + c := New() + + // Empty results when the cache isn't populated. + requests, err := c.MapComputedTrafficPermissions(context.Background(), controller.Runtime{Client: client}, ctp) + require.NoError(t, err) + require.Len(t, requests, 0) + + identityID1 := resourcetest.Resource(pbauth.WorkloadIdentityType, "workload-identity-1"). + WithTenancy(resource.DefaultNamespacedTenancy()).ID() + + w1 := resourcetest.Resource(pbcatalog.WorkloadType, "service-workload-1"). + WithData(t, &pbcatalog.Workload{ + Identity: identityID1.Name, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + decW1 := resourcetest.MustDecode[*pbcatalog.Workload](t, w1) + w2 := resourcetest.Resource(pbcatalog.WorkloadType, "service-workload-2"). + WithData(t, &pbcatalog.Workload{ + Identity: identityID1.Name, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + decW2 := resourcetest.MustDecode[*pbcatalog.Workload](t, w2) + + c.TrackWorkload(decW1) + + // Empty results when the cache isn't populated. + requests, err = c.MapComputedTrafficPermissions(context.Background(), controller.Runtime{Client: client}, ctp) + require.NoError(t, err) + prototest.AssertElementsMatch(t, + []controller.Request{{ID: resource.ReplaceType(pbmesh.ProxyStateTemplateType, w1.Id)}}, requests) + + c.TrackWorkload(decW2) + + // Empty results when the cache isn't populated. + requests, err = c.MapComputedTrafficPermissions(context.Background(), controller.Runtime{Client: client}, ctp) + require.NoError(t, err) + prototest.AssertElementsMatch(t, []controller.Request{ + {ID: resource.ReplaceType(pbmesh.ProxyStateTemplateType, w1.Id)}, + {ID: resource.ReplaceType(pbmesh.ProxyStateTemplateType, w2.Id)}, + }, requests) } func TestUnified_AllMappingsToProxyStateTemplate(t *testing.T) { - resourcetest.RunWithTenancies(func(tenancy *pbresource.Tenancy) { - var ( - cache = New() - client = svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - Run(t) - ) - - anyServiceData := &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Prefixes: []string{"src-workload"}, + var ( + cache = New() + client = svctest.RunResourceService(t, types.Register, catalog.RegisterTypes) + ) + + anyServiceData := &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Prefixes: []string{"src-workload"}, + }, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "tcp1", + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, }, - Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "tcp2", + Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + }, + { + TargetPort: "mesh", + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, + }, + }, + } + + // The thing we link through Destinations. + destService := resourcetest.Resource(pbcatalog.ServiceType, "web"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, anyServiceData). + Build() + destServiceRef := resource.Reference(destService.Id, "") + + // The thing we reach through the mesh config. + targetService := resourcetest.Resource(pbcatalog.ServiceType, "db"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, anyServiceData). + Build() + targetServiceRef := resource.Reference(targetService.Id, "") + + backupTargetService := resourcetest.Resource(pbcatalog.ServiceType, "db-backup"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, anyServiceData). + Build() + backupTargetServiceRef := resource.Reference(backupTargetService.Id, "") + + // The way we make 'web' actually route traffic to 'db'. + tcpRoute := resourcetest.Resource(pbmesh.TCPRouteType, "tcp-route"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, &pbmesh.TCPRoute{ + ParentRefs: []*pbmesh.ParentReference{{ + Ref: destServiceRef, + }}, + Rules: []*pbmesh.TCPRouteRule{{ + BackendRefs: []*pbmesh.TCPBackendRef{{ + BackendRef: &pbmesh.BackendReference{ + Ref: targetServiceRef, + }, + }}, + }}, + }). + Build() + failoverPolicy := resourcetest.ResourceID(resource.ReplaceType(pbcatalog.FailoverPolicyType, targetService.Id)). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, &pbcatalog.FailoverPolicy{ + Config: &pbcatalog.FailoverConfig{ + Destinations: []*pbcatalog.FailoverDestination{{ + Ref: backupTargetServiceRef, + }}, + }, + }). + Build() + webRoutes := routestest.BuildComputedRoutes(t, resource.ReplaceType(pbmesh.ComputedRoutesType, destService.Id), + resourcetest.MustDecode[*pbcatalog.Service](t, destService), + resourcetest.MustDecode[*pbcatalog.Service](t, targetService), + resourcetest.MustDecode[*pbcatalog.Service](t, backupTargetService), + resourcetest.MustDecode[*pbmesh.TCPRoute](t, tcpRoute), + resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, failoverPolicy), + ) + + var ( + sourceProxy1 = newID(pbmesh.ProxyStateTemplateType, "src-workload-1") + sourceProxy2 = newID(pbmesh.ProxyStateTemplateType, "src-workload-2") + sourceProxy3 = newID(pbmesh.ProxyStateTemplateType, "src-workload-3") + sourceProxy4 = newID(pbmesh.ProxyStateTemplateType, "src-workload-4") + sourceProxy5 = newID(pbmesh.ProxyStateTemplateType, "src-workload-5") + sourceProxy6 = newID(pbmesh.ProxyStateTemplateType, "src-workload-6") + ) + + compDestProxy1 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy1.Name). + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ { - TargetPort: "tcp1", - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + DestinationRef: destServiceRef, + DestinationPort: "tcp1", }, + }, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + + compDestProxy2 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy2.Name). + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ { - TargetPort: "tcp2", - Protocol: pbcatalog.Protocol_PROTOCOL_TCP, + DestinationRef: destServiceRef, + DestinationPort: "tcp1", }, + }, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + + compDestProxy3 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy3.Name). + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ { - TargetPort: "mesh", - Protocol: pbcatalog.Protocol_PROTOCOL_MESH, + DestinationRef: destServiceRef, + DestinationPort: "tcp2", }, }, - } + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() - // The thing we link through Destinations. - destService := resourcetest.Resource(pbcatalog.ServiceType, "web"). - WithTenancy(tenancy). - WithData(t, anyServiceData). - Build() - destServiceRef := resource.Reference(destService.Id, "") - - // The thing we reach through the mesh config. - targetService := resourcetest.Resource(pbcatalog.ServiceType, "db"). - WithTenancy(tenancy). - WithData(t, anyServiceData). - Build() - targetServiceRef := resource.Reference(targetService.Id, "") - - backupTargetService := resourcetest.Resource(pbcatalog.ServiceType, "db-backup"). - WithTenancy(tenancy). - WithData(t, anyServiceData). - Build() - backupTargetServiceRef := resource.Reference(backupTargetService.Id, "") - - // The way we make 'web' actually route traffic to 'db'. - tcpRoute := resourcetest.Resource(pbmesh.TCPRouteType, "tcp-route"). - WithTenancy(tenancy). - WithData(t, &pbmesh.TCPRoute{ - ParentRefs: []*pbmesh.ParentReference{{ - Ref: destServiceRef, - }}, - Rules: []*pbmesh.TCPRouteRule{{ - BackendRefs: []*pbmesh.TCPBackendRef{{ - BackendRef: &pbmesh.BackendReference{ - Ref: targetServiceRef, - }, - }}, - }}, - }). - Build() - failoverPolicy := resourcetest.ResourceID(resource.ReplaceType(pbcatalog.FailoverPolicyType, targetService.Id)). - WithTenancy(tenancy). - WithData(t, &pbcatalog.FailoverPolicy{ - Config: &pbcatalog.FailoverConfig{ - Destinations: []*pbcatalog.FailoverDestination{{ - Ref: backupTargetServiceRef, - }}, - }, - }). - Build() - webRoutes := routestest.BuildComputedRoutes(t, resource.ReplaceType(pbmesh.ComputedRoutesType, destService.Id), - resourcetest.MustDecode[*pbcatalog.Service](t, destService), - resourcetest.MustDecode[*pbcatalog.Service](t, targetService), - resourcetest.MustDecode[*pbcatalog.Service](t, backupTargetService), - resourcetest.MustDecode[*pbmesh.TCPRoute](t, tcpRoute), - resourcetest.MustDecode[*pbcatalog.FailoverPolicy](t, failoverPolicy), - ) - - var ( - sourceProxy1 = newID(pbmesh.ProxyStateTemplateType, "src-workload-1", tenancy) - sourceProxy2 = newID(pbmesh.ProxyStateTemplateType, "src-workload-2", tenancy) - sourceProxy3 = newID(pbmesh.ProxyStateTemplateType, "src-workload-3", tenancy) - sourceProxy4 = newID(pbmesh.ProxyStateTemplateType, "src-workload-4", tenancy) - sourceProxy5 = newID(pbmesh.ProxyStateTemplateType, "src-workload-5", tenancy) - sourceProxy6 = newID(pbmesh.ProxyStateTemplateType, "src-workload-6", tenancy) - ) - - compDestProxy1 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy1.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: destServiceRef, - DestinationPort: "tcp1", - }, - }, - }). - WithTenancy(tenancy). - Build() - - compDestProxy2 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy2.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: destServiceRef, - DestinationPort: "tcp1", - }, - }, - }). - WithTenancy(tenancy). - Build() - - compDestProxy3 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy3.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: destServiceRef, - DestinationPort: "tcp2", - }, - }, - }). - WithTenancy(tenancy). - Build() - - compDestProxy4 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy4.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: destServiceRef, - DestinationPort: "tcp2", - }, + compDestProxy4 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy4.Name). + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ + { + DestinationRef: destServiceRef, + DestinationPort: "tcp2", }, - }). - WithTenancy(tenancy). - Build() - - compDestProxy5 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy5.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: destServiceRef, - DestinationPort: "mesh", - }, + }, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + + compDestProxy5 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy5.Name). + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ + { + DestinationRef: destServiceRef, + DestinationPort: "mesh", }, - }). - WithTenancy(tenancy). - Build() - - compDestProxy6 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy6.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: destServiceRef, - DestinationPort: "mesh", - }, + }, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + + compDestProxy6 := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, sourceProxy6.Name). + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ + { + DestinationRef: destServiceRef, + DestinationPort: "mesh", }, - }). - WithTenancy(tenancy). - Build() - - cache.trackComputedRoutes(webRoutes) - cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy1)) - cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy2)) - cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy3)) - cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy4)) - cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy5)) - cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy6)) - - t.Run(resourcetest.AppendTenancyInfoSubtest(t.Name(), "Service", tenancy), func(t *testing.T) { - t.Run("map dest service", func(t *testing.T) { - requests, err := cache.MapService( - context.Background(), - controller.Runtime{Client: client}, - destService, - ) - require.NoError(t, err) - - // Only wake up things with dest as an upstream. - expRequests := []controller.Request{ - {ID: sourceProxy1}, - {ID: sourceProxy2}, - {ID: sourceProxy3}, - {ID: sourceProxy4}, - {ID: sourceProxy5}, - {ID: sourceProxy6}, - } - - prototest.AssertElementsMatch(t, expRequests, requests) - - // Check that service's workload selector is tracked. - prototest.AssertElementsMatch(t, - []*pbresource.ID{destService.Id}, - cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy1))) - prototest.AssertElementsMatch(t, - []*pbresource.ID{destService.Id}, - cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy2))) - prototest.AssertElementsMatch(t, - []*pbresource.ID{destService.Id}, - cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy3))) - prototest.AssertElementsMatch(t, - []*pbresource.ID{destService.Id}, - cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy4))) - prototest.AssertElementsMatch(t, - []*pbresource.ID{destService.Id}, - cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy5))) - prototest.AssertElementsMatch(t, - []*pbresource.ID{destService.Id}, - cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy6))) - }) - - t.Run("map target endpoints (TCPRoute)", func(t *testing.T) { - requests, err := cache.MapService( - context.Background(), - controller.Runtime{Client: client}, - targetService, - ) - require.NoError(t, err) - - requests = testDeduplicateRequests(requests) - - expRequests := []controller.Request{ - // Wakeup things that have destService as a destination b/c of the TCPRoute reference. - {ID: sourceProxy1}, - {ID: sourceProxy2}, - {ID: sourceProxy3}, - {ID: sourceProxy4}, - {ID: sourceProxy5}, - {ID: sourceProxy6}, - } - - prototest.AssertElementsMatch(t, expRequests, requests) - }) - - t.Run("map backup target endpoints (FailoverPolicy)", func(t *testing.T) { - requests, err := cache.MapService( - context.Background(), - controller.Runtime{Client: client}, - backupTargetService, - ) - require.NoError(t, err) - - requests = testDeduplicateRequests(requests) - - expRequests := []controller.Request{ - // Wakeup things that have destService as a destination b/c of the FailoverPolicy reference. - {ID: sourceProxy1}, - {ID: sourceProxy2}, - {ID: sourceProxy3}, - {ID: sourceProxy4}, - {ID: sourceProxy5}, - {ID: sourceProxy6}, - } - - prototest.AssertElementsMatch(t, expRequests, requests) - }) + }, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + + cache.trackComputedRoutes(webRoutes) + cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy1)) + cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy2)) + cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy3)) + cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy4)) + cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy5)) + cache.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDestProxy6)) + + t.Run("Service", func(t *testing.T) { + t.Run("map dest service", func(t *testing.T) { + requests, err := cache.MapService( + context.Background(), + controller.Runtime{Client: client}, + destService, + ) + require.NoError(t, err) + + // Only wake up things with dest as an upstream. + expRequests := []controller.Request{ + {ID: sourceProxy1}, + {ID: sourceProxy2}, + {ID: sourceProxy3}, + {ID: sourceProxy4}, + {ID: sourceProxy5}, + {ID: sourceProxy6}, + } + + prototest.AssertElementsMatch(t, expRequests, requests) + + // Check that service's workload selector is tracked. + prototest.AssertElementsMatch(t, + []*pbresource.ID{destService.Id}, + cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy1))) + prototest.AssertElementsMatch(t, + []*pbresource.ID{destService.Id}, + cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy2))) + prototest.AssertElementsMatch(t, + []*pbresource.ID{destService.Id}, + cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy3))) + prototest.AssertElementsMatch(t, + []*pbresource.ID{destService.Id}, + cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy4))) + prototest.AssertElementsMatch(t, + []*pbresource.ID{destService.Id}, + cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy5))) + prototest.AssertElementsMatch(t, + []*pbresource.ID{destService.Id}, + cache.serviceSelectorTracker.GetIDsForWorkload(resource.ReplaceType(pbcatalog.WorkloadType, sourceProxy6))) + }) + + t.Run("map target endpoints (TCPRoute)", func(t *testing.T) { + requests, err := cache.MapService( + context.Background(), + controller.Runtime{Client: client}, + targetService, + ) + require.NoError(t, err) + + requests = testDeduplicateRequests(requests) + + expRequests := []controller.Request{ + // Wakeup things that have destService as a destination b/c of the TCPRoute reference. + {ID: sourceProxy1}, + {ID: sourceProxy2}, + {ID: sourceProxy3}, + {ID: sourceProxy4}, + {ID: sourceProxy5}, + {ID: sourceProxy6}, + } + + prototest.AssertElementsMatch(t, expRequests, requests) }) - t.Run(resourcetest.AppendTenancyInfoSubtest(t.Name(), "ComputedRoutes", tenancy), func(t *testing.T) { - t.Run("map web routes", func(t *testing.T) { - requests, err := cache.MapComputedRoutes( - context.Background(), - controller.Runtime{Client: client}, - webRoutes.Resource, - ) - require.NoError(t, err) - - // Only wake up things with dest as an upstream. - expRequests := []controller.Request{ - {ID: sourceProxy1}, - {ID: sourceProxy2}, - {ID: sourceProxy3}, - {ID: sourceProxy4}, - {ID: sourceProxy5}, - {ID: sourceProxy6}, - } - - prototest.AssertElementsMatch(t, expRequests, requests) - }) + t.Run("map backup target endpoints (FailoverPolicy)", func(t *testing.T) { + requests, err := cache.MapService( + context.Background(), + controller.Runtime{Client: client}, + backupTargetService, + ) + require.NoError(t, err) + + requests = testDeduplicateRequests(requests) + + expRequests := []controller.Request{ + // Wakeup things that have destService as a destination b/c of the FailoverPolicy reference. + {ID: sourceProxy1}, + {ID: sourceProxy2}, + {ID: sourceProxy3}, + {ID: sourceProxy4}, + {ID: sourceProxy5}, + {ID: sourceProxy6}, + } + + prototest.AssertElementsMatch(t, expRequests, requests) + }) + }) + + t.Run("ComputedRoutes", func(t *testing.T) { + t.Run("map web routes", func(t *testing.T) { + requests, err := cache.MapComputedRoutes( + context.Background(), + controller.Runtime{Client: client}, + webRoutes.Resource, + ) + require.NoError(t, err) + + // Only wake up things with dest as an upstream. + expRequests := []controller.Request{ + {ID: sourceProxy1}, + {ID: sourceProxy2}, + {ID: sourceProxy3}, + {ID: sourceProxy4}, + {ID: sourceProxy5}, + {ID: sourceProxy6}, + } + + prototest.AssertElementsMatch(t, expRequests, requests) }) - }, t) + }) } -func newID(typ *pbresource.Type, name string, tenancy *pbresource.Tenancy) *pbresource.ID { +func newID(typ *pbresource.Type, name string) *pbresource.ID { return &pbresource.ID{ Type: typ, - Tenancy: tenancy, + Tenancy: resource.DefaultNamespacedTenancy(), Name: name, } } diff --git a/internal/mesh/internal/controllers/sidecarproxy/controller_test.go b/internal/mesh/internal/controllers/sidecarproxy/controller_test.go index 8a2fe05a465e5..adeffe1cdf7e0 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/controller_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/controller_test.go @@ -5,7 +5,6 @@ package sidecarproxy import ( "context" - "fmt" "strings" "testing" @@ -43,9 +42,15 @@ type controllerTestSuite struct { ctl *reconciler ctx context.Context - webWorkload *pbresource.Resource - - api map[tenancyKey]apiData + apiWorkloadID *pbresource.ID + apiWorkload *pbcatalog.Workload + apiComputedTrafficPermissions *pbresource.Resource + apiComputedTrafficPermissionsData *pbauth.ComputedTrafficPermissions + apiService *pbresource.Resource + apiServiceData *pbcatalog.Service + apiEndpoints *pbresource.Resource + apiEndpointsData *pbcatalog.ServiceEndpoints + webWorkload *pbresource.Resource dbWorkloadID *pbresource.ID dbWorkload *pbcatalog.Workload @@ -53,42 +58,11 @@ type controllerTestSuite struct { dbEndpoints *pbresource.Resource dbEndpointsData *pbcatalog.ServiceEndpoints - tenancies []*pbresource.Tenancy -} - -type tenancyKey struct { - Namespace string - Partition string -} - -func toTenancyKey(t *pbresource.Tenancy) tenancyKey { - return tenancyKey{ - Namespace: t.Namespace, - Partition: t.Partition, - } -} - -type apiData struct { - workloadID *pbresource.ID - workload *pbcatalog.Workload - computedTrafficPermissions *pbresource.Resource - computedTrafficPermissionsData *pbauth.ComputedTrafficPermissions - service *pbresource.Resource - destinationListenerName string - destinationClusterName string - serviceData *pbcatalog.Service - endpoints *pbresource.Resource - endpointsData *pbcatalog.ServiceEndpoints - proxyStateTemplate *pbmesh.ProxyStateTemplate + proxyStateTemplate *pbmesh.ProxyStateTemplate } func (suite *controllerTestSuite) SetupTest() { - suite.tenancies = resourcetest.TestTenancies() - resourceClient := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes, auth.RegisterTypes). - WithTenancies(suite.tenancies...). - Run(suite.T()) - + resourceClient := svctest.RunResourceService(suite.T(), types.Register, catalog.RegisterTypes, auth.RegisterTypes) suite.client = resourcetest.NewClient(resourceClient) suite.runtime = controller.Runtime{Client: resourceClient, Logger: testutil.Logger(suite.T())} suite.ctx = testutil.TestContext(suite.T()) @@ -100,168 +74,135 @@ func (suite *controllerTestSuite) SetupTest() { }, } - suite.dbWorkload = &pbcatalog.Workload{ - Identity: "db-identity", - Addresses: []*pbcatalog.WorkloadAddress{ - {Host: "10.0.4.1"}, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, + { + // DB will be a service with a single workload, IN the mesh that will + // be a destination of web. + + suite.dbWorkload = &pbcatalog.Workload{ + Identity: "db-identity", + Addresses: []*pbcatalog.WorkloadAddress{ + {Host: "10.0.4.1"}, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "http": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + } + suite.dbWorkloadID = resourcetest.Resource(pbcatalog.WorkloadType, "db-abc"). + WithData(suite.T(), suite.dbWorkload). + Write(suite.T(), resourceClient).Id + + suite.dbService = resourcetest.Resource(pbcatalog.ServiceType, "db-service"). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"db-abc"}}, + VirtualIps: []string{"1.1.1.1"}, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }}). + Write(suite.T(), suite.client) + + suite.dbEndpointsData = &pbcatalog.ServiceEndpoints{ + Endpoints: []*pbcatalog.Endpoint{ + { + TargetRef: suite.dbWorkloadID, + Addresses: suite.dbWorkload.Addresses, + Ports: suite.dbWorkload.Ports, + Identity: "db-identity", + }, + }, + } + suite.dbEndpoints = resourcetest.Resource(pbcatalog.ServiceEndpointsType, "db-service"). + WithData(suite.T(), suite.dbEndpointsData). + Write(suite.T(), suite.client) + } -} -func (suite *controllerTestSuite) setupSuiteWithTenancy(tenancy *pbresource.Tenancy) { - webWorkloadData := &pbcatalog.Workload{ - Identity: "web-identity", + suite.apiWorkload = &pbcatalog.Workload{ + Identity: "api-identity", Addresses: []*pbcatalog.WorkloadAddress{ { - Host: "10.0.0.2", + Host: "10.0.0.1", }, }, Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, }, } - // DB will be a service with a single workload, IN the mesh that will - // be a destination of web. - suite.dbWorkloadID = resourcetest.Resource(pbcatalog.WorkloadType, "db-abc"). - WithData(suite.T(), suite.dbWorkload). - WithTenancy(tenancy). - Write(suite.T(), suite.client.ResourceServiceClient).Id + suite.apiWorkloadID = resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). + WithData(suite.T(), suite.apiWorkload). + Write(suite.T(), resourceClient).Id - suite.dbService = resourcetest.Resource(pbcatalog.ServiceType, "db-service"). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Names: []string{"db-abc"}}, - VirtualIps: []string{"1.1.1.1"}, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }}). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.dbEndpointsData = &pbcatalog.ServiceEndpoints{ - Endpoints: []*pbcatalog.Endpoint{ - { - TargetRef: suite.dbWorkloadID, - Addresses: suite.dbWorkload.Addresses, - Ports: suite.dbWorkload.Ports, - Identity: "db-identity", - }, + suite.apiServiceData = &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"api-abc"}}, + VirtualIps: []string{"1.1.1.1"}, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, }, } - suite.dbEndpoints = resourcetest.Resource(pbcatalog.ServiceEndpointsType, "db-service"). - WithData(suite.T(), suite.dbEndpointsData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.api = make(map[tenancyKey]apiData) - for i, t := range suite.tenancies { - var a apiData - - a.computedTrafficPermissionsData = &pbauth.ComputedTrafficPermissions{ - IsDefault: false, - AllowPermissions: []*pbauth.Permission{ - { - Sources: []*pbauth.Source{ - { - IdentityName: "foo", - Namespace: "default", - Partition: "default", - Peer: "local", - }, + suite.apiComputedTrafficPermissionsData = &pbauth.ComputedTrafficPermissions{ + IsDefault: false, + AllowPermissions: []*pbauth.Permission{ + { + Sources: []*pbauth.Source{ + { + IdentityName: "foo", + Namespace: "default", + Partition: "default", + Peer: "local", }, }, }, - } - - a.workload = &pbcatalog.Workload{ - Identity: "api-identity", - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - } + }, + } - a.serviceData = &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Names: []string{"api-abc"}}, - VirtualIps: []string{"1.1.1.1"}, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - } + suite.apiComputedTrafficPermissions = resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, suite.apiWorkload.Identity). + WithData(suite.T(), suite.apiComputedTrafficPermissionsData). + Write(suite.T(), resourceClient) - a.workloadID = resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). - WithTenancy(t). - WithData(suite.T(), a.workload). - Write(suite.T(), suite.client.ResourceServiceClient).Id + suite.apiService = resourcetest.Resource(pbcatalog.ServiceType, "api-service"). + WithData(suite.T(), suite.apiServiceData). + Write(suite.T(), suite.client.ResourceServiceClient) - a.endpointsData = &pbcatalog.ServiceEndpoints{ - Endpoints: []*pbcatalog.Endpoint{ - { - TargetRef: a.workloadID, - Addresses: a.workload.Addresses, - Ports: a.workload.Ports, - Identity: "api-identity", - }, + suite.apiEndpointsData = &pbcatalog.ServiceEndpoints{ + Endpoints: []*pbcatalog.Endpoint{ + { + TargetRef: suite.apiWorkloadID, + Addresses: suite.apiWorkload.Addresses, + Ports: suite.apiWorkload.Ports, + Identity: "api-identity", }, - } - - a.computedTrafficPermissions = resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, a.workload.Identity). - WithData(suite.T(), a.computedTrafficPermissionsData). - WithTenancy(t). - Write(suite.T(), suite.client.ResourceServiceClient) - - a.service = resourcetest.Resource(pbcatalog.ServiceType, "api-service"). - WithData(suite.T(), a.serviceData). - WithTenancy(t). - Write(suite.T(), suite.client.ResourceServiceClient) - - a.endpoints = resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-service"). - WithData(suite.T(), a.endpointsData). - WithTenancy(t). - Write(suite.T(), suite.client.ResourceServiceClient) - - identityRef := &pbresource.Reference{ - Name: a.workload.Identity, - Tenancy: a.workloadID.Tenancy, - Type: pbauth.WorkloadIdentityType, - } - - a.destinationListenerName = builder.DestinationListenerName(resource.Reference(a.service.Id, ""), "tcp", "127.0.0.1", uint32(1234+i)) - a.destinationClusterName = builder.DestinationSNI(resource.Reference(a.service.Id, ""), "dc1", "test.consul") - - a.proxyStateTemplate = builder.New(resource.ReplaceType(pbmesh.ProxyStateTemplateType, a.workloadID), - identityRef, "test.consul", "dc1", false, nil). - BuildLocalApp(a.workload, a.computedTrafficPermissionsData). - Build() - - suite.api[toTenancyKey(t)] = a + }, } + suite.apiEndpoints = resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-service"). + WithData(suite.T(), suite.apiEndpointsData). + Write(suite.T(), suite.client.ResourceServiceClient) + webWorkloadData := &pbcatalog.Workload{ + Identity: "web-identity", + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.2", + }, + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + } suite.webWorkload = resourcetest.Resource(pbcatalog.WorkloadType, "web-def"). WithData(suite.T(), webWorkloadData). - WithTenancy(tenancy). Write(suite.T(), suite.client) resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, webWorkloadData.Identity). WithData(suite.T(), &pbauth.ComputedTrafficPermissions{IsDefault: true}). - WithTenancy(tenancy). - Write(suite.T(), suite.client.ResourceServiceClient) + Write(suite.T(), resourceClient) resourcetest.Resource(pbcatalog.ServiceType, "web"). - WithTenancy(tenancy). WithData(suite.T(), &pbcatalog.Service{ Workloads: &pbcatalog.WorkloadSelector{Names: []string{"web-def"}}, Ports: []*pbcatalog.ServicePort{ @@ -271,7 +212,6 @@ func (suite *controllerTestSuite) setupSuiteWithTenancy(tenancy *pbresource.Tena Write(suite.T(), suite.client) resourcetest.Resource(pbcatalog.ServiceEndpointsType, "web"). - WithTenancy(tenancy). WithData(suite.T(), &pbcatalog.ServiceEndpoints{ Endpoints: []*pbcatalog.Endpoint{ { @@ -282,297 +222,282 @@ func (suite *controllerTestSuite) setupSuiteWithTenancy(tenancy *pbresource.Tena }, }, }).Write(suite.T(), suite.client) + + identityRef := &pbresource.Reference{ + Name: suite.apiWorkload.Identity, + Tenancy: suite.apiWorkloadID.Tenancy, + Type: pbauth.WorkloadIdentityType, + } + + suite.proxyStateTemplate = builder.New(resource.ReplaceType(pbmesh.ProxyStateTemplateType, suite.apiWorkloadID), + identityRef, "test.consul", "dc1", false, nil). + BuildLocalApp(suite.apiWorkload, suite.apiComputedTrafficPermissionsData). + Build() } func (suite *controllerTestSuite) TestWorkloadPortProtocolsFromService_NoServicesInCache() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - dataFetcher := fetcher.New(suite.client, suite.ctl.cache) + dataFetcher := fetcher.New(suite.client, suite.ctl.cache) - workload := resourcetest.Resource(pbcatalog.WorkloadType, "api-workload"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080}, - }, - }). - Build() + workload := resourcetest.Resource(pbcatalog.WorkloadType, "api-workload"). + WithData(suite.T(), &pbcatalog.Workload{ + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + }). + Build() - decWorkload := resourcetest.MustDecode[*pbcatalog.Workload](suite.T(), workload) - workloadPorts, err := suite.ctl.workloadPortProtocolsFromService(suite.ctx, dataFetcher, decWorkload, suite.runtime.Logger) - require.NoError(suite.T(), err) - prototest.AssertDeepEqual(suite.T(), pbcatalog.Protocol_PROTOCOL_TCP, workloadPorts["tcp"].GetProtocol()) - }) + decWorkload := resourcetest.MustDecode[*pbcatalog.Workload](suite.T(), workload) + workloadPorts, err := suite.ctl.workloadPortProtocolsFromService(suite.ctx, dataFetcher, decWorkload, suite.runtime.Logger) + require.NoError(suite.T(), err) + prototest.AssertDeepEqual(suite.T(), pbcatalog.Protocol_PROTOCOL_TCP, workloadPorts["tcp"].GetProtocol()) } func (suite *controllerTestSuite) TestWorkloadPortProtocolsFromService_ServiceNotFound() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - c := cache.New() - dataFetcher := fetcher.New(suite.client, c) - ctrl := &reconciler{ - cache: c, - getTrustDomain: func() (string, error) { - return "test.consul", nil + c := cache.New() + dataFetcher := fetcher.New(suite.client, c) + ctrl := &reconciler{ + cache: c, + getTrustDomain: func() (string, error) { + return "test.consul", nil + }, + } + svc := resourcetest.Resource(pbcatalog.ServiceType, "not-found"). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Names: []string{"api-workload"}, }, - } - svc := resourcetest.Resource(pbcatalog.ServiceType, "not-found"). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Names: []string{"api-workload"}, - }, - }). - WithTenancy(tenancy). - Build() + }). + Build() - decSvc := resourcetest.MustDecode[*pbcatalog.Service](suite.T(), svc) - c.TrackService(decSvc) + decSvc := resourcetest.MustDecode[*pbcatalog.Service](suite.T(), svc) + c.TrackService(decSvc) - workload := resourcetest.Resource(pbcatalog.WorkloadType, "api-workload"). - WithData(suite.T(), &pbcatalog.Workload{ - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080}, - }, - }). - WithTenancy(tenancy). - Build() + workload := resourcetest.Resource(pbcatalog.WorkloadType, "api-workload"). + WithData(suite.T(), &pbcatalog.Workload{ + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080}, + }, + }). + Build() - decWorkload := resourcetest.MustDecode[*pbcatalog.Workload](suite.T(), workload) + decWorkload := resourcetest.MustDecode[*pbcatalog.Workload](suite.T(), workload) - workloadPorts, err := ctrl.workloadPortProtocolsFromService(suite.ctx, dataFetcher, decWorkload, suite.runtime.Logger) - require.NoError(suite.T(), err) - prototest.AssertDeepEqual(suite.T(), pbcatalog.Protocol_PROTOCOL_TCP, workloadPorts["tcp"].GetProtocol()) - // Check that the service is no longer in cache. - require.Nil(suite.T(), c.ServicesForWorkload(workload.Id)) - }) + workloadPorts, err := ctrl.workloadPortProtocolsFromService(suite.ctx, dataFetcher, decWorkload, suite.runtime.Logger) + require.NoError(suite.T(), err) + prototest.AssertDeepEqual(suite.T(), pbcatalog.Protocol_PROTOCOL_TCP, workloadPorts["tcp"].GetProtocol()) + // Check that the service is no longer in cache. + require.Nil(suite.T(), c.ServicesForWorkload(workload.Id)) } func (suite *controllerTestSuite) TestWorkloadPortProtocolsFromService() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - c := cache.New() - dataFetcher := fetcher.New(suite.client, c) - ctrl := &reconciler{ - cache: c, - getTrustDomain: func() (string, error) { - return "test.consul", nil + c := cache.New() + dataFetcher := fetcher.New(suite.client, c) + ctrl := &reconciler{ + cache: c, + getTrustDomain: func() (string, error) { + return "test.consul", nil + }, + } + svc1 := resourcetest.Resource(pbcatalog.ServiceType, "api-1"). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Names: []string{"api-workload"}, }, - } - svc1 := resourcetest.Resource(pbcatalog.ServiceType, "api-1"). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Names: []string{"api-workload"}, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "http1", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, }, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "http1", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, - { - TargetPort: "conflict", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, - }, + { + TargetPort: "conflict", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP, }, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) + }, + }). + Write(suite.T(), suite.client) - decSvc := resourcetest.MustDecode[*pbcatalog.Service](suite.T(), svc1) - c.TrackService(decSvc) + decSvc := resourcetest.MustDecode[*pbcatalog.Service](suite.T(), svc1) + c.TrackService(decSvc) - svc2 := resourcetest.Resource(pbcatalog.ServiceType, "api-2"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{ - Names: []string{"api-workload"}, + svc2 := resourcetest.Resource(pbcatalog.ServiceType, "api-2"). + WithData(suite.T(), &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{ + Names: []string{"api-workload"}, + }, + Ports: []*pbcatalog.ServicePort{ + { + TargetPort: "http2", + Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, }, - Ports: []*pbcatalog.ServicePort{ - { - TargetPort: "http2", - Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2, - }, - { - TargetPort: "conflict", - Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, - }, + { + TargetPort: "conflict", + Protocol: pbcatalog.Protocol_PROTOCOL_GRPC, }, - }). - Write(suite.T(), suite.client) + }, + }). + Write(suite.T(), suite.client) - decSvc = resourcetest.MustDecode[*pbcatalog.Service](suite.T(), svc2) - c.TrackService(decSvc) + decSvc = resourcetest.MustDecode[*pbcatalog.Service](suite.T(), svc2) + c.TrackService(decSvc) - workload := resourcetest.Resource(pbcatalog.WorkloadType, "api-workload"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Ports: map[string]*pbcatalog.WorkloadPort{ - "http1": {Port: 8080}, - "http2": {Port: 9090}, - "conflict": {Port: 9091}, - "not-selected": {Port: 8081}, - "specified-protocol": {Port: 8082, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - }). - WithTenancy(tenancy). - Build() + workload := resourcetest.Resource(pbcatalog.WorkloadType, "api-workload"). + WithData(suite.T(), &pbcatalog.Workload{ + Ports: map[string]*pbcatalog.WorkloadPort{ + "http1": {Port: 8080}, + "http2": {Port: 9090}, + "conflict": {Port: 9091}, + "not-selected": {Port: 8081}, + "specified-protocol": {Port: 8082, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() - decWorkload := resourcetest.MustDecode[*pbcatalog.Workload](suite.T(), workload) + decWorkload := resourcetest.MustDecode[*pbcatalog.Workload](suite.T(), workload) - expWorkloadPorts := map[string]*pbcatalog.WorkloadPort{ - // This protocol should be inherited from service 1. - "http1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + expWorkloadPorts := map[string]*pbcatalog.WorkloadPort{ + // This protocol should be inherited from service 1. + "http1": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - // this protocol should be inherited from service 2. - "http2": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, + // this protocol should be inherited from service 2. + "http2": {Port: 9090, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP2}, - // This port is not selected by the service and should default to tcp. - "not-selected": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + // This port is not selected by the service and should default to tcp. + "not-selected": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - // This port has conflicting protocols in each service and so it should default to tcp. - "conflict": {Port: 9091, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + // This port has conflicting protocols in each service and so it should default to tcp. + "conflict": {Port: 9091, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - // These port should keep its existing protocol. - "specified-protocol": {Port: 8082, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - } + // These port should keep its existing protocol. + "specified-protocol": {Port: 8082, Protocol: pbcatalog.Protocol_PROTOCOL_GRPC}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + } - workloadPorts, err := ctrl.workloadPortProtocolsFromService(suite.ctx, dataFetcher, decWorkload, suite.runtime.Logger) - require.NoError(suite.T(), err) + workloadPorts, err := ctrl.workloadPortProtocolsFromService(suite.ctx, dataFetcher, decWorkload, suite.runtime.Logger) + require.NoError(suite.T(), err) - prototest.AssertDeepEqual(suite.T(), expWorkloadPorts, workloadPorts) - }) + prototest.AssertDeepEqual(suite.T(), expWorkloadPorts, workloadPorts) } func (suite *controllerTestSuite) TestReconcile_NoWorkload() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // This test ensures that removed workloads are ignored and don't result - // in the creation of the proxy state template. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: resourceID(pbmesh.ProxyStateTemplateType, "not-found", tenancy), - }) - require.NoError(suite.T(), err) - - suite.client.RequireResourceNotFound(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, "not-found", tenancy)) + // This test ensures that removed workloads are ignored and don't result + // in the creation of the proxy state template. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: resourceID(pbmesh.ProxyStateTemplateType, "not-found"), }) + require.NoError(suite.T(), err) + + suite.client.RequireResourceNotFound(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, "not-found")) } func (suite *controllerTestSuite) TestReconcile_NonMeshWorkload() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // This test ensures that non-mesh workloads are ignored by the controller. + // This test ensures that non-mesh workloads are ignored by the controller. - nonMeshWorkload := &pbcatalog.Workload{ - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + nonMeshWorkload := &pbcatalog.Workload{ + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", }, - } - - resourcetest.Resource(pbcatalog.WorkloadType, "test-non-mesh-api-workload"). - WithData(suite.T(), nonMeshWorkload). - WithTenancy(tenancy). - Write(suite.T(), suite.client.ResourceServiceClient) + }, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + }, + } - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: resourceID(pbmesh.ProxyStateTemplateType, "test-non-mesh-api-workload", tenancy), - }) + resourcetest.Resource(pbcatalog.WorkloadType, "test-non-mesh-api-workload"). + WithData(suite.T(), nonMeshWorkload). + Write(suite.T(), suite.client.ResourceServiceClient) - require.NoError(suite.T(), err) - suite.client.RequireResourceNotFound(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, "test-non-mesh-api-workload", tenancy)) + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: resourceID(pbmesh.ProxyStateTemplateType, "test-non-mesh-api-workload"), }) + + require.NoError(suite.T(), err) + suite.client.RequireResourceNotFound(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, "test-non-mesh-api-workload")) } func (suite *controllerTestSuite) TestReconcile_NoExistingProxyStateTemplate() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - - api := suite.api[toTenancyKey(tenancy)] - - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: resourceID(pbmesh.ProxyStateTemplateType, api.workloadID.Name, tenancy), - }) - require.NoError(suite.T(), err) - - res := suite.client.RequireResourceExists(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, api.workloadID.Name, tenancy)) - require.NoError(suite.T(), err) - require.NotNil(suite.T(), res.Data) - prototest.AssertDeepEqual(suite.T(), api.workloadID, res.Owner) + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: resourceID(pbmesh.ProxyStateTemplateType, suite.apiWorkloadID.Name), }) + require.NoError(suite.T(), err) + + res := suite.client.RequireResourceExists(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, suite.apiWorkloadID.Name)) + require.NoError(suite.T(), err) + require.NotNil(suite.T(), res.Data) + prototest.AssertDeepEqual(suite.T(), suite.apiWorkloadID, res.Owner) } func (suite *controllerTestSuite) TestReconcile_ExistingProxyStateTemplate_WithUpdates() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // This test ensures that we write a new proxy state template when there are changes. - api := suite.api[toTenancyKey(tenancy)] - - // Write the original. - resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc"). - WithData(suite.T(), api.proxyStateTemplate). - WithOwner(api.workloadID). - WithTenancy(tenancy). - Write(suite.T(), suite.client.ResourceServiceClient) + // This test ensures that we write a new proxy state template when there are changes. - // Update the apiWorkload and check that we default the port to tcp if it's unspecified. - api.workload.Ports["tcp"].Protocol = pbcatalog.Protocol_PROTOCOL_UNSPECIFIED + // Write the original. + resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc"). + WithData(suite.T(), suite.proxyStateTemplate). + WithOwner(suite.apiWorkloadID). + Write(suite.T(), suite.client.ResourceServiceClient) - updatedWorkloadID := resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). - WithTenancy(tenancy). - WithData(suite.T(), api.workload). - Write(suite.T(), suite.client.ResourceServiceClient).Id + // Update the apiWorkload and check that we default the port to tcp if it's unspecified. + suite.apiWorkload.Ports["tcp"].Protocol = pbcatalog.Protocol_PROTOCOL_UNSPECIFIED - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: resourceID(pbmesh.ProxyStateTemplateType, updatedWorkloadID.Name, tenancy), - }) - require.NoError(suite.T(), err) + updatedWorkloadID := resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). + WithData(suite.T(), suite.apiWorkload). + Write(suite.T(), suite.client.ResourceServiceClient).Id - res := suite.client.RequireResourceExists(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, updatedWorkloadID.Name, tenancy)) - require.NoError(suite.T(), err) - require.NotNil(suite.T(), res.Data) - prototest.AssertDeepEqual(suite.T(), updatedWorkloadID, res.Owner) + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: resourceID(pbmesh.ProxyStateTemplateType, updatedWorkloadID.Name), + }) + require.NoError(suite.T(), err) - var updatedProxyStateTemplate pbmesh.ProxyStateTemplate - err = res.Data.UnmarshalTo(&updatedProxyStateTemplate) - require.NoError(suite.T(), err) + res := suite.client.RequireResourceExists(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, updatedWorkloadID.Name)) + require.NoError(suite.T(), err) + require.NotNil(suite.T(), res.Data) + prototest.AssertDeepEqual(suite.T(), updatedWorkloadID, res.Owner) - // Check that our value is updated in the proxy state template. - require.Len(suite.T(), updatedProxyStateTemplate.ProxyState.Listeners, 1) - require.Len(suite.T(), updatedProxyStateTemplate.ProxyState.Listeners[0].Routers, 1) + var updatedProxyStateTemplate pbmesh.ProxyStateTemplate + err = res.Data.UnmarshalTo(&updatedProxyStateTemplate) + require.NoError(suite.T(), err) - l4InboundRouter := updatedProxyStateTemplate.ProxyState.Listeners[0]. - Routers[0].GetL4() - require.NotNil(suite.T(), l4InboundRouter) - }) + // Check that our value is updated in the proxy state template. + require.Len(suite.T(), updatedProxyStateTemplate.ProxyState.Listeners, 1) + require.Len(suite.T(), updatedProxyStateTemplate.ProxyState.Listeners[0].Routers, 1) + + l4InboundRouter := updatedProxyStateTemplate.ProxyState.Listeners[0]. + Routers[0].GetL4() + require.NotNil(suite.T(), l4InboundRouter) } func (suite *controllerTestSuite) TestReconcile_ExistingProxyStateTemplate_NoUpdates() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // This test ensures that we skip writing of the proxy state template when there are no changes to it. - api := suite.api[toTenancyKey(tenancy)] - - // Write the original. - originalProxyState := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc"). - WithData(suite.T(), api.proxyStateTemplate). - WithOwner(api.workloadID). - WithTenancy(tenancy). - Write(suite.T(), suite.client.ResourceServiceClient) + // This test ensures that we skip writing of the proxy state template when there are no changes to it. - // Update the metadata on the apiWorkload which should result in no changes. - updatedWorkloadID := resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). - WithData(suite.T(), api.workload). - WithMeta("some", "meta"). - Write(suite.T(), suite.client.ResourceServiceClient).Id + // Write the original. + originalProxyState := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc"). + WithData(suite.T(), suite.proxyStateTemplate). + WithOwner(suite.apiWorkloadID). + Write(suite.T(), suite.client.ResourceServiceClient) - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: resourceID(pbmesh.ProxyStateTemplateType, updatedWorkloadID.Name, tenancy), - }) - require.NoError(suite.T(), err) + // Update the metadata on the apiWorkload which should result in no changes. + updatedWorkloadID := resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). + WithData(suite.T(), suite.apiWorkload). + WithMeta("some", "meta"). + Write(suite.T(), suite.client.ResourceServiceClient).Id - updatedProxyState := suite.client.RequireResourceExists(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, api.workloadID.Name, tenancy)) - resourcetest.RequireVersionUnchanged(suite.T(), updatedProxyState, originalProxyState.Version) + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: resourceID(pbmesh.ProxyStateTemplateType, updatedWorkloadID.Name), }) + require.NoError(suite.T(), err) + + updatedProxyState := suite.client.RequireResourceExists(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, suite.apiWorkloadID.Name)) + resourcetest.RequireVersionUnchanged(suite.T(), updatedProxyState, originalProxyState.Version) } func (suite *controllerTestSuite) TestController() { + // This is a comprehensive test that checks the overall controller behavior as various resources change state. + // This should test interactions between the reconciler, the mappers, and the destinationsCache to ensure they work + // together and produce expected result. + + // Run the controller manager mgr := controller.NewManager(suite.client, suite.runtime.Logger) // Initialize controller dependencies. @@ -583,339 +508,295 @@ func (suite *controllerTestSuite) TestController() { mgr.SetRaftLeader(true) go mgr.Run(suite.ctx) - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // This is a comprehensive test that checks the overall controller behavior as various resources change state. - // This should test interactions between the reconciler, the mappers, and the destinationsCache to ensure they work - // together and produce expected result. + var ( + // Create proxy state template IDs to check against in this test. + apiProxyStateTemplateID = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc").ID() + webProxyStateTemplateID = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "web-def").ID() - api := suite.api[toTenancyKey(tenancy)] + apiComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.apiService.Id) + dbComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.dbService.Id) - // Run the controller manager - var ( - // Create proxy state template IDs to check against in this test. - apiProxyStateTemplateID = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc").WithTenancy(tenancy).ID() - webProxyStateTemplateID = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "web-def").WithTenancy(tenancy).ID() + apiProxyStateTemplate *pbresource.Resource + webProxyStateTemplate *pbresource.Resource + webComputedDestinations *pbresource.Resource + ) - apiComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, api.service.Id) - dbComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.dbService.Id) + // Check that proxy state template resource is generated for both the api and web workloads. + retry.Run(suite.T(), func(r *retry.R) { + suite.client.RequireResourceExists(r, apiProxyStateTemplateID) + webProxyStateTemplate = suite.client.RequireResourceExists(r, webProxyStateTemplateID) + apiProxyStateTemplate = suite.client.RequireResourceExists(r, apiProxyStateTemplateID) + }) - apiProxyStateTemplate *pbresource.Resource - webProxyStateTemplate *pbresource.Resource - webComputedDestinations *pbresource.Resource - ) + // Write a default ComputedRoutes for api. + routestest.ReconcileComputedRoutes(suite.T(), suite.client, apiComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.apiService), + ) + + // Add a source service and check that a new proxy state is generated. + webComputedDestinations = resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webWorkload.Id.Name). + WithData(suite.T(), &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ + { + DestinationRef: resource.Reference(suite.apiService.Id, ""), + DestinationPort: "tcp", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1234, + }, + }, + }, + }, + }).Write(suite.T(), suite.client) + + testutil.RunStep(suite.T(), "add explicit destinations and check that new proxy state is generated", func(t *testing.T) { + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) - // Check that proxy state template resource is generated for both the api and web workloads. - retry.Run(suite.T(), func(r *retry.R) { - suite.client.RequireResourceExists(r, apiProxyStateTemplateID) - webProxyStateTemplate = suite.client.RequireResourceExists(r, webProxyStateTemplateID) - apiProxyStateTemplate = suite.client.RequireResourceExists(r, apiProxyStateTemplateID) + suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { + requireExplicitDestinationsFound(rt, "api", tmpl) }) + }) - // Write a default ComputedRoutes for api. - for _, api := range suite.api { - crID := resource.ReplaceType(pbmesh.ComputedRoutesType, api.service.Id) - routestest.ReconcileComputedRoutes(suite.T(), suite.client, crID, - resourcetest.MustDecode[*pbcatalog.Service](suite.T(), api.service), - ) + testutil.RunStep(suite.T(), "update api's ports to be non-mesh", func(t *testing.T) { + // Update destination's service endpoints and workload to be non-mesh + // and check that: + // * api's proxy state template is deleted + // * we get a new web proxy resource re-generated + // * the status on Upstreams resource is updated with a validation error + nonMeshPorts := map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, } - var destinations []*pbmesh.Destination - var i uint32 - for _, t := range suite.tenancies { - destinations = append(destinations, &pbmesh.Destination{ - DestinationRef: resource.Reference(suite.api[toTenancyKey(t)].service.Id, ""), - DestinationPort: "tcp", - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{ - Ip: "127.0.0.1", - Port: 1234 + i, + // Note: the order matters here because in reality service endpoints will only + // be reconciled after the workload has been updated, and so we need to write the + // workload and service before we write service endpoints. + resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). + WithData(suite.T(), &pbcatalog.Workload{ + Identity: "api-identity", + Addresses: suite.apiWorkload.Addresses, + Ports: nonMeshPorts}). + Write(suite.T(), suite.client) + + suite.apiService = resourcetest.ResourceID(suite.apiService.Id). + WithData(t, &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"api-abc"}}, + VirtualIps: []string{"1.1.1.1"}, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + // {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + }). + Write(suite.T(), suite.client) + + resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-service"). + WithData(suite.T(), &pbcatalog.ServiceEndpoints{ + Endpoints: []*pbcatalog.Endpoint{ + { + TargetRef: suite.apiWorkloadID, + Addresses: suite.apiWorkload.Addresses, + Ports: nonMeshPorts, + Identity: "api-identity", }, }, - }) - i++ - } + }). + Write(suite.T(), suite.client.ResourceServiceClient) - // Add a source service and check that a new proxy state is generated. - webComputedDestinations = resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webWorkload.Id.Name). - WithTenancy(tenancy). - WithData(suite.T(), &pbmesh.ComputedExplicitDestinations{ - Destinations: destinations, - }).Write(suite.T(), suite.client) + // Refresh the computed routes in light of api losing a mesh port. + routestest.ReconcileComputedRoutes(suite.T(), suite.client, apiComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](t, suite.apiService), + ) - testutil.RunStep(suite.T(), "add explicit destinations and check that new proxy state is generated", func(t *testing.T) { - webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) + // Check that api proxy template is gone. + retry.Run(t, func(r *retry.R) { + suite.client.RequireResourceNotFound(r, apiProxyStateTemplateID) + }) - suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - for _, data := range suite.api { - requireExplicitDestinationsFound(t, data.destinationListenerName, data.destinationClusterName, tmpl) - } - }) + // We should get a new web proxy template resource because this destination should be removed. + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) + + suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { + requireExplicitDestinationsNotFound(rt, "api", tmpl) }) + }) - testutil.RunStep(suite.T(), "update api's ports to be non-mesh", func(t *testing.T) { - // Update destination's service endpoints and workload to be non-mesh - // and check that: - // * api's proxy state template is deleted - // * we get a new web proxy resource re-generated - // * the status on Upstreams resource is updated with a validation error - nonMeshPorts := map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - } + testutil.RunStep(suite.T(), "update ports to be mesh again", func(t *testing.T) { + // Update destination's service endpoints back to mesh and check that we get a new web proxy resource re-generated + // and that the status on Upstreams resource is updated to be empty. + suite.runtime.Logger.Trace("updating ports to mesh") - // Note: the order matters here because in reality service endpoints will only - // be reconciled after the workload has been updated, and so we need to write the - // workload and service before we write service endpoints. - resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Identity: "api-identity", - Addresses: api.workload.Addresses, - Ports: nonMeshPorts}). - Write(suite.T(), suite.client) - - api.service = resourcetest.ResourceID(api.service.Id). - WithTenancy(tenancy). - WithData(t, &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Names: []string{"api-abc"}}, - VirtualIps: []string{"1.1.1.1"}, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - // {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - }). - Write(suite.T(), suite.client) - - resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-service"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.ServiceEndpoints{ - Endpoints: []*pbcatalog.Endpoint{ - { - TargetRef: api.workloadID, - Addresses: api.workload.Addresses, - Ports: nonMeshPorts, - Identity: "api-identity", - }, - }, - }). - Write(suite.T(), suite.client.ResourceServiceClient) + resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). + WithData(suite.T(), suite.apiWorkload). + Write(suite.T(), suite.client) - // Refresh the computed routes in light of api losing a mesh port. - routestest.ReconcileComputedRoutes(suite.T(), suite.client, apiComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, api.service), - ) + suite.apiService = resourcetest.Resource(pbcatalog.ServiceType, "api-service"). + WithData(suite.T(), suite.apiServiceData). + Write(suite.T(), suite.client.ResourceServiceClient) - // Check that api proxy template is gone. - retry.Run(t, func(r *retry.R) { - suite.client.RequireResourceNotFound(r, apiProxyStateTemplateID) - }) + resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-service"). + WithData(suite.T(), suite.apiEndpointsData). + Write(suite.T(), suite.client.ResourceServiceClient) - // We should get a new web proxy template resource because this destination should be removed. - webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) + // Refresh the computed routes in light of api losing a mesh port. + routestest.ReconcileComputedRoutes(suite.T(), suite.client, apiComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](t, suite.apiService), + ) - suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - requireExplicitDestinationsNotFound(t, api.destinationListenerName, api.destinationClusterName, tmpl) - }) - }) + // We should also get a new web proxy template resource as this destination should be added again. + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) - testutil.RunStep(suite.T(), "update ports to be mesh again", func(t *testing.T) { - // Update destination's service endpoints back to mesh and check that we get a new web proxy resource re-generated - // and that the status on Upstreams resource is updated to be empty. - suite.runtime.Logger.Trace("updating ports to mesh") - - resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). - WithTenancy(tenancy). - WithData(suite.T(), api.workload). - Write(suite.T(), suite.client) - - api.service = resourcetest.Resource(pbcatalog.ServiceType, "api-service"). - WithData(suite.T(), api.serviceData). - WithTenancy(tenancy). - Write(suite.T(), suite.client.ResourceServiceClient) - - resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-service"). - WithTenancy(tenancy). - WithData(suite.T(), api.endpointsData). - Write(suite.T(), suite.client.ResourceServiceClient) - - // Refresh the computed routes in light of api losing a mesh port. - routestest.ReconcileComputedRoutes(suite.T(), suite.client, apiComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, api.service), - ) - - // We should also get a new web proxy template resource as this destination should be added again. - webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) - - suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - for _, data := range suite.api { - requireExplicitDestinationsFound(t, data.destinationListenerName, data.destinationClusterName, tmpl) - } - }) + suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { + requireExplicitDestinationsFound(rt, "api", tmpl) }) + }) - testutil.RunStep(suite.T(), "delete the proxy state template and check re-generation", func(t *testing.T) { - // Delete the proxy state template resource and check that it gets regenerated. - suite.runtime.Logger.Trace("deleting web proxy") - _, err := suite.client.Delete(suite.ctx, &pbresource.DeleteRequest{Id: webProxyStateTemplateID}) - require.NoError(suite.T(), err) + testutil.RunStep(suite.T(), "delete the proxy state template and check re-generation", func(t *testing.T) { + // Delete the proxy state template resource and check that it gets regenerated. + suite.runtime.Logger.Trace("deleting web proxy") + _, err := suite.client.Delete(suite.ctx, &pbresource.DeleteRequest{Id: webProxyStateTemplateID}) + require.NoError(suite.T(), err) - webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) - suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - for _, data := range suite.api { - requireExplicitDestinationsFound(t, data.destinationListenerName, data.destinationClusterName, tmpl) - } - }) + suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { + requireExplicitDestinationsFound(rt, "api", tmpl) }) + }) - testutil.RunStep(suite.T(), "add implicit upstream and enable tproxy", func(t *testing.T) { - // Delete explicit destinations resource. - suite.runtime.Logger.Trace("deleting web destinations") - _, err := suite.client.Delete(suite.ctx, &pbresource.DeleteRequest{Id: webComputedDestinations.Id}) - require.NoError(t, err) - - webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) - - // Write a default ComputedRoutes for db, so it's eligible. - dbCR := routestest.ReconcileComputedRoutes(suite.T(), suite.client, dbComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, suite.dbService), - ) - require.NotNil(t, dbCR) - - // Enable transparent proxy for the web proxy. - resourcetest.Resource(pbmesh.ComputedProxyConfigurationType, suite.webWorkload.Id.Name). - WithTenancy(tenancy). - WithData(t, &pbmesh.ComputedProxyConfiguration{ - DynamicConfig: &pbmesh.DynamicConfig{ - Mode: pbmesh.ProxyMode_PROXY_MODE_TRANSPARENT, - TransparentProxy: &pbmesh.TransparentProxy{ - OutboundListenerPort: 15001, - }, + testutil.RunStep(suite.T(), "add implicit upstream and enable tproxy", func(t *testing.T) { + // Delete explicit destinations resource. + suite.runtime.Logger.Trace("deleting web destinations") + _, err := suite.client.Delete(suite.ctx, &pbresource.DeleteRequest{Id: webComputedDestinations.Id}) + require.NoError(t, err) + + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) + + // Write a default ComputedRoutes for db, so it's eligible. + dbCR := routestest.ReconcileComputedRoutes(suite.T(), suite.client, dbComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](t, suite.dbService), + ) + require.NotNil(t, dbCR) + + // Enable transparent proxy for the web proxy. + resourcetest.Resource(pbmesh.ComputedProxyConfigurationType, suite.webWorkload.Id.Name). + WithData(t, &pbmesh.ComputedProxyConfiguration{ + DynamicConfig: &pbmesh.DynamicConfig{ + Mode: pbmesh.ProxyMode_PROXY_MODE_TRANSPARENT, + TransparentProxy: &pbmesh.TransparentProxy{ + OutboundListenerPort: 15001, }, - }).Write(suite.T(), suite.client) + }, + }).Write(suite.T(), suite.client) - webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) - apiProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), apiProxyStateTemplateID, apiProxyStateTemplate.Version) + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) + apiProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), apiProxyStateTemplateID, apiProxyStateTemplate.Version) - suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - listenerNameDb := fmt.Sprintf("%s/local/%s/db-service", tenancy.Partition, tenancy.Namespace) - clusterNameDb := fmt.Sprintf("db-service.%s.%s", tenancy.Namespace, tenancy.Partition) - if tenancy.Partition == "default" { - clusterNameDb = fmt.Sprintf("db-service.%s", tenancy.Namespace) - } - requireImplicitDestinationsFound(t, api.destinationListenerName, api.destinationClusterName, tmpl) - requireImplicitDestinationsFound(t, listenerNameDb, clusterNameDb, tmpl) - }) + suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { + requireImplicitDestinationsFound(rt, "api", tmpl) + requireImplicitDestinationsFound(rt, "db", tmpl) }) + }) - testutil.RunStep(suite.T(), "traffic permissions", func(t *testing.T) { - // Global default deny applies to all identities. - assertTrafficPermissionDefaultPolicy(t, false, apiProxyStateTemplate) - assertTrafficPermissionDefaultPolicy(t, false, webProxyStateTemplate) + testutil.RunStep(suite.T(), "traffic permissions", func(t *testing.T) { + // Global default deny applies to all identities. + assertTrafficPermissionDefaultPolicy(t, false, apiProxyStateTemplate) + assertTrafficPermissionDefaultPolicy(t, false, webProxyStateTemplate) - suite.runtime.Logger.Trace("deleting computed traffic permissions") - _, err := suite.client.Delete(suite.ctx, &pbresource.DeleteRequest{Id: api.computedTrafficPermissions.Id}) - require.NoError(t, err) - suite.client.WaitForDeletion(t, api.computedTrafficPermissions.Id) + suite.runtime.Logger.Trace("deleting computed traffic permissions") + _, err := suite.client.Delete(suite.ctx, &pbresource.DeleteRequest{Id: suite.apiComputedTrafficPermissions.Id}) + require.NoError(t, err) + suite.client.WaitForDeletion(t, suite.apiComputedTrafficPermissions.Id) - apiProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), apiProxyStateTemplateID, apiProxyStateTemplate.Version) + apiProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), apiProxyStateTemplateID, apiProxyStateTemplate.Version) - suite.runtime.Logger.Trace("creating computed traffic permissions") - resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, api.workload.Identity). - WithTenancy(tenancy). - WithData(t, api.computedTrafficPermissionsData). - Write(t, suite.client) + suite.runtime.Logger.Trace("creating computed traffic permissions") + resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, suite.apiWorkload.Identity). + WithData(t, suite.apiComputedTrafficPermissionsData). + Write(t, suite.client) - suite.client.WaitForNewVersion(t, apiProxyStateTemplateID, apiProxyStateTemplate.Version) - }) + suite.client.WaitForNewVersion(t, apiProxyStateTemplateID, apiProxyStateTemplate.Version) + }) - testutil.RunStep(suite.T(), "add an HTTPRoute with a simple split on the tcp port", func(t *testing.T) { - // NOTE: because at this point we have tproxy in all-to-all mode, we will get an - // implicit upstream on 'db' - - // Create a route NOT in the state store, only to more easily feed - // into the generator. - routeData := &pbmesh.HTTPRoute{ - ParentRefs: []*pbmesh.ParentReference{{ - Ref: resource.Reference(suite.dbService.Id, ""), - Port: "", // implicitly applies to 'http' - }}, - Rules: []*pbmesh.HTTPRouteRule{{ - BackendRefs: []*pbmesh.HTTPBackendRef{ - { - BackendRef: &pbmesh.BackendReference{ - Ref: resource.Reference(api.service.Id, ""), - Port: "tcp", - }, - Weight: 60, + testutil.RunStep(suite.T(), "add an HTTPRoute with a simple split on the tcp port", func(t *testing.T) { + // NOTE: because at this point we have tproxy in all-to-all mode, we will get an + // implicit upstream on 'db' + + // Create a route NOT in the state store, only to more easily feed + // into the generator. + routeData := &pbmesh.HTTPRoute{ + ParentRefs: []*pbmesh.ParentReference{{ + Ref: resource.Reference(suite.dbService.Id, ""), + Port: "", // implicitly applies to 'http' + }}, + Rules: []*pbmesh.HTTPRouteRule{{ + BackendRefs: []*pbmesh.HTTPBackendRef{ + { + BackendRef: &pbmesh.BackendReference{ + Ref: resource.Reference(suite.apiService.Id, ""), + Port: "tcp", }, - { - BackendRef: &pbmesh.BackendReference{ - Ref: resource.Reference(suite.dbService.Id, ""), - Port: "", // assumed to be 'http' - }, - Weight: 40, + Weight: 60, + }, + { + BackendRef: &pbmesh.BackendReference{ + Ref: resource.Reference(suite.dbService.Id, ""), + Port: "", // assumed to be 'http' }, + Weight: 40, }, - }}, - } - route := resourcetest.Resource(pbmesh.HTTPRouteType, "db-http-route"). - WithTenancy(tenancy). - WithData(t, routeData). - Build() - require.NoError(t, types.MutateHTTPRoute(route)) - require.NoError(t, types.ValidateHTTPRoute(route)) - - dbCRID := resource.ReplaceType(pbmesh.ComputedRoutesType, suite.dbService.Id) - - dbCR := routestest.ReconcileComputedRoutes(suite.T(), suite.client, dbCRID, - resourcetest.MustDecode[*pbmesh.HTTPRoute](t, route), - resourcetest.MustDecode[*pbcatalog.Service](t, suite.dbService), - resourcetest.MustDecode[*pbcatalog.Service](t, api.service), - ) - require.NotNil(t, dbCR, "computed routes for db was deleted instead of created") - - webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) - - suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - listenerNameDb := fmt.Sprintf("%s/local/%s/db-service", tenancy.Partition, tenancy.Namespace) - clusterNameDb := fmt.Sprintf("db-service.%s.%s", tenancy.Namespace, tenancy.Partition) - if tenancy.Partition == "default" { - clusterNameDb = fmt.Sprintf("db-service.%s", tenancy.Namespace) - } - requireImplicitDestinationsFound(t, api.destinationListenerName, api.destinationClusterName, tmpl) - requireImplicitDestinationsFound(t, listenerNameDb, clusterNameDb, tmpl) - }) + }, + }}, + } + route := resourcetest.Resource(pbmesh.HTTPRouteType, "db-http-route"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(t, routeData). + Build() + require.NoError(t, types.MutateHTTPRoute(route)) + require.NoError(t, types.ValidateHTTPRoute(route)) + + dbCRID := resource.ReplaceType(pbmesh.ComputedRoutesType, suite.dbService.Id) + + dbCR := routestest.ReconcileComputedRoutes(suite.T(), suite.client, dbCRID, + resourcetest.MustDecode[*pbmesh.HTTPRoute](t, route), + resourcetest.MustDecode[*pbcatalog.Service](t, suite.dbService), + resourcetest.MustDecode[*pbcatalog.Service](t, suite.apiService), + ) + require.NotNil(t, dbCR, "computed routes for db was deleted instead of created") + + webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) + + suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { + requireImplicitDestinationsFound(rt, "api", tmpl) + requireImplicitDestinationsFound(rt, "db", tmpl) }) }) } func (suite *controllerTestSuite) TestControllerDefaultAllow() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Run the controller manager - mgr := controller.NewManager(suite.client, suite.runtime.Logger) - - // Initialize controller dependencies. - c := cache.New() - trustDomainFetcher := func() (string, error) { return "test.consul", nil } - - mgr.Register(Controller(c, trustDomainFetcher, "dc1", true)) - mgr.SetRaftLeader(true) - go mgr.Run(suite.ctx) - - var ( - // Create proxy state template IDs to check against in this test. - apiProxyStateTemplateID = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc").WithTenancy(tenancy).ID() - webProxyStateTemplateID = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "web-def").WithTenancy(tenancy).ID() - ) + // Run the controller manager + mgr := controller.NewManager(suite.client, suite.runtime.Logger) - retry.Run(suite.T(), func(r *retry.R) { - webProxyStateTemplate := suite.client.RequireResourceExists(r, webProxyStateTemplateID) - apiProxyStateTemplate := suite.client.RequireResourceExists(r, apiProxyStateTemplateID) + // Initialize controller dependencies. + c := cache.New() + trustDomainFetcher := func() (string, error) { return "test.consul", nil } - // Default deny because api has non-empty computed traffic permissions. - assertTrafficPermissionDefaultPolicy(r, false, apiProxyStateTemplate) - assertTrafficPermissionDefaultPolicy(r, true, webProxyStateTemplate) - }) + mgr.Register(Controller(c, trustDomainFetcher, "dc1", true)) + mgr.SetRaftLeader(true) + go mgr.Run(suite.ctx) + + var ( + // Create proxy state template IDs to check against in this test. + apiProxyStateTemplateID = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc").ID() + webProxyStateTemplateID = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "web-def").ID() + ) + + retry.Run(suite.T(), func(r *retry.R) { + webProxyStateTemplate := suite.client.RequireResourceExists(r, webProxyStateTemplateID) + apiProxyStateTemplate := suite.client.RequireResourceExists(r, apiProxyStateTemplateID) + + // Default deny because api has non-empty computed traffic permissions. + assertTrafficPermissionDefaultPolicy(r, false, apiProxyStateTemplate) + assertTrafficPermissionDefaultPolicy(r, true, webProxyStateTemplate) }) } @@ -923,21 +804,21 @@ func TestMeshController(t *testing.T) { suite.Run(t, new(controllerTestSuite)) } -func requireExplicitDestinationsFound(t *testing.T, listenerName, clusterName string, tmpl *pbmesh.ProxyStateTemplate) { - requireExplicitDestinations(t, listenerName, clusterName, tmpl, true) +func requireExplicitDestinationsFound(t resourcetest.T, name string, tmpl *pbmesh.ProxyStateTemplate) { + requireExplicitDestinations(t, name, tmpl, true) } -func requireExplicitDestinationsNotFound(t *testing.T, listenerName, clusterName string, tmpl *pbmesh.ProxyStateTemplate) { - requireExplicitDestinations(t, listenerName, clusterName, tmpl, false) +func requireExplicitDestinationsNotFound(t resourcetest.T, name string, tmpl *pbmesh.ProxyStateTemplate) { + requireExplicitDestinations(t, name, tmpl, false) } -func requireExplicitDestinations(t resourcetest.T, listenerName string, clusterName string, tmpl *pbmesh.ProxyStateTemplate, found bool) { +func requireExplicitDestinations(t resourcetest.T, name string, tmpl *pbmesh.ProxyStateTemplate, found bool) { t.Helper() // Check outbound listener. var foundListener bool for _, l := range tmpl.ProxyState.Listeners { - if l.Name == listenerName && l.Direction == pbproxystate.Direction_DIRECTION_OUTBOUND { + if strings.Contains(l.Name, name) && l.Direction == pbproxystate.Direction_DIRECTION_OUTBOUND { foundListener = true break } @@ -945,10 +826,10 @@ func requireExplicitDestinations(t resourcetest.T, listenerName string, clusterN require.Equal(t, found, foundListener) - requireClustersAndEndpoints(t, clusterName, tmpl, found) + requireClustersAndEndpoints(t, name, tmpl, found) } -func requireImplicitDestinationsFound(t resourcetest.T, listenerName string, clusterName string, tmpl *pbmesh.ProxyStateTemplate) { +func requireImplicitDestinationsFound(t resourcetest.T, name string, tmpl *pbmesh.ProxyStateTemplate) { t.Helper() // Check outbound listener. @@ -971,7 +852,7 @@ func requireImplicitDestinationsFound(t resourcetest.T, listenerName string, clu case *pbproxystate.Router_L7: require.NotNil(t, x.L7.Route) routerName := x.L7.Route.Name - foundByName = strings.Contains(routerName, listenerName) + foundByName = strings.Contains(routerName, name) default: t.Fatalf("unexpected type of destination: %T", r.Destination) } @@ -988,15 +869,15 @@ func requireImplicitDestinationsFound(t resourcetest.T, listenerName string, clu } require.True(t, foundListener) - requireClustersAndEndpoints(t, clusterName, tmpl, true) + requireClustersAndEndpoints(t, name, tmpl, true) } -func requireClustersAndEndpoints(t resourcetest.T, clusterName string, tmpl *pbmesh.ProxyStateTemplate, found bool) { +func requireClustersAndEndpoints(t resourcetest.T, name string, tmpl *pbmesh.ProxyStateTemplate, found bool) { t.Helper() var foundCluster bool for c := range tmpl.ProxyState.Clusters { - if strings.Contains(c, clusterName) { + if strings.Contains(c, name) { foundCluster = true break } @@ -1006,7 +887,7 @@ func requireClustersAndEndpoints(t resourcetest.T, clusterName string, tmpl *pbm var foundEndpoints bool for c := range tmpl.RequiredEndpoints { - if strings.Contains(c, clusterName) { + if strings.Contains(c, name) { foundEndpoints = true break } @@ -1025,11 +906,15 @@ func (suite *controllerTestSuite) waitForProxyStateTemplateState(t *testing.T, i }) } -func resourceID(rtype *pbresource.Type, name string, tenancy *pbresource.Tenancy) *pbresource.ID { +func resourceID(rtype *pbresource.Type, name string) *pbresource.ID { return &pbresource.ID{ - Type: rtype, - Tenancy: tenancy, - Name: name, + Type: rtype, + Tenancy: &pbresource.Tenancy{ + Partition: "default", + Namespace: "default", + PeerName: "local", + }, + Name: name, } } @@ -1047,33 +932,3 @@ func assertTrafficPermissionDefaultPolicy(t resourcetest.T, defaultAllow bool, r require.NotNil(t, l4) require.Equal(t, defaultAllow, l4.TrafficPermissions.DefaultAllow) } - -func (suite *controllerTestSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) -} - -func (suite *controllerTestSuite) cleanupResources() { - - for _, api := range suite.api { - suite.client.MustDelete(suite.T(), api.workloadID) - suite.client.MustDelete(suite.T(), api.computedTrafficPermissions.Id) - suite.client.MustDelete(suite.T(), api.service.Id) - suite.client.MustDelete(suite.T(), api.endpoints.Id) - } - suite.client.MustDelete(suite.T(), suite.webWorkload.Id) - suite.client.MustDelete(suite.T(), suite.dbWorkloadID) - suite.client.MustDelete(suite.T(), suite.dbService.Id) - suite.client.MustDelete(suite.T(), suite.dbEndpoints.Id) -} - -func (suite *controllerTestSuite) runTestCaseWithTenancies(t func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - suite.setupSuiteWithTenancy(tenancy) - suite.T().Cleanup(func() { - suite.cleanupResources() - }) - t(tenancy) - }) - } -} diff --git a/internal/mesh/internal/controllers/sidecarproxy/fetcher/data_fetcher_test.go b/internal/mesh/internal/controllers/sidecarproxy/fetcher/data_fetcher_test.go index c9cdd5475113c..457fa393b43f1 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/fetcher/data_fetcher_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/fetcher/data_fetcher_test.go @@ -5,7 +5,6 @@ package fetcher import ( "context" - "fmt" "testing" "github.com/stretchr/testify/require" @@ -31,10 +30,9 @@ import ( type dataFetcherSuite struct { suite.Suite - ctx context.Context - client pbresource.ResourceServiceClient - resourceClient *resourcetest.Client - rt controller.Runtime + ctx context.Context + client pbresource.ResourceServiceClient + rt controller.Runtime api1Service *pbresource.Resource api1ServiceData *pbcatalog.Service @@ -47,24 +45,16 @@ type dataFetcherSuite struct { webComputedDestinationsData *pbmesh.ComputedExplicitDestinations webProxy *pbresource.Resource webWorkload *pbresource.Resource - tenancies []*pbresource.Tenancy } func (suite *dataFetcherSuite) SetupTest() { suite.ctx = testutil.TestContext(suite.T()) - suite.tenancies = resourcetest.TestTenancies() - suite.client = svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - WithTenancies(suite.tenancies...). - Run(suite.T()) - suite.resourceClient = resourcetest.NewClient(suite.client) + suite.client = svctest.RunResourceService(suite.T(), types.Register, catalog.RegisterTypes) suite.rt = controller.Runtime{ Client: suite.client, Logger: testutil.Logger(suite.T()), } -} -func (suite *dataFetcherSuite) setupWithTenancy(tenancy *pbresource.Tenancy) { suite.api1ServiceData = &pbcatalog.Service{ Ports: []*pbcatalog.ServicePort{ {TargetPort: "tcp", VirtualPort: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, @@ -72,7 +62,6 @@ func (suite *dataFetcherSuite) setupWithTenancy(tenancy *pbresource.Tenancy) { }, } suite.api1Service = resourcetest.Resource(pbcatalog.ServiceType, "api-1"). - WithTenancy(tenancy). WithData(suite.T(), suite.api1ServiceData). Write(suite.T(), suite.client) @@ -89,7 +78,6 @@ func (suite *dataFetcherSuite) setupWithTenancy(tenancy *pbresource.Tenancy) { }, } suite.api1ServiceEndpoints = resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-1"). - WithTenancy(tenancy). WithData(suite.T(), suite.api1ServiceEndpointsData). Write(suite.T(), suite.client) @@ -101,7 +89,6 @@ func (suite *dataFetcherSuite) setupWithTenancy(tenancy *pbresource.Tenancy) { }, } suite.api2Service = resourcetest.Resource(pbcatalog.ServiceType, "api-2"). - WithTenancy(tenancy). WithData(suite.T(), suite.api2ServiceData). Write(suite.T(), suite.client) @@ -119,7 +106,6 @@ func (suite *dataFetcherSuite) setupWithTenancy(tenancy *pbresource.Tenancy) { }, } suite.api2ServiceEndpoints = resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-2"). - WithTenancy(tenancy). WithData(suite.T(), suite.api2ServiceEndpointsData). Write(suite.T(), suite.client) @@ -141,12 +127,10 @@ func (suite *dataFetcherSuite) setupWithTenancy(tenancy *pbresource.Tenancy) { } suite.webProxy = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "web-abc"). - WithTenancy(tenancy). WithData(suite.T(), &pbmesh.ProxyStateTemplate{}). Write(suite.T(), suite.client) suite.webWorkload = resourcetest.Resource(pbcatalog.WorkloadType, "web-abc"). - WithTenancy(tenancy). WithData(suite.T(), &pbcatalog.Workload{ Addresses: []*pbcatalog.WorkloadAddress{{Host: "10.0.0.2"}}, Ports: map[string]*pbcatalog.WorkloadPort{"tcp": {Port: 8081, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}}, @@ -155,384 +139,259 @@ func (suite *dataFetcherSuite) setupWithTenancy(tenancy *pbresource.Tenancy) { } func (suite *dataFetcherSuite) TestFetcher_FetchWorkload_WorkloadNotFound() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - identityID := resourcetest.Resource(pbauth.WorkloadIdentityType, "workload-identity-abc"). - WithTenancy(tenancy).ID() + identityID := resourcetest.Resource(pbauth.WorkloadIdentityType, "workload-identity-abc").ID() - // Create cache and pre-populate it. - c := cache.New() + // Create cache and pre-populate it. + c := cache.New() - f := Fetcher{ - cache: c, - client: suite.client, - } + f := Fetcher{ + cache: c, + client: suite.client, + } - workloadID := resourcetest.Resource(pbcatalog.WorkloadType, "not-found").WithTenancy(tenancy).ID() + workloadID := resourcetest.Resource(pbcatalog.WorkloadType, "not-found").ID() - // Track workload with its identity. - workload := resourcetest.Resource(pbcatalog.WorkloadType, workloadID.GetName()). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Identity: identityID.Name, - }).Build() + // Track workload with its identity. + workload := resourcetest.Resource(pbcatalog.WorkloadType, workloadID.GetName()). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), &pbcatalog.Workload{ + Identity: identityID.Name, + }).Build() - c.TrackWorkload(resourcetest.MustDecode[*pbcatalog.Workload](suite.T(), workload)) + c.TrackWorkload(resourcetest.MustDecode[*pbcatalog.Workload](suite.T(), workload)) - // Now fetch the workload so that we can check that it's been removed from cache. - _, err := f.FetchWorkload(context.Background(), workloadID) - require.NoError(suite.T(), err) - require.Nil(suite.T(), c.WorkloadsByWorkloadIdentity(identityID)) - }) + // Now fetch the workload so that we can check that it's been removed from cache. + _, err := f.FetchWorkload(context.Background(), workloadID) + require.NoError(suite.T(), err) + require.Nil(suite.T(), c.WorkloadsByWorkloadIdentity(identityID)) } func (suite *dataFetcherSuite) TestFetcher_FetchWorkload_WorkloadFound() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - identityID := resourcetest.Resource(pbauth.WorkloadIdentityType, "workload-identity-abc"). - WithTenancy(tenancy).ID() + identityID := resourcetest.Resource(pbauth.WorkloadIdentityType, "workload-identity-abc").ID() - // Create cache and pre-populate it. - c := cache.New() + // Create cache and pre-populate it. + c := cache.New() - f := Fetcher{ - cache: c, - client: suite.client, - } + f := Fetcher{ + cache: c, + client: suite.client, + } - workload := resourcetest.Resource(pbcatalog.WorkloadType, "service-workload-abc"). - WithTenancy(tenancy). - WithData(suite.T(), &pbcatalog.Workload{ - Identity: identityID.Name, - Ports: map[string]*pbcatalog.WorkloadPort{ - "foo": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - Ports: []string{"foo"}, - }, + workload := resourcetest.Resource(pbcatalog.WorkloadType, "service-workload-abc"). + WithTenancy(resource.DefaultNamespacedTenancy()). + WithData(suite.T(), &pbcatalog.Workload{ + Identity: identityID.Name, + Ports: map[string]*pbcatalog.WorkloadPort{ + "foo": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + }, + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", + Ports: []string{"foo"}, }, - }).Write(suite.T(), suite.client) + }, + }).Write(suite.T(), suite.client) - // This call should track the workload's identity - _, err := f.FetchWorkload(context.Background(), workload.Id) - require.NoError(suite.T(), err) + // This call should track the workload's identity + _, err := f.FetchWorkload(context.Background(), workload.Id) + require.NoError(suite.T(), err) - // Check that the workload is tracked - workload.Id.Uid = "" - prototest.AssertElementsMatch(suite.T(), []*pbresource.ID{workload.Id}, c.WorkloadsByWorkloadIdentity(identityID)) - }) + // Check that the workload is tracked + workload.Id.Uid = "" + prototest.AssertElementsMatch(suite.T(), []*pbresource.ID{workload.Id}, c.WorkloadsByWorkloadIdentity(identityID)) } func (suite *dataFetcherSuite) TestFetcher_FetchExplicitDestinationsData() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - c := cache.New() + c := cache.New() - var ( - api1ServiceRef = resource.Reference(suite.api1Service.Id, "") - ) + var ( + api1ServiceRef = resource.Reference(suite.api1Service.Id, "") + ) - f := Fetcher{ - cache: c, - client: suite.client, - } + f := Fetcher{ + cache: c, + client: suite.client, + } - testutil.RunStep(suite.T(), "computed destinations not found", func(t *testing.T) { - // First add computed destination to cache so we can check if it's untracked later. - compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: api1ServiceRef, - DestinationPort: "tcp1", - }, - }, - }). - WithTenancy(tenancy). - Build() - c.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDest)) - - // We will try to fetch explicit destinations for a proxy that doesn't have one. - destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) - require.NoError(t, err) - require.Nil(t, destinations) - - // Check that cache no longer has this destination. - require.Nil(t, c.ComputedDestinationsByService(resource.IDFromReference(api1ServiceRef))) - }) - - testutil.RunStep(suite.T(), "invalid destinations: service not found", func(t *testing.T) { - notFoundServiceRef := resourcetest.Resource(pbcatalog.ServiceType, "not-found"). - WithTenancy(tenancy). - ReferenceNoSection() - - compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: notFoundServiceRef, - DestinationPort: "tcp", - }, + testutil.RunStep(suite.T(), "computed destinations not found", func(t *testing.T) { + // First add computed destination to cache so we can check if it's untracked later. + compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ + { + DestinationRef: api1ServiceRef, + DestinationPort: "tcp1", }, - }). - WithTenancy(tenancy). - Write(t, suite.client) - - destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) - require.NoError(t, err) - require.Nil(t, destinations) - cachedCompDestIDs := c.ComputedDestinationsByService(resource.IDFromReference(notFoundServiceRef)) - compDest.Id.Uid = "" - prototest.AssertElementsMatch(t, []*pbresource.ID{compDest.Id}, cachedCompDestIDs) - }) - - testutil.RunStep(suite.T(), "invalid destinations: service not on mesh", func(t *testing.T) { - apiNonMeshServiceData := &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, }, - } - resourcetest.ResourceID(suite.api1Service.Id). - WithTenancy(tenancy). - WithData(t, apiNonMeshServiceData). - Write(t, suite.client) - compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: api1ServiceRef, - DestinationPort: "tcp", - }, - }, - }). - WithTenancy(tenancy). - Write(t, suite.client) - - destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) - require.NoError(t, err) - require.Nil(t, destinations) - cachedCompDestIDs := c.ComputedDestinationsByService(resource.IDFromReference(api1ServiceRef)) - compDest.Id.Uid = "" - prototest.AssertElementsMatch(t, []*pbresource.ID{compDest.Id}, cachedCompDestIDs) - }) - - testutil.RunStep(suite.T(), "invalid destinations: destination port not found", func(t *testing.T) { - resourcetest.ResourceID(suite.api1Service.Id). - WithData(t, &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "some-other-port", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - }). - WithTenancy(tenancy). - Write(t, suite.client) - compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: api1ServiceRef, - DestinationPort: "tcp", - }, - }, - }). - WithTenancy(tenancy). - Write(t, suite.client) - - destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) - require.NoError(t, err) - require.Nil(t, destinations) - cachedCompDestIDs := c.ComputedDestinationsByService(resource.IDFromReference(api1ServiceRef)) - compDest.Id.Uid = "" - prototest.AssertElementsMatch(t, []*pbresource.ID{compDest.Id}, cachedCompDestIDs) - }) - - suite.api1Service = resourcetest.ResourceID(suite.api1Service.Id). - WithTenancy(tenancy). - WithData(suite.T(), suite.api1ServiceData). - Write(suite.T(), suite.client) - - suite.api2Service = resourcetest.ResourceID(suite.api2Service.Id). - WithTenancy(tenancy). - WithData(suite.T(), suite.api2ServiceData). - Write(suite.T(), suite.client) - - testutil.RunStep(suite.T(), "invalid destinations: destination is pointing to a mesh port", func(t *testing.T) { - // Create a computed destinations resource pointing to the mesh port. - compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). - WithData(t, &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: api1ServiceRef, - DestinationPort: "mesh", - }, - }, - }). - WithTenancy(tenancy). - Write(t, suite.client) + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Build() + c.TrackComputedDestinations(resourcetest.MustDecode[*pbmesh.ComputedExplicitDestinations](t, compDest)) - destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) - require.NoError(t, err) - require.Empty(t, destinations) + // We will try to fetch explicit destinations for a proxy that doesn't have one. + destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) + require.NoError(t, err) + require.Nil(t, destinations) - cachedCompDestIDs := c.ComputedDestinationsByService(resource.IDFromReference(api1ServiceRef)) - compDest.Id.Uid = "" - prototest.AssertElementsMatch(t, []*pbresource.ID{compDest.Id}, cachedCompDestIDs) - }) + // Check that cache no longer has this destination. + require.Nil(t, c.ComputedDestinationsByService(resource.IDFromReference(api1ServiceRef))) + }) + + testutil.RunStep(suite.T(), "invalid destinations: service not found", func(t *testing.T) { + notFoundServiceRef := resourcetest.Resource(pbcatalog.ServiceType, "not-found"). + WithTenancy(resource.DefaultNamespacedTenancy()). + ReferenceNoSection() + + compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ + { + DestinationRef: notFoundServiceRef, + DestinationPort: "tcp", + }, + }, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Write(t, suite.client) + + destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) + require.NoError(t, err) + require.Nil(t, destinations) + cachedCompDestIDs := c.ComputedDestinationsByService(resource.IDFromReference(notFoundServiceRef)) + compDest.Id.Uid = "" + prototest.AssertElementsMatch(t, []*pbresource.ID{compDest.Id}, cachedCompDestIDs) + }) + testutil.RunStep(suite.T(), "invalid destinations: service not on mesh", func(t *testing.T) { + apiNonMeshServiceData := &pbcatalog.Service{ + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + }, + } + resourcetest.ResourceID(suite.api1Service.Id). + WithData(t, apiNonMeshServiceData). + Write(t, suite.client) compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). - WithData(suite.T(), suite.webComputedDestinationsData). - WithTenancy(tenancy). - Write(suite.T(), suite.client) + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ + { + DestinationRef: api1ServiceRef, + DestinationPort: "tcp", + }, + }, + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Write(t, suite.client) + + destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) + require.NoError(t, err) + require.Nil(t, destinations) + cachedCompDestIDs := c.ComputedDestinationsByService(resource.IDFromReference(api1ServiceRef)) + compDest.Id.Uid = "" + prototest.AssertElementsMatch(t, []*pbresource.ID{compDest.Id}, cachedCompDestIDs) + }) - testutil.RunStep(suite.T(), "invalid destinations: destination is pointing to a port but computed routes is not aware of it yet", func(t *testing.T) { - apiNonTCPServiceData := &pbcatalog.Service{ + testutil.RunStep(suite.T(), "invalid destinations: destination port not found", func(t *testing.T) { + resourcetest.ResourceID(suite.api1Service.Id). + WithData(t, &pbcatalog.Service{ Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "some-other-port", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, }, - } - apiNonTCPService := resourcetest.ResourceID(suite.api1Service.Id). - WithData(t, apiNonTCPServiceData). - WithTenancy(tenancy). - Build() - - api1ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, suite.api1Service.Id) - api1ComputedRoutes := routestest.ReconcileComputedRoutes(suite.T(), suite.client, api1ComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](suite.T(), apiNonTCPService), - ) - require.NotNil(suite.T(), api1ComputedRoutes) - - // This destination points to TCP, but the computed routes is stale and only knows about HTTP. - destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) - require.NoError(t, err) - - // Check that we didn't return any destinations. - require.Nil(t, destinations) - - // Check that destination service is still in cache because it's still referenced from the pbmesh.Destinations - // resource. - cachedCompDestIDs := c.ComputedDestinationsByService(resource.IDFromReference(api1ServiceRef)) - compDest.Id.Uid = "" - prototest.AssertElementsMatch(t, []*pbresource.ID{compDest.Id}, cachedCompDestIDs) - }) - - testutil.RunStep(suite.T(), "happy path", func(t *testing.T) { - // Write a default ComputedRoutes for api1 and api2. - var ( - api1ComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.api1Service.Id) - api2ComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.api2Service.Id) - ) - api1ComputedRoutes := routestest.ReconcileComputedRoutes(suite.T(), suite.client, api1ComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api1Service), - ) - require.NotNil(suite.T(), api1ComputedRoutes) - api2ComputedRoutes := routestest.ReconcileComputedRoutes(suite.T(), suite.client, api2ComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api2Service), - ) - require.NotNil(suite.T(), api2ComputedRoutes) - - resourcetest.ResourceID(suite.api1Service.Id) - - expectedDestinations := []*intermediate.Destination{ - { - Explicit: suite.webComputedDestinationsData.Destinations[0], - Service: resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api1Service), - ComputedPortRoutes: routestest.MutateTargets(suite.T(), api1ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(suite.api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": - se := resourcetest.MustDecode[*pbcatalog.ServiceEndpoints](suite.T(), suite.api1ServiceEndpoints) - details.ServiceEndpointsId = se.Resource.Id - details.ServiceEndpoints = se.Data - details.IdentityRefs = []*pbresource.Reference{{ - Name: "api-1-identity", - Tenancy: suite.api1Service.Id.Tenancy, - }} - } - }), - }, - { - Explicit: suite.webComputedDestinationsData.Destinations[1], - Service: resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api2Service), - ComputedPortRoutes: routestest.MutateTargets(suite.T(), api2ComputedRoutes.Data, "tcp1", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(suite.api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp1": - se := resourcetest.MustDecode[*pbcatalog.ServiceEndpoints](suite.T(), suite.api2ServiceEndpoints) - details.ServiceEndpointsId = se.Resource.Id - details.ServiceEndpoints = se.Data - details.IdentityRefs = []*pbresource.Reference{{ - Name: "api-2-identity", - Tenancy: suite.api2Service.Id.Tenancy, - }} - } - }), - }, - { - Explicit: suite.webComputedDestinationsData.Destinations[2], - Service: resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api2Service), - ComputedPortRoutes: routestest.MutateTargets(suite.T(), api2ComputedRoutes.Data, "tcp2", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(suite.api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp2": - se := resourcetest.MustDecode[*pbcatalog.ServiceEndpoints](suite.T(), suite.api2ServiceEndpoints) - details.ServiceEndpointsId = se.Resource.Id - details.ServiceEndpoints = se.Data - details.IdentityRefs = []*pbresource.Reference{{ - Name: "api-2-identity", - Tenancy: suite.api2Service.Id.Tenancy, - }} - } - }), + }). + Write(t, suite.client) + compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ + { + DestinationRef: api1ServiceRef, + DestinationPort: "tcp", + }, }, - } + }). + WithTenancy(resource.DefaultNamespacedTenancy()). + Write(t, suite.client) + + destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) + require.NoError(t, err) + require.Nil(t, destinations) + cachedCompDestIDs := c.ComputedDestinationsByService(resource.IDFromReference(api1ServiceRef)) + compDest.Id.Uid = "" + prototest.AssertElementsMatch(t, []*pbresource.ID{compDest.Id}, cachedCompDestIDs) + }) - actualDestinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) - require.NoError(t, err) + suite.api1Service = resourcetest.ResourceID(suite.api1Service.Id). + WithData(suite.T(), suite.api1ServiceData). + Write(suite.T(), suite.client) - // Check that we've computed expanded destinations correctly. - prototest.AssertElementsMatch(t, expectedDestinations, actualDestinations) - }) - }) -} + suite.api2Service = resourcetest.ResourceID(suite.api2Service.Id). + WithData(suite.T(), suite.api2ServiceData). + Write(suite.T(), suite.client) -func (suite *dataFetcherSuite) TestFetcher_FetchImplicitDestinationsData() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Create a few other services to be implicit upstreams. - api3Service := resourcetest.Resource(pbcatalog.ServiceType, "api-3"). - WithData(suite.T(), &pbcatalog.Service{ - VirtualIps: []string{"192.1.1.1"}, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", VirtualPort: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", VirtualPort: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + testutil.RunStep(suite.T(), "invalid destinations: destination is pointing to a mesh port", func(t *testing.T) { + // Create a computed destinations resource pointing to the mesh port. + compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). + WithData(t, &pbmesh.ComputedExplicitDestinations{ + Destinations: []*pbmesh.Destination{ + { + DestinationRef: api1ServiceRef, + DestinationPort: "mesh", + }, }, }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) + WithTenancy(resource.DefaultNamespacedTenancy()). + Write(t, suite.client) - api3ServiceEndpointsData := &pbcatalog.ServiceEndpoints{ - Endpoints: []*pbcatalog.Endpoint{ - { - TargetRef: &pbresource.ID{ - Name: "api-3-abc", - Tenancy: api3Service.Id.Tenancy, - Type: pbcatalog.WorkloadType, - }, - Addresses: []*pbcatalog.WorkloadAddress{{Host: "10.0.0.1"}}, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "mesh": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - Identity: "api-3-identity", - }, + destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) + require.NoError(t, err) + require.Empty(t, destinations) + + cachedCompDestIDs := c.ComputedDestinationsByService(resource.IDFromReference(api1ServiceRef)) + compDest.Id.Uid = "" + prototest.AssertElementsMatch(t, []*pbresource.ID{compDest.Id}, cachedCompDestIDs) + }) + + compDest := resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webProxy.Id.Name). + WithData(suite.T(), suite.webComputedDestinationsData). + WithTenancy(resource.DefaultNamespacedTenancy()). + Write(suite.T(), suite.client) + + testutil.RunStep(suite.T(), "invalid destinations: destination is pointing to a port but computed routes is not aware of it yet", func(t *testing.T) { + apiNonTCPServiceData := &pbcatalog.Service{ + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, }, } - api3ServiceEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-3"). - WithTenancy(tenancy). - WithData(suite.T(), api3ServiceEndpointsData). - Write(suite.T(), suite.client) + apiNonTCPService := resourcetest.ResourceID(suite.api1Service.Id). + WithData(t, apiNonTCPServiceData). + Build() + + api1ComputedRoutesID := resource.ReplaceType(pbmesh.ComputedRoutesType, suite.api1Service.Id) + api1ComputedRoutes := routestest.ReconcileComputedRoutes(suite.T(), suite.client, api1ComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](suite.T(), apiNonTCPService), + ) + require.NotNil(suite.T(), api1ComputedRoutes) + + // This destination points to TCP, but the computed routes is stale and only knows about HTTP. + destinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) + require.NoError(t, err) - // Write a default ComputedRoutes for api1, api2, and api3. + // Check that we didn't return any destinations. + require.Nil(t, destinations) + + // Check that destination service is still in cache because it's still referenced from the pbmesh.Destinations + // resource. + cachedCompDestIDs := c.ComputedDestinationsByService(resource.IDFromReference(api1ServiceRef)) + compDest.Id.Uid = "" + prototest.AssertElementsMatch(t, []*pbresource.ID{compDest.Id}, cachedCompDestIDs) + }) + + testutil.RunStep(suite.T(), "happy path", func(t *testing.T) { + // Write a default ComputedRoutes for api1 and api2. var ( api1ComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.api1Service.Id) api2ComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.api2Service.Id) - api3ComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, api3Service.Id) ) api1ComputedRoutes := routestest.ReconcileComputedRoutes(suite.T(), suite.client, api1ComputedRoutesID, resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api1Service), @@ -542,12 +401,10 @@ func (suite *dataFetcherSuite) TestFetcher_FetchImplicitDestinationsData() { resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api2Service), ) require.NotNil(suite.T(), api2ComputedRoutes) - api3ComputedRoutes := routestest.ReconcileComputedRoutes(suite.T(), suite.client, api3ComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](suite.T(), api3Service), - ) - require.NotNil(suite.T(), api3ComputedRoutes) - existingDestinations := []*intermediate.Destination{ + resourcetest.ResourceID(suite.api1Service.Id) + + expectedDestinations := []*intermediate.Destination{ { Explicit: suite.webComputedDestinationsData.Destinations[0], Service: resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api1Service), @@ -575,7 +432,7 @@ func (suite *dataFetcherSuite) TestFetcher_FetchImplicitDestinationsData() { details.ServiceEndpoints = se.Data details.IdentityRefs = []*pbresource.Reference{{ Name: "api-2-identity", - Tenancy: suite.api1Service.Id.Tenancy, + Tenancy: suite.api2Service.Id.Tenancy, }} } }), @@ -591,66 +448,151 @@ func (suite *dataFetcherSuite) TestFetcher_FetchImplicitDestinationsData() { details.ServiceEndpoints = se.Data details.IdentityRefs = []*pbresource.Reference{{ Name: "api-2-identity", - Tenancy: suite.api1Service.Id.Tenancy, - }} - } - }), - }, - { - // implicit - Service: resourcetest.MustDecode[*pbcatalog.Service](suite.T(), api3Service), - ComputedPortRoutes: routestest.MutateTargets(suite.T(), api3ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { - switch { - case resource.ReferenceOrIDMatch(api3Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": - se := resourcetest.MustDecode[*pbcatalog.ServiceEndpoints](suite.T(), api3ServiceEndpoints) - details.ServiceEndpointsId = se.Resource.Id - details.ServiceEndpoints = se.Data - details.IdentityRefs = []*pbresource.Reference{{ - Name: "api-3-identity", - Tenancy: suite.api1Service.Id.Tenancy, + Tenancy: suite.api2Service.Id.Tenancy, }} } }), - VirtualIPs: []string{"192.1.1.1"}, }, } - f := Fetcher{ - client: suite.client, - } + actualDestinations, err := f.FetchExplicitDestinationsData(suite.ctx, suite.webProxy.Id) + require.NoError(t, err) - actualDestinations, err := f.FetchImplicitDestinationsData(context.Background(), suite.webProxy.Id, existingDestinations) - require.NoError(suite.T(), err) - - prototest.AssertElementsMatch(suite.T(), existingDestinations, actualDestinations) + // Check that we've computed expanded destinations correctly. + prototest.AssertElementsMatch(t, expectedDestinations, actualDestinations) }) } -func TestDataFetcher(t *testing.T) { - suite.Run(t, new(dataFetcherSuite)) -} +func (suite *dataFetcherSuite) TestFetcher_FetchImplicitDestinationsData() { + // Create a few other services to be implicit upstreams. + api3Service := resourcetest.Resource(pbcatalog.ServiceType, "api-3"). + WithData(suite.T(), &pbcatalog.Service{ + VirtualIps: []string{"192.1.1.1"}, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", VirtualPort: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", VirtualPort: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + }). + Write(suite.T(), suite.client) -func (suite *dataFetcherSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) -} + api3ServiceEndpointsData := &pbcatalog.ServiceEndpoints{ + Endpoints: []*pbcatalog.Endpoint{ + { + TargetRef: &pbresource.ID{ + Name: "api-3-abc", + Tenancy: api3Service.Id.Tenancy, + Type: pbcatalog.WorkloadType, + }, + Addresses: []*pbcatalog.WorkloadAddress{{Host: "10.0.0.1"}}, + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "mesh": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + Identity: "api-3-identity", + }, + }, + } + api3ServiceEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-3"). + WithData(suite.T(), api3ServiceEndpointsData). + Write(suite.T(), suite.client) -func (suite *dataFetcherSuite) cleanUpNodes() { - suite.resourceClient.MustDelete(suite.T(), suite.api1Service.Id) - suite.resourceClient.MustDelete(suite.T(), suite.api1ServiceEndpoints.Id) - suite.resourceClient.MustDelete(suite.T(), suite.api2Service.Id) - suite.resourceClient.MustDelete(suite.T(), suite.api2ServiceEndpoints.Id) - suite.resourceClient.MustDelete(suite.T(), suite.webProxy.Id) - suite.resourceClient.MustDelete(suite.T(), suite.webWorkload.Id) -} + // Write a default ComputedRoutes for api1, api2, and api3. + var ( + api1ComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.api1Service.Id) + api2ComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.api2Service.Id) + api3ComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, api3Service.Id) + ) + api1ComputedRoutes := routestest.ReconcileComputedRoutes(suite.T(), suite.client, api1ComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api1Service), + ) + require.NotNil(suite.T(), api1ComputedRoutes) + api2ComputedRoutes := routestest.ReconcileComputedRoutes(suite.T(), suite.client, api2ComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api2Service), + ) + require.NotNil(suite.T(), api2ComputedRoutes) + api3ComputedRoutes := routestest.ReconcileComputedRoutes(suite.T(), suite.client, api3ComputedRoutesID, + resourcetest.MustDecode[*pbcatalog.Service](suite.T(), api3Service), + ) + require.NotNil(suite.T(), api3ComputedRoutes) + + existingDestinations := []*intermediate.Destination{ + { + Explicit: suite.webComputedDestinationsData.Destinations[0], + Service: resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api1Service), + ComputedPortRoutes: routestest.MutateTargets(suite.T(), api1ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(suite.api1Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": + se := resourcetest.MustDecode[*pbcatalog.ServiceEndpoints](suite.T(), suite.api1ServiceEndpoints) + details.ServiceEndpointsId = se.Resource.Id + details.ServiceEndpoints = se.Data + details.IdentityRefs = []*pbresource.Reference{{ + Name: "api-1-identity", + Tenancy: suite.api1Service.Id.Tenancy, + }} + } + }), + }, + { + Explicit: suite.webComputedDestinationsData.Destinations[1], + Service: resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api2Service), + ComputedPortRoutes: routestest.MutateTargets(suite.T(), api2ComputedRoutes.Data, "tcp1", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(suite.api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp1": + se := resourcetest.MustDecode[*pbcatalog.ServiceEndpoints](suite.T(), suite.api2ServiceEndpoints) + details.ServiceEndpointsId = se.Resource.Id + details.ServiceEndpoints = se.Data + details.IdentityRefs = []*pbresource.Reference{{ + Name: "api-2-identity", + Tenancy: suite.api1Service.Id.Tenancy, + }} + } + }), + }, + { + Explicit: suite.webComputedDestinationsData.Destinations[2], + Service: resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.api2Service), + ComputedPortRoutes: routestest.MutateTargets(suite.T(), api2ComputedRoutes.Data, "tcp2", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(suite.api2Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp2": + se := resourcetest.MustDecode[*pbcatalog.ServiceEndpoints](suite.T(), suite.api2ServiceEndpoints) + details.ServiceEndpointsId = se.Resource.Id + details.ServiceEndpoints = se.Data + details.IdentityRefs = []*pbresource.Reference{{ + Name: "api-2-identity", + Tenancy: suite.api1Service.Id.Tenancy, + }} + } + }), + }, + { + // implicit + Service: resourcetest.MustDecode[*pbcatalog.Service](suite.T(), api3Service), + ComputedPortRoutes: routestest.MutateTargets(suite.T(), api3ComputedRoutes.Data, "tcp", func(t *testing.T, details *pbmesh.BackendTargetDetails) { + switch { + case resource.ReferenceOrIDMatch(api3Service.Id, details.BackendRef.Ref) && details.BackendRef.Port == "tcp": + se := resourcetest.MustDecode[*pbcatalog.ServiceEndpoints](suite.T(), api3ServiceEndpoints) + details.ServiceEndpointsId = se.Resource.Id + details.ServiceEndpoints = se.Data + details.IdentityRefs = []*pbresource.Reference{{ + Name: "api-3-identity", + Tenancy: suite.api1Service.Id.Tenancy, + }} + } + }), + VirtualIPs: []string{"192.1.1.1"}, + }, + } -func (suite *dataFetcherSuite) runTestCaseWithTenancies(t func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - suite.setupWithTenancy(tenancy) - suite.T().Cleanup(func() { - suite.cleanUpNodes() - }) - t(tenancy) - }) + f := Fetcher{ + client: suite.client, } + + actualDestinations, err := f.FetchImplicitDestinationsData(context.Background(), suite.webProxy.Id, existingDestinations) + require.NoError(suite.T(), err) + + prototest.AssertElementsMatch(suite.T(), existingDestinations, actualDestinations) +} + +func TestDataFetcher(t *testing.T) { + suite.Run(t, new(dataFetcherSuite)) } diff --git a/internal/mesh/internal/controllers/xds/controller_test.go b/internal/mesh/internal/controllers/xds/controller_test.go index 6ef4eefd7f5a9..e1dd0ebb61719 100644 --- a/internal/mesh/internal/controllers/xds/controller_test.go +++ b/internal/mesh/internal/controllers/xds/controller_test.go @@ -11,6 +11,7 @@ import ( "strings" "testing" + "github.com/hashicorp/consul/internal/testing/golden" "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" "google.golang.org/protobuf/encoding/protojson" @@ -25,7 +26,6 @@ import ( "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/mappers/bimapper" "github.com/hashicorp/consul/internal/resource/resourcetest" - "github.com/hashicorp/consul/internal/testing/golden" pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1/pbproxystate" @@ -51,7 +51,6 @@ type xdsControllerTestSuite struct { leafCancels *LeafCancels leafCertEvents chan controller.Event signer *leafcert.TestSigner - tenancies []*pbresource.Tenancy fooProxyStateTemplate *pbresource.Resource barProxyStateTemplate *pbresource.Resource @@ -70,12 +69,7 @@ type xdsControllerTestSuite struct { func (suite *xdsControllerTestSuite) SetupTest() { suite.ctx = testutil.TestContext(suite.T()) - suite.tenancies = resourcetest.TestTenancies() - resourceClient := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - WithTenancies(suite.tenancies...). - Run(suite.T()) - + resourceClient := svctest.RunResourceService(suite.T(), types.Register, catalog.RegisterTypes) suite.runtime = controller.Runtime{Client: resourceClient, Logger: testutil.Logger(suite.T())} suite.client = resourcetest.NewClient(resourceClient) suite.fetcher = mockFetcher @@ -118,233 +112,202 @@ func mockFetcher() (*pbproxystate.TrustBundle, error) { // This test ensures when a ProxyState is deleted, it is no longer tracked in the mappers. func (suite *xdsControllerTestSuite) TestReconcile_NoProxyStateTemplate() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Track the id of a non-existent ProxyStateTemplate. - proxyStateTemplateId := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "not-found").WithTenancy(tenancy).ID() - - suite.T().Cleanup(suite.deleteResourceFunc(proxyStateTemplateId)) - - suite.mapper.TrackItem(proxyStateTemplateId, []resource.ReferenceOrID{}) - suite.leafMapper.TrackItem(proxyStateTemplateId, []resource.ReferenceOrID{}) - require.False(suite.T(), suite.mapper.IsEmpty()) - require.False(suite.T(), suite.leafMapper.IsEmpty()) - - // Run the reconcile, and since no ProxyStateTemplate is stored, this simulates a deletion. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: proxyStateTemplateId, - }) - require.NoError(suite.T(), err) - - // Assert that nothing is tracked in the endpoints mapper. - require.True(suite.T(), suite.mapper.IsEmpty()) - require.True(suite.T(), suite.leafMapper.IsEmpty()) + // Track the id of a non-existent ProxyStateTemplate. + proxyStateTemplateId := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "not-found").ID() + suite.mapper.TrackItem(proxyStateTemplateId, []resource.ReferenceOrID{}) + suite.leafMapper.TrackItem(proxyStateTemplateId, []resource.ReferenceOrID{}) + require.False(suite.T(), suite.mapper.IsEmpty()) + require.False(suite.T(), suite.leafMapper.IsEmpty()) + + // Run the reconcile, and since no ProxyStateTemplate is stored, this simulates a deletion. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: proxyStateTemplateId, }) + require.NoError(suite.T(), err) + + // Assert that nothing is tracked in the endpoints mapper. + require.True(suite.T(), suite.mapper.IsEmpty()) + require.True(suite.T(), suite.leafMapper.IsEmpty()) } // This test ensures if the controller was previously tracking a ProxyStateTemplate, and now that proxy has // disconnected from this server, it's ignored and removed from the mapper. func (suite *xdsControllerTestSuite) TestReconcile_RemoveTrackingProxiesNotConnectedToServer() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Store the initial ProxyStateTemplate and track it in the mapper. - proxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "test"). - WithData(suite.T(), &pbmesh.ProxyStateTemplate{}). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(proxyStateTemplate.Id)) - - suite.mapper.TrackItem(proxyStateTemplate.Id, []resource.ReferenceOrID{}) + // Store the initial ProxyStateTemplate and track it in the mapper. + proxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "test"). + WithData(suite.T(), &pbmesh.ProxyStateTemplate{}). + Write(suite.T(), suite.client) - // Simulate the proxy disconnecting from this server. The resource still exists, but this proxy might be connected - // to a different server now, so we no longer need to track it. - suite.updater.notConnected = true + suite.mapper.TrackItem(proxyStateTemplate.Id, []resource.ReferenceOrID{}) - // Run the reconcile. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: proxyStateTemplate.Id, - }) - require.NoError(suite.T(), err) + // Simulate the proxy disconnecting from this server. The resource still exists, but this proxy might be connected + // to a different server now, so we no longer need to track it. + suite.updater.notConnected = true - // Assert that nothing is tracked in the mapper. - require.True(suite.T(), suite.mapper.IsEmpty()) + // Run the reconcile. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: proxyStateTemplate.Id, }) + require.NoError(suite.T(), err) + + // Assert that nothing is tracked in the mapper. + require.True(suite.T(), suite.mapper.IsEmpty()) } // This test sets up the updater to return an error when calling PushChange, and ensures the status is set // correctly. func (suite *xdsControllerTestSuite) TestReconcile_PushChangeError() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Have the mock simulate an error from the PushChange call. - suite.updater.pushChangeError = true + // Have the mock simulate an error from the PushChange call. + suite.updater.pushChangeError = true - // Setup a happy path scenario. - suite.setupFooProxyStateTemplateWithReferences(tenancy) + // Setup a happy path scenario. + suite.setupFooProxyStateTemplateWithReferences() - // Run the reconcile. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: suite.fooProxyStateTemplate.Id, - }) - require.Error(suite.T(), err) - - // Assert on the status reflecting endpoint not found. - suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedPushChangeFailed(status.KeyFromID(suite.fooProxyStateTemplate.Id))) + // Run the reconcile. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: suite.fooProxyStateTemplate.Id, }) + require.Error(suite.T(), err) + + // Assert on the status reflecting endpoint not found. + suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedPushChangeFailed(status.KeyFromID(suite.fooProxyStateTemplate.Id))) } // This test sets up a ProxyStateTemplate that references a ServiceEndpoints that doesn't exist, and ensures the // status is correct. func (suite *xdsControllerTestSuite) TestReconcile_MissingEndpoint() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Set fooProxyStateTemplate with a reference to fooEndpoints, without storing fooEndpoints so the controller should - // notice it's missing. - fooEndpointsId := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "foo-service").WithTenancy(tenancy).ID() - fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef) - fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{ - Id: fooEndpointsId, - Port: "mesh", - } - - fooProxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "foo-pst"). - WithData(suite.T(), &pbmesh.ProxyStateTemplate{ - RequiredEndpoints: fooRequiredEndpoints, - ProxyState: &pbmesh.ProxyState{}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(fooProxyStateTemplate.Id)) + // Set fooProxyStateTemplate with a reference to fooEndpoints, without storing fooEndpoints so the controller should + // notice it's missing. + fooEndpointsId := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "foo-service").WithTenancy(resource.DefaultNamespacedTenancy()).ID() + fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef) + fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{ + Id: fooEndpointsId, + Port: "mesh", + } - retry.Run(suite.T(), func(r *retry.R) { - suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id) - }) + fooProxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "foo-pst"). + WithData(suite.T(), &pbmesh.ProxyStateTemplate{ + RequiredEndpoints: fooRequiredEndpoints, + ProxyState: &pbmesh.ProxyState{}, + }). + Write(suite.T(), suite.client) - // Run the reconcile. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: fooProxyStateTemplate.Id, - }) - require.Error(suite.T(), err) + retry.Run(suite.T(), func(r *retry.R) { + suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id) + }) - // Assert on the status reflecting endpoint not found. - suite.client.RequireStatusCondition(suite.T(), fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedErrorReadingEndpoints(status.KeyFromID(fooEndpointsId), "rpc error: code = NotFound desc = resource not found")) + // Run the reconcile. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: fooProxyStateTemplate.Id, }) + require.Error(suite.T(), err) + + // Assert on the status reflecting endpoint not found. + suite.client.RequireStatusCondition(suite.T(), fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedErrorReadingEndpoints(status.KeyFromID(fooEndpointsId), "rpc error: code = NotFound desc = resource not found")) } // This test sets up a ProxyStateTemplate that references a ServiceEndpoints that can't be read correctly, and // checks the status is correct. func (suite *xdsControllerTestSuite) TestReconcile_ReadEndpointError() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - badID := &pbresource.ID{ - Type: &pbresource.Type{ - Group: "not", - Kind: "found", - GroupVersion: "vfake", - }, - Tenancy: tenancy, - } - fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef) - fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{ - Id: badID, - Port: "mesh", - } - - fooProxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "foo-pst"). - WithData(suite.T(), &pbmesh.ProxyStateTemplate{ - RequiredEndpoints: fooRequiredEndpoints, - ProxyState: &pbmesh.ProxyState{}, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(fooProxyStateTemplate.Id)) + badID := &pbresource.ID{ + Type: &pbresource.Type{ + Group: "not", + Kind: "found", + GroupVersion: "vfake", + }, + Tenancy: &pbresource.Tenancy{Namespace: "default", Partition: "default", PeerName: "local"}, + } + fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef) + fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{ + Id: badID, + Port: "mesh", + } - retry.Run(suite.T(), func(r *retry.R) { - suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id) - }) + fooProxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "foo-pst"). + WithData(suite.T(), &pbmesh.ProxyStateTemplate{ + RequiredEndpoints: fooRequiredEndpoints, + ProxyState: &pbmesh.ProxyState{}, + }). + Write(suite.T(), suite.client) - // Run the reconcile. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: fooProxyStateTemplate.Id, - }) - require.Error(suite.T(), err) + retry.Run(suite.T(), func(r *retry.R) { + suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id) + }) - // Assert on the status reflecting endpoint couldn't be read. - suite.client.RequireStatusCondition(suite.T(), fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedErrorReadingEndpoints( - status.KeyFromID(badID), - "rpc error: code = InvalidArgument desc = id.name invalid: a resource name must consist of lower case alphanumeric characters or '-', must start and end with an alphanumeric character and be less than 64 characters, got: \"\"", - )) + // Run the reconcile. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: fooProxyStateTemplate.Id, }) + require.Error(suite.T(), err) + + // Assert on the status reflecting endpoint couldn't be read. + suite.client.RequireStatusCondition(suite.T(), fooProxyStateTemplate.Id, ControllerName, status.ConditionRejectedErrorReadingEndpoints(status.KeyFromID(badID), "rpc error: code = InvalidArgument desc = id.name is required")) } // This test is a happy path creation test to make sure pbproxystate.Endpoints are created in the computed // pbmesh.ProxyState from the RequiredEndpoints references. More specific translations between endpoint references // and pbproxystate.Endpoints are unit tested in endpoint_builder.go. func (suite *xdsControllerTestSuite) TestReconcile_ProxyStateTemplateComputesEndpoints() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints and store them in the state store. - // This setup saves expected values in the suite so it can be asserted against later. - suite.setupFooProxyStateTemplateWithReferences(tenancy) - - // Run the reconcile. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: suite.fooProxyStateTemplate.Id, - }) - require.NoError(suite.T(), err) - - // Assert on the status. - suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + // Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints and store them in the state store. + // This setup saves expected values in the suite so it can be asserted against later. + suite.setupFooProxyStateTemplateWithReferences() - // Assert that the endpoints computed in the controller matches the expected endpoints. - actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) - prototest.AssertDeepEqual(suite.T(), suite.expectedFooProxyStateEndpoints, actualEndpoints) + // Run the reconcile. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: suite.fooProxyStateTemplate.Id, }) + require.NoError(suite.T(), err) + + // Assert on the status. + suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + + // Assert that the endpoints computed in the controller matches the expected endpoints. + actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) + prototest.AssertDeepEqual(suite.T(), suite.expectedFooProxyStateEndpoints, actualEndpoints) } func (suite *xdsControllerTestSuite) TestReconcile_ProxyStateTemplateComputesLeafCerts() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints and store them in the state store. - // This setup saves expected values in the suite so it can be asserted against later. - suite.setupFooProxyStateTemplateWithReferences(tenancy) - - // Run the reconcile. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: suite.fooProxyStateTemplate.Id, - }) - require.NoError(suite.T(), err) + // Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints and store them in the state store. + // This setup saves expected values in the suite so it can be asserted against later. + suite.setupFooProxyStateTemplateWithReferences() - // Assert on the status. - suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + // Run the reconcile. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: suite.fooProxyStateTemplate.Id, + }) + require.NoError(suite.T(), err) - // Assert that the actual leaf certs computed are match the expected leaf cert spiffes. - actualLeafs := suite.updater.GetLeafs(suite.fooProxyStateTemplate.Id.Name) + // Assert on the status. + suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) - for k, l := range actualLeafs { - pemDecode, _ := pem.Decode([]byte(l.Cert)) - cert, err := x509.ParseCertificate(pemDecode.Bytes) - require.NoError(suite.T(), err) - require.Equal(suite.T(), cert.URIs[0].String(), suite.expectedFooProxyStateSpiffes[k]) - } - }) + // Assert that the actual leaf certs computed are match the expected leaf cert spiffes. + actualLeafs := suite.updater.GetLeafs(suite.fooProxyStateTemplate.Id.Name) + + for k, l := range actualLeafs { + pem, _ := pem.Decode([]byte(l.Cert)) + cert, err := x509.ParseCertificate(pem.Bytes) + require.NoError(suite.T(), err) + require.Equal(suite.T(), cert.URIs[0].String(), suite.expectedFooProxyStateSpiffes[k]) + } } // This test is a happy path creation test to make sure pbproxystate.Template.TrustBundles are created in the computed // pbmesh.ProxyState from the TrustBundleFetcher. func (suite *xdsControllerTestSuite) TestReconcile_ProxyStateTemplateSetsTrustBundles() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - suite.setupFooProxyStateTemplateWithReferences(tenancy) + suite.setupFooProxyStateTemplateWithReferences() - // Run the reconcile. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: suite.fooProxyStateTemplate.Id, - }) - require.NoError(suite.T(), err) + // Run the reconcile. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: suite.fooProxyStateTemplate.Id, + }) + require.NoError(suite.T(), err) - // Assert on the status. - suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + // Assert on the status. + suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) - // Assert that the endpoints computed in the controller matches the expected endpoints. - actualTrustBundle := suite.updater.GetTrustBundle(suite.fooProxyStateTemplate.Id.Name) - prototest.AssertDeepEqual(suite.T(), suite.expectedTrustBundle, actualTrustBundle) - }) + // Assert that the endpoints computed in the controller matches the expected endpoints. + actualTrustBundle := suite.updater.GetTrustBundle(suite.fooProxyStateTemplate.Id.Name) + prototest.AssertDeepEqual(suite.T(), suite.expectedTrustBundle, actualTrustBundle) } // This test is a happy path creation test that calls reconcile multiple times with a more complex setup. This @@ -352,368 +315,342 @@ func (suite *xdsControllerTestSuite) TestReconcile_ProxyStateTemplateSetsTrustBu // stored in the state store. So this test ensures that between multiple reconciles the correct ProxyStates are // computed for each ProxyStateTemplate. func (suite *xdsControllerTestSuite) TestReconcile_MultipleProxyStateTemplatesComputesMultipleEndpoints() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Set up fooProxyStateTemplate and barProxyStateTemplate and their associated resources and store them. Resources - // and expected results are stored in the suite to assert against. - suite.setupFooBarProxyStateTemplateAndEndpoints(tenancy) - - // Reconcile the fooProxyStateTemplate. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: suite.fooProxyStateTemplate.Id, - }) - require.NoError(suite.T(), err) + // Set up fooProxyStateTemplate and barProxyStateTemplate and their associated resources and store them. Resources + // and expected results are stored in the suite to assert against. + suite.setupFooBarProxyStateTemplateAndEndpoints() - // Assert on the status. - suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + // Reconcile the fooProxyStateTemplate. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: suite.fooProxyStateTemplate.Id, + }) + require.NoError(suite.T(), err) - // Assert that the endpoints computed in the controller matches the expected endpoints. - actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) - prototest.AssertDeepEqual(suite.T(), suite.expectedFooProxyStateEndpoints, actualEndpoints) + // Assert on the status. + suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) - // Reconcile the barProxyStateTemplate. - err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: suite.barProxyStateTemplate.Id, - }) - require.NoError(suite.T(), err) + // Assert that the endpoints computed in the controller matches the expected endpoints. + actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) + prototest.AssertDeepEqual(suite.T(), suite.expectedFooProxyStateEndpoints, actualEndpoints) - // Assert on the status. - suite.client.RequireStatusCondition(suite.T(), suite.barProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) - - // Assert that the endpoints computed in the controller matches the expected endpoints. - actualBarEndpoints := suite.updater.GetEndpoints(suite.barProxyStateTemplate.Id.Name) - prototest.AssertDeepEqual(suite.T(), suite.expectedBarProxyStateEndpoints, actualBarEndpoints) + // Reconcile the barProxyStateTemplate. + err = suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: suite.barProxyStateTemplate.Id, }) + require.NoError(suite.T(), err) + + // Assert on the status. + suite.client.RequireStatusCondition(suite.T(), suite.barProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + + // Assert that the endpoints computed in the controller matches the expected endpoints. + actualBarEndpoints := suite.updater.GetEndpoints(suite.barProxyStateTemplate.Id.Name) + prototest.AssertDeepEqual(suite.T(), suite.expectedBarProxyStateEndpoints, actualBarEndpoints) } // Sets up a full controller, and tests that reconciles are getting triggered for the events it should. func (suite *xdsControllerTestSuite) TestController_ComputeAddUpdateEndpointReferences() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Run the controller manager. - mgr := controller.NewManager(suite.client, suite.runtime.Logger) - mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher, suite.leafCertManager, suite.leafMapper, suite.leafCancels, "dc1")) - mgr.SetRaftLeader(true) - go mgr.Run(suite.ctx) - - suite.setupFooProxyStateTemplateWithReferences(tenancy) - - // Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to - // be in a retry block unlike the Reconcile tests because the controller triggers asynchronously. - retry.Run(suite.T(), func(r *retry.R) { - actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) - // Assert on the status. - suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) - // Assert that the endpoints computed in the controller matches the expected endpoints. - prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) - }) + // Run the controller manager. + mgr := controller.NewManager(suite.client, suite.runtime.Logger) + mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher, suite.leafCertManager, suite.leafMapper, suite.leafCancels, "dc1")) + mgr.SetRaftLeader(true) + go mgr.Run(suite.ctx) - // Now, update the endpoint to be unhealthy. This will ensure the controller is getting triggered on changes to this - // endpoint that it should be tracking, even when the ProxyStateTemplate does not change. - svc := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "foo-service"). - WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{ - { - Ports: map[string]*pbcatalog.WorkloadPort{ - "mesh": { - Port: 20000, - Protocol: pbcatalog.Protocol_PROTOCOL_MESH, - }, + suite.setupFooProxyStateTemplateWithReferences() + + // Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to + // be in a retry block unlike the Reconcile tests because the controller triggers asynchronously. + retry.Run(suite.T(), func(r *retry.R) { + actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) + // Assert on the status. + suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + // Assert that the endpoints computed in the controller matches the expected endpoints. + prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) + }) + + // Now, update the endpoint to be unhealthy. This will ensure the controller is getting triggered on changes to this + // endpoint that it should be tracking, even when the ProxyStateTemplate does not change. + resourcetest.Resource(pbcatalog.ServiceEndpointsType, "foo-service"). + WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{ + { + Ports: map[string]*pbcatalog.WorkloadPort{ + "mesh": { + Port: 20000, + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, }, - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.1.1.1", - Ports: []string{"mesh"}, - }, - { - Host: "10.2.2.2", - Ports: []string{"mesh"}, - }, + }, + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.1.1.1", + Ports: []string{"mesh"}, + }, + { + Host: "10.2.2.2", + Ports: []string{"mesh"}, }, - HealthStatus: pbcatalog.Health_HEALTH_CRITICAL, }, - }}). - WithOwner(suite.fooService.Id). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - - // Wait for the endpoint to be written. - retry.Run(suite.T(), func(r *retry.R) { - suite.client.RequireVersionChanged(suite.T(), suite.fooEndpoints.Id, suite.fooEndpoints.Version) - }) + HealthStatus: pbcatalog.Health_HEALTH_CRITICAL, + }, + }}). + WithOwner(suite.fooService.Id). + Write(suite.T(), suite.client) - // Update the expected endpoints to also have unhealthy status. - suite.expectedFooProxyStateEndpoints["test-cluster-1"].Endpoints[0].HealthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY - suite.expectedFooProxyStateEndpoints["test-cluster-1"].Endpoints[1].HealthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY + // Wait for the endpoint to be written. + retry.Run(suite.T(), func(r *retry.R) { + suite.client.RequireVersionChanged(suite.T(), suite.fooEndpoints.Id, suite.fooEndpoints.Version) + }) - retry.Run(suite.T(), func(r *retry.R) { - actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) - // Assert on the status. - suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) - // Assert that the endpoints computed in the controller matches the expected endpoints. - prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) - }) + // Update the expected endpoints to also have unhealthy status. + suite.expectedFooProxyStateEndpoints["test-cluster-1"].Endpoints[0].HealthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY + suite.expectedFooProxyStateEndpoints["test-cluster-1"].Endpoints[1].HealthStatus = pbproxystate.HealthStatus_HEALTH_STATUS_UNHEALTHY - // Now add a new endpoint reference and endpoint to the fooProxyStateTemplate. This will ensure that the controller - // now tracks the newly added endpoint. - secondService := resourcetest.Resource(pbcatalog.ServiceType, "second-service"). - WithData(suite.T(), &pbcatalog.Service{}). - WithTenancy(tenancy). - Write(suite.T(), suite.client) + retry.Run(suite.T(), func(r *retry.R) { + actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) + // Assert on the status. + suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + // Assert that the endpoints computed in the controller matches the expected endpoints. + prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) + }) - suite.T().Cleanup(suite.deleteResourceFunc(secondService.Id)) + // Now add a new endpoint reference and endpoint to the fooProxyStateTemplate. This will ensure that the controller + // now tracks the newly added endpoint. + secondService := resourcetest.Resource(pbcatalog.ServiceType, "second-service"). + WithData(suite.T(), &pbcatalog.Service{}). + Write(suite.T(), suite.client) - secondEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "second-service"). - WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{ - { - Ports: map[string]*pbcatalog.WorkloadPort{ - "mesh": { - Port: 20000, - Protocol: pbcatalog.Protocol_PROTOCOL_MESH, - }, + secondEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "second-service"). + WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{ + { + Ports: map[string]*pbcatalog.WorkloadPort{ + "mesh": { + Port: 20000, + Protocol: pbcatalog.Protocol_PROTOCOL_MESH, }, - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.5.5.5", - Ports: []string{"mesh"}, - }, - { - Host: "10.6.6.6", - Ports: []string{"mesh"}, - }, + }, + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.5.5.5", + Ports: []string{"mesh"}, + }, + { + Host: "10.6.6.6", + Ports: []string{"mesh"}, }, }, - }}). - WithOwner(secondService.Id). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(secondEndpoints.Id)) - - // Update the endpoint references on the fooProxyStateTemplate. - suite.fooEndpointRefs["test-cluster-2"] = &pbproxystate.EndpointRef{ - Id: secondEndpoints.Id, - Port: "mesh", - } + }, + }}). + WithOwner(secondService.Id). + Write(suite.T(), suite.client) - oldVersion := suite.fooProxyStateTemplate.Version - fooProxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "foo-pst"). - WithData(suite.T(), &pbmesh.ProxyStateTemplate{ - RequiredEndpoints: suite.fooEndpointRefs, - ProxyState: &pbmesh.ProxyState{}, - RequiredLeafCertificates: suite.fooLeafRefs, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) + // Update the endpoint references on the fooProxyStateTemplate. + suite.fooEndpointRefs["test-cluster-2"] = &pbproxystate.EndpointRef{ + Id: secondEndpoints.Id, + Port: "mesh", + } - suite.T().Cleanup(suite.deleteResourceFunc(fooProxyStateTemplate.Id)) + oldVersion := suite.fooProxyStateTemplate.Version + fooProxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "foo-pst"). + WithData(suite.T(), &pbmesh.ProxyStateTemplate{ + RequiredEndpoints: suite.fooEndpointRefs, + ProxyState: &pbmesh.ProxyState{}, + RequiredLeafCertificates: suite.fooLeafRefs, + }). + Write(suite.T(), suite.client) - retry.Run(suite.T(), func(r *retry.R) { - suite.client.RequireVersionChanged(r, fooProxyStateTemplate.Id, oldVersion) - }) + retry.Run(suite.T(), func(r *retry.R) { + suite.client.RequireVersionChanged(r, fooProxyStateTemplate.Id, oldVersion) + }) - // Update the expected endpoints with this new endpoints. - suite.expectedFooProxyStateEndpoints["test-cluster-2"] = &pbproxystate.Endpoints{ - Endpoints: []*pbproxystate.Endpoint{ - { - Address: &pbproxystate.Endpoint_HostPort{ - HostPort: &pbproxystate.HostPortAddress{ - Host: "10.5.5.5", - Port: 20000, - }, + // Update the expected endpoints with this new endpoints. + suite.expectedFooProxyStateEndpoints["test-cluster-2"] = &pbproxystate.Endpoints{ + Endpoints: []*pbproxystate.Endpoint{ + { + Address: &pbproxystate.Endpoint_HostPort{ + HostPort: &pbproxystate.HostPortAddress{ + Host: "10.5.5.5", + Port: 20000, }, - HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY, }, - { - Address: &pbproxystate.Endpoint_HostPort{ - HostPort: &pbproxystate.HostPortAddress{ - Host: "10.6.6.6", - Port: 20000, - }, + HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY, + }, + { + Address: &pbproxystate.Endpoint_HostPort{ + HostPort: &pbproxystate.HostPortAddress{ + Host: "10.6.6.6", + Port: 20000, }, - HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY, }, + HealthStatus: pbproxystate.HealthStatus_HEALTH_STATUS_HEALTHY, }, - } - - retry.Run(suite.T(), func(r *retry.R) { - actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) - // Assert on the status. - suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) - // Assert that the endpoints computed in the controller matches the expected endpoints. - prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) - }) + }, + } + retry.Run(suite.T(), func(r *retry.R) { + actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) + // Assert on the status. + suite.client.RequireStatusCondition(suite.T(), suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + // Assert that the endpoints computed in the controller matches the expected endpoints. + prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) }) + } // Sets up a full controller, and tests that reconciles are getting triggered for the leaf cert events it should. // This test ensures when a CA is updated, the controller is triggered to update the leaf cert when it changes. func (suite *xdsControllerTestSuite) TestController_ComputeAddUpdateDeleteLeafReferences() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Run the controller manager. - mgr := controller.NewManager(suite.client, suite.runtime.Logger) - mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher, suite.leafCertManager, suite.leafMapper, suite.leafCancels, "dc1")) - mgr.SetRaftLeader(true) - go mgr.Run(suite.ctx) - - suite.setupFooProxyStateTemplateWithReferences(tenancy) - leafCertRef := suite.fooLeafRefs["foo-workload-identity"] - fooLeafResRef := leafResourceRef(leafCertRef.Name, leafCertRef.Namespace, leafCertRef.Partition) - - // oldLeaf will store the original leaf from before we trigger a CA update. - var oldLeaf *x509.Certificate - - // Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to - // be in a retry block unlike the Reconcile tests because the controller triggers asynchronously. - retry.Run(suite.T(), func(r *retry.R) { - actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) - actualLeafs := suite.updater.GetLeafs(suite.fooProxyStateTemplate.Id.Name) - // Assert on the status. - suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) - // Assert that the endpoints computed in the controller matches the expected endpoints. - prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) - // Assert that the leafs computed in the controller matches the expected leafs. - require.Len(r, actualLeafs, 1) - for k, l := range actualLeafs { - pemDecode, _ := pem.Decode([]byte(l.Cert)) - cert, err := x509.ParseCertificate(pemDecode.Bytes) - oldLeaf = cert - require.NoError(r, err) - require.Equal(r, cert.URIs[0].String(), suite.expectedFooProxyStateSpiffes[k]) - // Check the state of the cancel functions map. - _, ok := suite.leafCancels.Get(keyFromReference(fooLeafResRef)) - require.True(r, ok) - } - }) - - // Update the CA, and ensure the leaf cert is different from the leaf certificate from the step above. - suite.signer.UpdateCA(suite.T(), nil) - retry.Run(suite.T(), func(r *retry.R) { - actualLeafs := suite.updater.GetLeafs(suite.fooProxyStateTemplate.Id.Name) - require.Len(r, actualLeafs, 1) - for k, l := range actualLeafs { - pemDecode, _ := pem.Decode([]byte(l.Cert)) - cert, err := x509.ParseCertificate(pemDecode.Bytes) - // Ensure the leaf was actually updated by checking that the leaf we just got is different from the old leaf. - require.NotEqual(r, oldLeaf.Raw, cert.Raw) - require.NoError(r, err) - require.Equal(r, suite.expectedFooProxyStateSpiffes[k], cert.URIs[0].String()) - // Check the state of the cancel functions map. Even though we've updated the leaf cert, we should still - // have a watch going for it. - _, ok := suite.leafCancels.Get(keyFromReference(fooLeafResRef)) - require.True(r, ok) - } - }) + // Run the controller manager. + mgr := controller.NewManager(suite.client, suite.runtime.Logger) + mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher, suite.leafCertManager, suite.leafMapper, suite.leafCancels, "dc1")) + mgr.SetRaftLeader(true) + go mgr.Run(suite.ctx) - // Delete the leaf references on the fooProxyStateTemplate - delete(suite.fooLeafRefs, "foo-workload-identity") - oldVersion := suite.fooProxyStateTemplate.Version - fooProxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "foo-pst"). - WithData(suite.T(), &pbmesh.ProxyStateTemplate{ - RequiredEndpoints: suite.fooEndpointRefs, - ProxyState: &pbmesh.ProxyState{}, - RequiredLeafCertificates: suite.fooLeafRefs, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) + suite.setupFooProxyStateTemplateWithReferences() + leafCertRef := suite.fooLeafRefs["foo-workload-identity"] + fooLeafResRef := leafResourceRef(leafCertRef.Name, leafCertRef.Namespace, leafCertRef.Partition) - suite.T().Cleanup(suite.deleteResourceFunc(fooProxyStateTemplate.Id)) + // oldLeaf will store the original leaf from before we trigger a CA update. + var oldLeaf *x509.Certificate - retry.Run(suite.T(), func(r *retry.R) { - suite.client.RequireVersionChanged(r, fooProxyStateTemplate.Id, oldVersion) - }) + // Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to + // be in a retry block unlike the Reconcile tests because the controller triggers asynchronously. + retry.Run(suite.T(), func(r *retry.R) { + actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) + actualLeafs := suite.updater.GetLeafs(suite.fooProxyStateTemplate.Id.Name) + // Assert on the status. + suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + // Assert that the endpoints computed in the controller matches the expected endpoints. + prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) + // Assert that the leafs computed in the controller matches the expected leafs. + require.Len(r, actualLeafs, 1) + for k, l := range actualLeafs { + pem, _ := pem.Decode([]byte(l.Cert)) + cert, err := x509.ParseCertificate(pem.Bytes) + oldLeaf = cert + require.NoError(r, err) + require.Equal(r, cert.URIs[0].String(), suite.expectedFooProxyStateSpiffes[k]) + // Check the state of the cancel functions map. + _, ok := suite.leafCancels.Get(keyFromReference(fooLeafResRef)) + require.True(r, ok) + } + }) - // Ensure the leaf certificate watches were cancelled since we deleted the leaf reference. - retry.Run(suite.T(), func(r *retry.R) { + // Update the CA, and ensure the leaf cert is different from the leaf certificate from the step above. + suite.signer.UpdateCA(suite.T(), nil) + retry.Run(suite.T(), func(r *retry.R) { + actualLeafs := suite.updater.GetLeafs(suite.fooProxyStateTemplate.Id.Name) + require.Len(r, actualLeafs, 1) + for k, l := range actualLeafs { + pem, _ := pem.Decode([]byte(l.Cert)) + cert, err := x509.ParseCertificate(pem.Bytes) + // Ensure the leaf was actually updated by checking that the leaf we just got is different from the old leaf. + require.NotEqual(r, oldLeaf.Raw, cert.Raw) + require.NoError(r, err) + require.Equal(r, suite.expectedFooProxyStateSpiffes[k], cert.URIs[0].String()) + // Check the state of the cancel functions map. Even though we've updated the leaf cert, we should still + // have a watch going for it. _, ok := suite.leafCancels.Get(keyFromReference(fooLeafResRef)) - require.False(r, ok) - }) + require.True(r, ok) + } + }) + + // Delete the leaf references on the fooProxyStateTemplate + delete(suite.fooLeafRefs, "foo-workload-identity") + oldVersion := suite.fooProxyStateTemplate.Version + fooProxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "foo-pst"). + WithData(suite.T(), &pbmesh.ProxyStateTemplate{ + RequiredEndpoints: suite.fooEndpointRefs, + ProxyState: &pbmesh.ProxyState{}, + RequiredLeafCertificates: suite.fooLeafRefs, + }). + Write(suite.T(), suite.client) + + retry.Run(suite.T(), func(r *retry.R) { + suite.client.RequireVersionChanged(r, fooProxyStateTemplate.Id, oldVersion) + }) + + // Ensure the leaf certificate watches were cancelled since we deleted the leaf reference. + retry.Run(suite.T(), func(r *retry.R) { + _, ok := suite.leafCancels.Get(keyFromReference(fooLeafResRef)) + require.False(r, ok) }) } // Sets up a full controller, and tests that reconciles are getting triggered for the leaf cert events it should. // This test ensures that when a ProxyStateTemplate is deleted, the leaf watches are cancelled. func (suite *xdsControllerTestSuite) TestController_ComputeLeafReferencesDeletePST() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Run the controller manager. - mgr := controller.NewManager(suite.client, suite.runtime.Logger) - mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher, suite.leafCertManager, suite.leafMapper, suite.leafCancels, "dc1")) - mgr.SetRaftLeader(true) - go mgr.Run(suite.ctx) - - suite.setupFooProxyStateTemplateWithReferences(tenancy) - leafCertRef := suite.fooLeafRefs["foo-workload-identity"] - fooLeafResRef := leafResourceRef(leafCertRef.Name, leafCertRef.Namespace, leafCertRef.Partition) - - // Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to - // be in a retry block unlike the Reconcile tests because the controller triggers asynchronously. - retry.Run(suite.T(), func(r *retry.R) { - actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) - actualLeafs := suite.updater.GetLeafs(suite.fooProxyStateTemplate.Id.Name) - // Assert on the status. - suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) - // Assert that the endpoints computed in the controller matches the expected endpoints. - prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) - // Assert that the leafs computed in the controller matches the expected leafs. - require.Len(r, actualLeafs, 1) - for k, l := range actualLeafs { - pemDecode, _ := pem.Decode([]byte(l.Cert)) - cert, err := x509.ParseCertificate(pemDecode.Bytes) - require.NoError(r, err) - require.Equal(r, cert.URIs[0].String(), suite.expectedFooProxyStateSpiffes[k]) - // Check the state of the cancel functions map. - _, ok := suite.leafCancels.Get(keyFromReference(fooLeafResRef)) - require.True(r, ok) - } - }) + // Run the controller manager. + mgr := controller.NewManager(suite.client, suite.runtime.Logger) + mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher, suite.leafCertManager, suite.leafMapper, suite.leafCancels, "dc1")) + mgr.SetRaftLeader(true) + go mgr.Run(suite.ctx) + + suite.setupFooProxyStateTemplateWithReferences() + leafCertRef := suite.fooLeafRefs["foo-workload-identity"] + fooLeafResRef := leafResourceRef(leafCertRef.Name, leafCertRef.Namespace, leafCertRef.Partition) + + // Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to + // be in a retry block unlike the Reconcile tests because the controller triggers asynchronously. + retry.Run(suite.T(), func(r *retry.R) { + actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) + actualLeafs := suite.updater.GetLeafs(suite.fooProxyStateTemplate.Id.Name) + // Assert on the status. + suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + // Assert that the endpoints computed in the controller matches the expected endpoints. + prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) + // Assert that the leafs computed in the controller matches the expected leafs. + require.Len(r, actualLeafs, 1) + for k, l := range actualLeafs { + pem, _ := pem.Decode([]byte(l.Cert)) + cert, err := x509.ParseCertificate(pem.Bytes) + require.NoError(r, err) + require.Equal(r, cert.URIs[0].String(), suite.expectedFooProxyStateSpiffes[k]) + // Check the state of the cancel functions map. + _, ok := suite.leafCancels.Get(keyFromReference(fooLeafResRef)) + require.True(r, ok) + } + }) - // Delete the fooProxyStateTemplate + // Delete the fooProxyStateTemplate - req := &pbresource.DeleteRequest{ - Id: suite.fooProxyStateTemplate.Id, - } - _, err := suite.client.Delete(suite.ctx, req) - require.NoError(suite.T(), err) + req := &pbresource.DeleteRequest{ + Id: suite.fooProxyStateTemplate.Id, + } + suite.client.Delete(suite.ctx, req) - // Ensure the leaf certificate watches were cancelled since we deleted the leaf reference. - retry.Run(suite.T(), func(r *retry.R) { - _, ok := suite.leafCancels.Get(keyFromReference(fooLeafResRef)) - require.False(r, ok) - }) + // Ensure the leaf certificate watches were cancelled since we deleted the leaf reference. + retry.Run(suite.T(), func(r *retry.R) { + _, ok := suite.leafCancels.Get(keyFromReference(fooLeafResRef)) + require.False(r, ok) }) } // Sets up a full controller, and tests that reconciles are getting triggered for the events it should. func (suite *xdsControllerTestSuite) TestController_ComputeEndpointForProxyConnections() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Run the controller manager. - mgr := controller.NewManager(suite.client, suite.runtime.Logger) - - mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher, suite.leafCertManager, suite.leafMapper, suite.leafCancels, "dc1")) - mgr.SetRaftLeader(true) - go mgr.Run(suite.ctx) - - // Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints. These need to be stored - // because the controller reconcile looks them up. - suite.setupFooProxyStateTemplateWithReferences(tenancy) - - // Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to - // be in a retry block unlike the Reconcile tests because the controller triggers asynchronously. - retry.Run(suite.T(), func(r *retry.R) { - actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) - // Assert on the status. - suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) - // Assert that the endpoints computed in the controller matches the expected endpoints. - prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) - }) + // Run the controller manager. + mgr := controller.NewManager(suite.client, suite.runtime.Logger) - eventChannel := suite.updater.EventChannel() - eventChannel <- controller.Event{Obj: &proxytracker.ProxyConnection{ProxyID: suite.fooProxyStateTemplate.Id}} + mgr.Register(Controller(suite.mapper, suite.updater, suite.fetcher, suite.leafCertManager, suite.leafMapper, suite.leafCancels, "dc1")) + mgr.SetRaftLeader(true) + go mgr.Run(suite.ctx) - // Wait for the proxy state template to be re-evaluated. - proxyStateTemp := suite.client.WaitForNewVersion(suite.T(), suite.fooProxyStateTemplate.Id, suite.fooProxyStateTemplate.Version) - require.NotNil(suite.T(), proxyStateTemp) + // Set up fooEndpoints and fooProxyStateTemplate with a reference to fooEndpoints. These need to be stored + // because the controller reconcile looks them up. + suite.setupFooProxyStateTemplateWithReferences() + + // Assert that the expected ProxyState matches the actual ProxyState that PushChange was called with. This needs to + // be in a retry block unlike the Reconcile tests because the controller triggers asynchronously. + retry.Run(suite.T(), func(r *retry.R) { + actualEndpoints := suite.updater.GetEndpoints(suite.fooProxyStateTemplate.Id.Name) + // Assert on the status. + suite.client.RequireStatusCondition(r, suite.fooProxyStateTemplate.Id, ControllerName, status.ConditionAccepted()) + // Assert that the endpoints computed in the controller matches the expected endpoints. + prototest.AssertDeepEqual(r, suite.expectedFooProxyStateEndpoints, actualEndpoints) }) + + eventChannel := suite.updater.EventChannel() + eventChannel <- controller.Event{Obj: &proxytracker.ProxyConnection{ProxyID: suite.fooProxyStateTemplate.Id}} + + // Wait for the proxy state template to be re-evaluated. + proxyStateTemp := suite.client.WaitForNewVersion(suite.T(), suite.fooProxyStateTemplate.Id, suite.fooProxyStateTemplate.Version) + require.NotNil(suite.T(), proxyStateTemp) } // Setup: fooProxyStateTemplate with: @@ -721,14 +658,11 @@ func (suite *xdsControllerTestSuite) TestController_ComputeEndpointForProxyConne // - a LeafCertificateRef to "foo-workload-identity" // // Saves all related resources to the suite so they can be looked up by the controller or modified if needed. -func (suite *xdsControllerTestSuite) setupFooProxyStateTemplateWithReferences(tenancy *pbresource.Tenancy) { +func (suite *xdsControllerTestSuite) setupFooProxyStateTemplateWithReferences() { fooService := resourcetest.Resource(pbcatalog.ServiceType, "foo-service"). WithData(suite.T(), &pbcatalog.Service{}). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(fooService.Id)) - fooEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "foo-service"). WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{ { @@ -750,12 +684,9 @@ func (suite *xdsControllerTestSuite) setupFooProxyStateTemplateWithReferences(te }, }, }}). - WithTenancy(tenancy). WithOwner(fooService.Id). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(fooEndpoints.Id)) - fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef) fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{ Id: fooEndpoints.Id, @@ -773,11 +704,8 @@ func (suite *xdsControllerTestSuite) setupFooProxyStateTemplateWithReferences(te RequiredLeafCertificates: fooRequiredLeafs, ProxyState: &pbmesh.ProxyState{}, }). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(fooProxyStateTemplate.Id)) - retry.Run(suite.T(), func(r *retry.R) { suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id) }) @@ -823,14 +751,6 @@ func (suite *xdsControllerTestSuite) setupFooProxyStateTemplateWithReferences(te suite.expectedFooProxyStateEndpoints = expectedFooProxyStateEndpoints suite.expectedTrustBundle = expectedTrustBundle suite.expectedFooProxyStateSpiffes = expectedFooLeafSpiffes - - suite.T().Cleanup(func() { - suite.fooEndpointRefs = make(map[string]*pbproxystate.EndpointRef) - suite.fooLeafRefs = make(map[string]*pbproxystate.LeafCertificateRef) - suite.expectedFooProxyStateEndpoints = make(map[string]*pbproxystate.Endpoints) - suite.expectedTrustBundle = make(map[string]*pbproxystate.TrustBundle) - suite.expectedFooProxyStateSpiffes = make(map[string]string) - }) } // Setup: @@ -838,14 +758,11 @@ func (suite *xdsControllerTestSuite) setupFooProxyStateTemplateWithReferences(te // - barProxyStateTemplate with an EndpointsRef to fooBarEndpoints. // // Saves all related resources to the suite so they can be modified if needed. -func (suite *xdsControllerTestSuite) setupFooBarProxyStateTemplateAndEndpoints(tenancy *pbresource.Tenancy) { +func (suite *xdsControllerTestSuite) setupFooBarProxyStateTemplateAndEndpoints() { fooService := resourcetest.Resource(pbcatalog.ServiceType, "foo-service"). WithData(suite.T(), &pbcatalog.Service{}). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(fooService.Id)) - fooEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "foo-service"). WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{ { @@ -868,18 +785,12 @@ func (suite *xdsControllerTestSuite) setupFooBarProxyStateTemplateAndEndpoints(t }, }}). WithOwner(fooService.Id). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(fooEndpoints.Id)) - fooBarService := resourcetest.Resource(pbcatalog.ServiceType, "foo-bar-service"). WithData(suite.T(), &pbcatalog.Service{}). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(fooBarService.Id)) - fooBarEndpoints := resourcetest.Resource(pbcatalog.ServiceEndpointsType, "foo-bar-service"). WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{ { @@ -902,11 +813,8 @@ func (suite *xdsControllerTestSuite) setupFooBarProxyStateTemplateAndEndpoints(t }, }}). WithOwner(fooBarService.Id). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(fooBarEndpoints.Id)) - fooRequiredEndpoints := make(map[string]*pbproxystate.EndpointRef) fooRequiredEndpoints["test-cluster-1"] = &pbproxystate.EndpointRef{ Id: fooEndpoints.Id, @@ -930,11 +838,8 @@ func (suite *xdsControllerTestSuite) setupFooBarProxyStateTemplateAndEndpoints(t RequiredEndpoints: fooRequiredEndpoints, ProxyState: &pbmesh.ProxyState{}, }). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(fooProxyStateTemplate.Id)) - retry.Run(suite.T(), func(r *retry.R) { suite.client.RequireResourceExists(r, fooProxyStateTemplate.Id) }) @@ -945,11 +850,8 @@ func (suite *xdsControllerTestSuite) setupFooBarProxyStateTemplateAndEndpoints(t RequiredEndpoints: barRequiredEndpoints, ProxyState: &pbmesh.ProxyState{}, }). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(barProxyStateTemplate.Id)) - retry.Run(suite.T(), func(r *retry.R) { suite.client.RequireResourceExists(r, barProxyStateTemplate.Id) }) @@ -1030,77 +932,68 @@ func (suite *xdsControllerTestSuite) setupFooBarProxyStateTemplateAndEndpoints(t suite.fooBarService = fooBarService suite.expectedFooProxyStateEndpoints = expectedFooProxyStateEndpoints suite.expectedBarProxyStateEndpoints = expectedBarProxyStateEndpoints - - suite.T().Cleanup(func() { - suite.barEndpointRefs = make(map[string]*pbproxystate.EndpointRef) - suite.fooEndpointRefs = make(map[string]*pbproxystate.EndpointRef) - suite.expectedFooProxyStateEndpoints = make(map[string]*pbproxystate.Endpoints) - suite.expectedBarProxyStateEndpoints = make(map[string]*pbproxystate.Endpoints) - }) } func (suite *xdsControllerTestSuite) TestReconcile_prevWatchesToCancel() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - makeRef := func(names ...string) []*pbresource.Reference { - out := make([]*pbresource.Reference, len(names)) - for i, name := range names { - out[i] = &pbresource.Reference{ - Name: name, - Type: &pbresource.Type{ - Group: "g", - GroupVersion: "v", - Kind: "k", - }, - Tenancy: tenancy, - } + makeRef := func(names ...string) []*pbresource.Reference { + out := make([]*pbresource.Reference, len(names)) + for i, name := range names { + out[i] = &pbresource.Reference{ + Name: name, + Type: &pbresource.Type{ + Group: "g", + GroupVersion: "v", + Kind: "k", + }, + Tenancy: &pbresource.Tenancy{}, } - return out } - convert := func(input []*pbresource.Reference) []resource.ReferenceOrID { - asInterface := make([]resource.ReferenceOrID, len(input)) - for i := range input { - asInterface[i] = input[i] - } - return asInterface + return out + } + convert := func(input []*pbresource.Reference) []resource.ReferenceOrID { + asInterface := make([]resource.ReferenceOrID, len(input)) + for i := range input { + asInterface[i] = input[i] } + return asInterface + } - cases := []struct { - old []*pbresource.Reference - new []*pbresource.Reference - expect []*pbresource.Reference - }{ - { - old: makeRef("a", "b", "c"), - new: makeRef("a", "c"), - expect: makeRef("b"), - }, - { - old: makeRef("a", "b", "c"), - new: makeRef("a", "b", "c"), - expect: makeRef(), - }, - { - old: makeRef(), - new: makeRef("a", "b"), - expect: makeRef(), - }, - { - old: makeRef("a", "b"), - new: makeRef(), - expect: makeRef("a", "b"), - }, - { - old: makeRef(), - new: makeRef(), - expect: makeRef(), - }, - } + cases := []struct { + old []*pbresource.Reference + new []*pbresource.Reference + expect []*pbresource.Reference + }{ + { + old: makeRef("a", "b", "c"), + new: makeRef("a", "c"), + expect: makeRef("b"), + }, + { + old: makeRef("a", "b", "c"), + new: makeRef("a", "b", "c"), + expect: makeRef(), + }, + { + old: makeRef(), + new: makeRef("a", "b"), + expect: makeRef(), + }, + { + old: makeRef("a", "b"), + new: makeRef(), + expect: makeRef("a", "b"), + }, + { + old: makeRef(), + new: makeRef(), + expect: makeRef(), + }, + } - for _, tc := range cases { - toCancel := prevWatchesToCancel(tc.old, convert(tc.new)) - require.ElementsMatch(suite.T(), toCancel, tc.expect) - } - }) + for _, tc := range cases { + toCancel := prevWatchesToCancel(tc.old, convert(tc.new)) + require.ElementsMatch(suite.T(), toCancel, tc.expect) + } } func TestXdsController(t *testing.T) { @@ -1121,92 +1014,86 @@ func TestXdsController(t *testing.T) { // rather than just endpoints, leaf certs, and trust bundles, the test also ensures // side effects or change in scope to XDS controller are not introduce mistakenly. func (suite *xdsControllerTestSuite) TestReconcile_SidecarProxyGoldenFileInputs() { - suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - path := "../sidecarproxy/builder/testdata" - cases := []string{ - // destinations - please add in alphabetical order - "destination/l4-single-destination-ip-port-bind-address", - "destination/l4-single-destination-unix-socket-bind-address", - "destination/l4-single-implicit-destination-tproxy", - "destination/l4-multi-destination", - "destination/l4-multiple-implicit-destinations-tproxy", - "destination/l4-implicit-and-explicit-destinations-tproxy", - "destination/mixed-multi-destination", - "destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy", - "destination/multiport-l4-and-l7-single-implicit-destination-tproxy", - "destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy", - - //sources - please add in alphabetical order - "source/l7-expose-paths", - "source/local-and-inbound-connections", - "source/multiple-workload-addresses-with-specific-ports", - "source/multiple-workload-addresses-without-ports", - "source/multiport-l4-multiple-workload-addresses-with-specific-ports", - "source/multiport-l4-multiple-workload-addresses-without-ports", - "source/multiport-l4-workload-with-only-mesh-port", - "source/multiport-l7-multiple-workload-addresses-with-specific-ports", - "source/multiport-l7-multiple-workload-addresses-without-ports", - "source/multiport-l7-multiple-workload-addresses-without-ports", - "source/single-workload-address-without-ports", - } + path := "../sidecarproxy/builder/testdata" + cases := []string{ + // destinations - please add in alphabetical order + "destination/l4-single-destination-ip-port-bind-address", + "destination/l4-single-destination-unix-socket-bind-address", + "destination/l4-single-implicit-destination-tproxy", + "destination/l4-multi-destination", + "destination/l4-multiple-implicit-destinations-tproxy", + "destination/l4-implicit-and-explicit-destinations-tproxy", + "destination/mixed-multi-destination", + "destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy", + "destination/multiport-l4-and-l7-single-implicit-destination-tproxy", + "destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy", + + //sources - please add in alphabetical order + "source/l4-multiple-workload-addresses-with-specific-ports", + "source/l4-multiple-workload-addresses-without-ports", + "source/l4-single-workload-address-without-ports", + "source/l7-expose-paths", + "source/local-and-inbound-connections", + "source/multiport-l4-multiple-workload-addresses-with-specific-ports", + "source/multiport-l4-multiple-workload-addresses-without-ports", + "source/multiport-l4-workload-with-only-mesh-port", + "source/multiport-l7-multiple-workload-addresses-with-specific-ports", + "source/multiport-l7-multiple-workload-addresses-without-ports", + } - for _, name := range cases { - suite.Run(name, func() { - // Create ProxyStateTemplate from the golden file. - pst := JSONToProxyTemplate(suite.T(), - golden.GetBytesAtFilePath(suite.T(), fmt.Sprintf("%s/%s.golden", path, name))) - - // Destinations will need endpoint refs set up. - if strings.Split(name, "/")[0] == "destination" && len(pst.ProxyState.Endpoints) == 0 { - suite.addRequiredEndpointsAndRefs(pst, tenancy) - } - - // Store the initial ProxyStateTemplate. - proxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "test"). - WithData(suite.T(), pst). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - suite.T().Cleanup(suite.deleteResourceFunc(proxyStateTemplate.Id)) - - // Check with resource service that it exists. - retry.Run(suite.T(), func(r *retry.R) { - suite.client.RequireResourceExists(r, proxyStateTemplate.Id) - }) - - // Track it in the mapper. - suite.mapper.TrackItem(proxyStateTemplate.Id, []resource.ReferenceOrID{}) - - // Run the reconcile, and since no ProxyStateTemplate is stored, this simulates a deletion. - err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: proxyStateTemplate.Id, - }) - require.NoError(suite.T(), err) - require.NotNil(suite.T(), proxyStateTemplate) - - // Get the reconciled proxyStateTemplate to check the reconcile results. - reconciledPS := suite.updater.Get(proxyStateTemplate.Id.Name) - - // Verify leaf cert contents then hard code them for comparison - // and downstream tests since they change from test run to test run. - require.NotEmpty(suite.T(), reconciledPS.LeafCertificates) - reconciledPS.LeafCertificates = map[string]*pbproxystate.LeafCertificate{ - "test-identity": { - Cert: "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", - Key: "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n", - }, - } + for _, name := range cases { + suite.Run(name, func() { + // Create ProxyStateTemplate from the golden file. + pst := JSONToProxyTemplate(suite.T(), + golden.GetBytesAtFilePath(suite.T(), fmt.Sprintf("%s/%s.golden", path, name))) + + // Destinations will need endpoint refs set up. + if strings.Split(name, "/")[0] == "destination" && len(pst.ProxyState.Endpoints) == 0 { + suite.addRequiredEndpointsAndRefs(pst) + } + + // Store the initial ProxyStateTemplate. + proxyStateTemplate := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "test"). + WithData(suite.T(), pst). + Write(suite.T(), suite.client) - // Compare actual vs expected. - actual := prototest.ProtoToJSON(suite.T(), reconciledPS) - expected := golden.Get(suite.T(), actual, name+".golden") - require.JSONEq(suite.T(), expected, actual) + // Check with resource service that it exists. + retry.Run(suite.T(), func(r *retry.R) { + suite.client.RequireResourceExists(r, proxyStateTemplate.Id) }) - } - }) + + // Track it in the mapper. + suite.mapper.TrackItem(proxyStateTemplate.Id, []resource.ReferenceOrID{}) + + // Run the reconcile, and since no ProxyStateTemplate is stored, this simulates a deletion. + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ + ID: proxyStateTemplate.Id, + }) + require.NoError(suite.T(), err) + require.NotNil(suite.T(), proxyStateTemplate) + + // Get the reconciled proxyStateTemplate to check the reconcile results. + reconciledPS := suite.updater.Get(proxyStateTemplate.Id.Name) + + // Verify leaf cert contents then hard code them for comparison + // and downstream tests since they change from test run to test run. + require.NotEmpty(suite.T(), reconciledPS.LeafCertificates) + reconciledPS.LeafCertificates = map[string]*pbproxystate.LeafCertificate{ + "test-identity": { + Cert: "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + Key: "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n", + }, + } + + // Compare actual vs expected. + actual := prototest.ProtoToJSON(suite.T(), reconciledPS) + expected := golden.Get(suite.T(), actual, name+".golden") + require.JSONEq(suite.T(), expected, actual) + }) + } } -func (suite *xdsControllerTestSuite) addRequiredEndpointsAndRefs(pst *pbmesh.ProxyStateTemplate, tenancy *pbresource.Tenancy) { +func (suite *xdsControllerTestSuite) addRequiredEndpointsAndRefs(pst *pbmesh.ProxyStateTemplate) { //get service data serviceData := &pbcatalog.Service{} var vp uint32 = 7000 @@ -1234,11 +1121,8 @@ func (suite *xdsControllerTestSuite) addRequiredEndpointsAndRefs(pst *pbmesh.Pro // create service. svc := resourcetest.Resource(pbcatalog.ServiceType, svcName). WithData(suite.T(), &pbcatalog.Service{}). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(svc.Id)) - // create endpoints with svc as owner. eps := resourcetest.Resource(pbcatalog.ServiceEndpointsType, svcName). WithData(suite.T(), &pbcatalog.ServiceEndpoints{Endpoints: []*pbcatalog.Endpoint{ @@ -1258,11 +1142,8 @@ func (suite *xdsControllerTestSuite) addRequiredEndpointsAndRefs(pst *pbmesh.Pro }, }}). WithOwner(svc.Id). - WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.T().Cleanup(suite.deleteResourceFunc(eps.Id)) - // add to working list of required endpoints. requiredEps[clusterName] = &pbproxystate.EndpointRef{ Id: eps.Id, @@ -1282,21 +1163,3 @@ func JSONToProxyTemplate(t *testing.T, json []byte) *pbmesh.ProxyStateTemplate { require.NoError(t, err) return proxyTemplate } - -func (suite *xdsControllerTestSuite) runTestCaseWithTenancies(testCase func(tenancy *pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - testCase(tenancy) - }) - } -} - -func (suite *xdsControllerTestSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) -} - -func (suite *xdsControllerTestSuite) deleteResourceFunc(id *pbresource.ID) func() { - return func() { - suite.client.MustDelete(suite.T(), id) - } -} diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/mixed-multi-destination.golden b/internal/mesh/internal/controllers/xds/testdata/destination/mixed-multi-destination.golden index 3acd9869e51dc..16b1841296ed8 100644 --- a/internal/mesh/internal/controllers/xds/testdata/destination/mixed-multi-destination.golden +++ b/internal/mesh/internal/controllers/xds/testdata/destination/mixed-multi-destination.golden @@ -285,7 +285,7 @@ "route": { "name": "default/local/default/api-1:http:1.1.1.1:1234" }, - "statPrefix": "upstream.http.api-1.default.default.dc1" + "statPrefix": "upstream." } } ] @@ -377,4 +377,4 @@ "trustDomain": "some-trust-domain" } } -} \ No newline at end of file +} diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden index 0158f07aa2c58..7ac1ec80710b5 100644 --- a/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden +++ b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden @@ -330,7 +330,7 @@ "route": { "name": "default/local/default/api-app:http" }, - "statPrefix": "upstream.http.api-app.default.default.dc1" + "statPrefix": "upstream." }, "match": { "destinationPort": 8080, @@ -347,7 +347,7 @@ "route": { "name": "default/local/default/api-app2:http" }, - "statPrefix": "upstream.http.api-app2.default.default.dc1" + "statPrefix": "upstream." }, "match": { "destinationPort": 8080, @@ -463,4 +463,4 @@ "trustDomain": "some-trust-domain" } } -} \ No newline at end of file +} diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden index 3c9d62fb4ea17..8f5e73c92ee52 100644 --- a/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden +++ b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden @@ -192,7 +192,7 @@ "route": { "name": "default/local/default/api-app:http" }, - "statPrefix": "upstream.http.api-app.default.default.dc1" + "statPrefix": "upstream." }, "match": { "destinationPort": 8080, @@ -259,4 +259,4 @@ "trustDomain": "some-trust-domain" } } -} \ No newline at end of file +} diff --git a/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden index 3c9d62fb4ea17..8f5e73c92ee52 100644 --- a/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden +++ b/internal/mesh/internal/controllers/xds/testdata/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -192,7 +192,7 @@ "route": { "name": "default/local/default/api-app:http" }, - "statPrefix": "upstream.http.api-app.default.default.dc1" + "statPrefix": "upstream." }, "match": { "destinationPort": 8080, @@ -259,4 +259,4 @@ "trustDomain": "some-trust-domain" } } -} \ No newline at end of file +} diff --git a/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden new file mode 100644 index 0000000000000..c88a05495613c --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-with-specific-ports.golden @@ -0,0 +1,102 @@ +{ + "clusters": { + "local_app:port1": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "local_app:port1": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.2", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port1" + }, + "statPrefix": "public_listener", + "trafficPermissions": { + "allowPermissions": [ + { + "principals": [ + { + "spiffe": { + "regex": "^spiffe://foo.consul/ap/default/ns/default/identity/foo$" + } + } + ] + } + ] + } + }, + "match": { + "alpnProtocols": [ + "consul~port1" + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-without-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-without-ports.golden new file mode 100644 index 0000000000000..439c536fdc3bb --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/l4-multiple-workload-addresses-without-ports.golden @@ -0,0 +1,90 @@ +{ + "clusters": { + "local_app:port1": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "local_app:port1": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port1" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port1" + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/l4-single-workload-address-without-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/l4-single-workload-address-without-ports.golden new file mode 100644 index 0000000000000..439c536fdc3bb --- /dev/null +++ b/internal/mesh/internal/controllers/xds/testdata/source/l4-single-workload-address-without-ports.golden @@ -0,0 +1,90 @@ +{ + "clusters": { + "local_app:port1": { + "endpointGroup": { + "static": {} + }, + "name": "local_app:port1", + "protocol": "PROTOCOL_TCP" + } + }, + "endpoints": { + "local_app:port1": { + "endpoints": [ + { + "hostPort": { + "host": "127.0.0.1", + "port": 8080 + } + } + ] + } + }, + "identity": { + "name": "test-identity", + "tenancy": { + "namespace": "default", + "partition": "default", + "peerName": "local" + }, + "type": { + "group": "auth", + "groupVersion": "v2beta1", + "kind": "WorkloadIdentity" + } + }, + "leafCertificates": { + "test-identity": { + "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", + "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" + } + }, + "listeners": [ + { + "capabilities": [ + "CAPABILITY_L4_TLS_INSPECTION" + ], + "direction": "DIRECTION_INBOUND", + "hostPort": { + "host": "10.0.0.1", + "port": 20000 + }, + "name": "public_listener", + "routers": [ + { + "inboundTls": { + "inboundMesh": { + "identityKey": "test-identity", + "validationContext": { + "trustBundlePeerNameKeys": [ + "local" + ] + } + } + }, + "l4": { + "cluster": { + "name": "local_app:port1" + }, + "statPrefix": "public_listener", + "trafficPermissions": {} + }, + "match": { + "alpnProtocols": [ + "consul~port1" + ] + } + } + ] + } + ], + "trustBundles": { + "local": { + "roots": [ + "some-root", + "some-other-root" + ], + "trustDomain": "some-trust-domain" + } + } +} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/multiple-workload-addresses-with-specific-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/multiple-workload-addresses-with-specific-ports.golden deleted file mode 100644 index b67d034c7e345..0000000000000 --- a/internal/mesh/internal/controllers/xds/testdata/source/multiple-workload-addresses-with-specific-ports.golden +++ /dev/null @@ -1,292 +0,0 @@ -{ - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "leafCertificates": { - "test-identity": { - "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", - "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "127.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - }, - "trustBundles": { - "local": { - "roots": [ - "some-root", - "some-other-root" - ], - "trustDomain": "some-trust-domain" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/multiple-workload-addresses-without-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/multiple-workload-addresses-without-ports.golden deleted file mode 100644 index 8b04918948654..0000000000000 --- a/internal/mesh/internal/controllers/xds/testdata/source/multiple-workload-addresses-without-ports.golden +++ /dev/null @@ -1,292 +0,0 @@ -{ - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "leafCertificates": { - "test-identity": { - "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", - "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - }, - "trustBundles": { - "local": { - "roots": [ - "some-root", - "some-other-root" - ], - "trustDomain": "some-trust-domain" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/controllers/xds/testdata/source/single-workload-address-without-ports.golden b/internal/mesh/internal/controllers/xds/testdata/source/single-workload-address-without-ports.golden deleted file mode 100644 index 8b04918948654..0000000000000 --- a/internal/mesh/internal/controllers/xds/testdata/source/single-workload-address-without-ports.golden +++ /dev/null @@ -1,292 +0,0 @@ -{ - "clusters": { - "local_app:grpc": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:grpc", - "protocol": "PROTOCOL_GRPC" - }, - "local_app:http": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http", - "protocol": "PROTOCOL_HTTP" - }, - "local_app:http2": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:http2", - "protocol": "PROTOCOL_HTTP2" - }, - "local_app:tcp": { - "endpointGroup": { - "static": {} - }, - "name": "local_app:tcp", - "protocol": "PROTOCOL_TCP" - } - }, - "endpoints": { - "local_app:grpc": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8083 - } - } - ] - }, - "local_app:http": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8081 - } - } - ] - }, - "local_app:http2": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8082 - } - } - ] - }, - "local_app:tcp": { - "endpoints": [ - { - "hostPort": { - "host": "127.0.0.1", - "port": 8080 - } - } - ] - } - }, - "identity": { - "name": "test-identity", - "tenancy": { - "namespace": "default", - "partition": "default", - "peerName": "local" - }, - "type": { - "group": "auth", - "groupVersion": "v2beta1", - "kind": "WorkloadIdentity" - } - }, - "leafCertificates": { - "test-identity": { - "cert": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBAjAKBggqhkjOPQQDAjAUMRIwEAYDVQQDEwlUZXN0IENB\nIDEwHhcNMjMxMDE2MTYxMzI5WhcNMjMxMDE2MTYyMzI5WjAAMFkwEwYHKoZIzj0C\nAQYIKoZIzj0DAQcDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9\nta/bGT+5orZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJaOCAQowggEGMA4GA1UdDwEB\n/wQEAwIDuDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDAYDVR0TAQH/\nBAIwADApBgNVHQ4EIgQg3ogXVz9cqaK2B6xdiJYMa5NtT0KkYv7BA2dR7h9EcwUw\nKwYDVR0jBCQwIoAgq+C1mPlPoGa4lt7sSft1goN5qPGyBIB/3mUHJZKSFY8wbwYD\nVR0RAQH/BGUwY4Zhc3BpZmZlOi8vMTExMTExMTEtMjIyMi0zMzMzLTQ0NDQtNTU1\nNTU1NTU1NTU1LmNvbnN1bC9hcC9kZWZhdWx0L25zL2RlZmF1bHQvaWRlbnRpdHkv\ndGVzdC1pZGVudGl0eTAKBggqhkjOPQQDAgNHADBEAiB6L+t5bzRrBPhiQYNeA7fF\nUCuLWrdjW4Xbv3SLg0IKMgIgfRC5hEx+DqzQxTCP4sexX3hVWMjKoWmHdwiUcg+K\n/IE=\n-----END CERTIFICATE-----\n", - "key": "-----BEGIN EC PRIVATE KEY-----\nMHcCAQEEIFIFkTIL1iUV4O/RpveVHzHs7ZzhSkvYIzbdXDttz9EooAoGCCqGSM49\nAwEHoUQDQgAErErAIosDPheZQGbxFQ4hYC/e9Fi4MG9z/zjfCnCq/oK9ta/bGT+5\norZqTmdN/ICsKQDhykxZ2u/Xr6845zhcJQ==\n-----END EC PRIVATE KEY-----\n" - } - }, - "listeners": [ - { - "capabilities": [ - "CAPABILITY_L4_TLS_INSPECTION" - ], - "direction": "DIRECTION_INBOUND", - "hostPort": { - "host": "10.0.0.1", - "port": 20000 - }, - "name": "public_listener", - "routers": [ - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_GRPC", - "route": { - "name": "public_listener:grpc" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~grpc" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "route": { - "name": "public_listener:http" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l7": { - "protocol": "L7_PROTOCOL_HTTP2", - "route": { - "name": "public_listener:http2" - }, - "statPrefix": "public_listener", - "staticRoute": true, - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~http2" - ] - } - }, - { - "inboundTls": { - "inboundMesh": { - "identityKey": "test-identity", - "validationContext": { - "trustBundlePeerNameKeys": [ - "local" - ] - } - } - }, - "l4": { - "cluster": { - "name": "local_app:tcp" - }, - "statPrefix": "public_listener", - "trafficPermissions": {} - }, - "match": { - "alpnProtocols": [ - "consul~tcp" - ] - } - } - ] - } - ], - "routes": { - "public_listener:grpc": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:grpc", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:grpc" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - }, - "public_listener:http2": { - "virtualHosts": [ - { - "domains": [ - "*" - ], - "name": "public_listener:http2", - "routeRules": [ - { - "destination": { - "cluster": { - "name": "local_app:http2" - } - }, - "match": { - "pathMatch": { - "prefix": "/" - } - } - } - ] - } - ] - } - }, - "trustBundles": { - "local": { - "roots": [ - "some-root", - "some-other-root" - ], - "trustDomain": "some-trust-domain" - } - } -} \ No newline at end of file diff --git a/internal/mesh/internal/mappers/common/workload_selector_util_test.go b/internal/mesh/internal/mappers/common/workload_selector_util_test.go index 6b178d892287d..6f9e71e1af54d 100644 --- a/internal/mesh/internal/mappers/common/workload_selector_util_test.go +++ b/internal/mesh/internal/mappers/common/workload_selector_util_test.go @@ -21,9 +21,7 @@ import ( ) func TestMapSelector(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - Run(t) + client := svctest.RunResourceService(t, types.Register, catalog.RegisterTypes) // Create some workloads. // For this test, we don't care about the workload data, so we will re-use diff --git a/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper_test.go b/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper_test.go index 5c90fa2463b73..071be1f60d2f1 100644 --- a/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper_test.go +++ b/internal/mesh/internal/mappers/workloadselectionmapper/workload_selection_mapper_test.go @@ -22,10 +22,7 @@ import ( ) func TestMapToComputedType(t *testing.T) { - resourceClient := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - Run(t) - + resourceClient := svctest.RunResourceService(t, types.Register, catalog.RegisterTypes) mapper := New[*pbmesh.ProxyConfiguration](pbmesh.ComputedProxyConfigurationType) workloadData := &pbcatalog.Workload{ diff --git a/internal/mesh/internal/types/computed_routes.go b/internal/mesh/internal/types/computed_routes.go index b572c01fc3764..1f66cc97ac211 100644 --- a/internal/mesh/internal/types/computed_routes.go +++ b/internal/mesh/internal/types/computed_routes.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" ) const ( @@ -29,12 +30,16 @@ func RegisterComputedRoutes(r resource.Registry) { }) } -var ValidateComputedRoutes = resource.DecodeAndValidate(validateComputedRoutes) +func ValidateComputedRoutes(res *pbresource.Resource) error { + var config pbmesh.ComputedRoutes + + if err := res.Data.UnmarshalTo(&config); err != nil { + return resource.NewErrDataParse(&config, err) + } -func validateComputedRoutes(res *DecodedComputedRoutes) error { var merr error - if len(res.Data.PortedConfigs) == 0 { + if len(config.PortedConfigs) == 0 { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "ported_configs", Wrapped: resource.ErrEmpty, @@ -43,7 +48,7 @@ func validateComputedRoutes(res *DecodedComputedRoutes) error { // TODO(rb): do more elaborate validation - for port, pmc := range res.Data.PortedConfigs { + for port, pmc := range config.PortedConfigs { wrapErr := func(err error) error { return resource.ErrInvalidMapValue{ Map: "ported_configs", diff --git a/internal/mesh/internal/types/decoded.go b/internal/mesh/internal/types/decoded.go index be4836c066ff7..ee1244fdcb1bc 100644 --- a/internal/mesh/internal/types/decoded.go +++ b/internal/mesh/internal/types/decoded.go @@ -15,7 +15,6 @@ type ( DecodedGRPCRoute = resource.DecodedResource[*pbmesh.GRPCRoute] DecodedTCPRoute = resource.DecodedResource[*pbmesh.TCPRoute] DecodedDestinationPolicy = resource.DecodedResource[*pbmesh.DestinationPolicy] - DecodedDestinationsConfiguration = resource.DecodedResource[*pbmesh.DestinationsConfiguration] DecodedComputedRoutes = resource.DecodedResource[*pbmesh.ComputedRoutes] DecodedComputedTrafficPermissions = resource.DecodedResource[*pbauth.ComputedTrafficPermissions] DecodedFailoverPolicy = resource.DecodedResource[*pbcatalog.FailoverPolicy] diff --git a/internal/mesh/internal/types/destination_policy.go b/internal/mesh/internal/types/destination_policy.go index 4fe3062367cf5..68b37345baf3e 100644 --- a/internal/mesh/internal/types/destination_policy.go +++ b/internal/mesh/internal/types/destination_policy.go @@ -29,19 +29,23 @@ func RegisterDestinationPolicy(r resource.Registry) { }) } -var ValidateDestinationPolicy = resource.DecodeAndValidate(validateDestinationPolicy) +func ValidateDestinationPolicy(res *pbresource.Resource) error { + var policy pbmesh.DestinationPolicy + + if err := res.Data.UnmarshalTo(&policy); err != nil { + return resource.NewErrDataParse(&policy, err) + } -func validateDestinationPolicy(res *DecodedDestinationPolicy) error { var merr error - if len(res.Data.PortConfigs) == 0 { + if len(policy.PortConfigs) == 0 { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "port_configs", Wrapped: resource.ErrEmpty, }) } - for port, pc := range res.Data.PortConfigs { + for port, pc := range policy.PortConfigs { wrapErr := func(err error) error { return resource.ErrInvalidMapValue{ Map: "port_configs", diff --git a/internal/mesh/internal/types/destinations.go b/internal/mesh/internal/types/destinations.go index 7de3011e3ef0a..34287e627ab71 100644 --- a/internal/mesh/internal/types/destinations.go +++ b/internal/mesh/internal/types/destinations.go @@ -26,12 +26,16 @@ func RegisterDestinations(r resource.Registry) { }) } -var MutateDestinations = resource.DecodeAndMutate(mutateDestinations) +func MutateDestinations(res *pbresource.Resource) error { + var destinations pbmesh.Destinations + + if err := res.Data.UnmarshalTo(&destinations); err != nil { + return resource.NewErrDataParse(&destinations, err) + } -func mutateDestinations(res *DecodedDestinations) (bool, error) { changed := false - for _, dest := range res.Data.Destinations { + for _, dest := range destinations.Destinations { if dest.DestinationRef == nil { continue // skip; let the validation hook error out instead } @@ -52,33 +56,41 @@ func mutateDestinations(res *DecodedDestinations) (bool, error) { } } - return changed, nil + if !changed { + return nil + } + + return res.Data.MarshalFrom(&destinations) } func isLocalPeer(p string) bool { return p == "local" || p == "" } -var ValidateDestinations = resource.DecodeAndValidate(validateDestinations) +func ValidateDestinations(res *pbresource.Resource) error { + var destinations pbmesh.Destinations + + if err := res.Data.UnmarshalTo(&destinations); err != nil { + return resource.NewErrDataParse(&destinations, err) + } -func validateDestinations(res *DecodedDestinations) error { var merr error - if selErr := catalog.ValidateSelector(res.Data.Workloads, false); selErr != nil { + if selErr := catalog.ValidateSelector(destinations.Workloads, false); selErr != nil { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "workloads", Wrapped: selErr, }) } - if res.Data.GetPqDestinations() != nil { + if destinations.GetPqDestinations() != nil { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "pq_destinations", Wrapped: resource.ErrUnsupported, }) } - for i, dest := range res.Data.Destinations { + for i, dest := range destinations.Destinations { wrapDestErr := func(err error) error { return resource.ErrInvalidListElement{ Name: "destinations", diff --git a/internal/mesh/internal/types/destinations_configuration.go b/internal/mesh/internal/types/destinations_configuration.go index 7d46d93ed9993..fedbe40df48c1 100644 --- a/internal/mesh/internal/types/destinations_configuration.go +++ b/internal/mesh/internal/types/destinations_configuration.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" ) func RegisterDestinationsConfiguration(r resource.Registry) { @@ -22,13 +23,17 @@ func RegisterDestinationsConfiguration(r resource.Registry) { }) } -var ValidateDestinationsConfiguration = resource.DecodeAndValidate(validateDestinationsConfiguration) +func ValidateDestinationsConfiguration(res *pbresource.Resource) error { + var cfg pbmesh.DestinationsConfiguration + + if err := res.Data.UnmarshalTo(&cfg); err != nil { + return resource.NewErrDataParse(&cfg, err) + } -func validateDestinationsConfiguration(res *DecodedDestinationsConfiguration) error { var merr error // Validate the workload selector - if selErr := catalog.ValidateSelector(res.Data.Workloads, false); selErr != nil { + if selErr := catalog.ValidateSelector(cfg.Workloads, false); selErr != nil { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "workloads", Wrapped: selErr, diff --git a/internal/mesh/internal/types/grpc_route.go b/internal/mesh/internal/types/grpc_route.go index b861abccdc050..630e416e611c4 100644 --- a/internal/mesh/internal/types/grpc_route.go +++ b/internal/mesh/internal/types/grpc_route.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" ) func RegisterGRPCRoute(r resource.Registry) { @@ -24,16 +25,20 @@ func RegisterGRPCRoute(r resource.Registry) { }) } -var MutateGRPCRoute = resource.DecodeAndMutate(mutateGRPCRoute) +func MutateGRPCRoute(res *pbresource.Resource) error { + var route pbmesh.GRPCRoute + + if err := res.Data.UnmarshalTo(&route); err != nil { + return resource.NewErrDataParse(&route, err) + } -func mutateGRPCRoute(res *DecodedGRPCRoute) (bool, error) { changed := false - if mutateParentRefs(res.Id.Tenancy, res.Data.ParentRefs) { + if mutateParentRefs(res.Id.Tenancy, route.ParentRefs) { changed = true } - for _, rule := range res.Data.Rules { + for _, rule := range route.Rules { for _, backend := range rule.BackendRefs { if backend.BackendRef == nil || backend.BackendRef.Ref == nil { continue @@ -44,25 +49,33 @@ func mutateGRPCRoute(res *DecodedGRPCRoute) (bool, error) { } } - return changed, nil + if !changed { + return nil + } + + return res.Data.MarshalFrom(&route) } -var ValidateGRPCRoute = resource.DecodeAndValidate(validateGRPCRoute) +func ValidateGRPCRoute(res *pbresource.Resource) error { + var route pbmesh.GRPCRoute + + if err := res.Data.UnmarshalTo(&route); err != nil { + return resource.NewErrDataParse(&route, err) + } -func validateGRPCRoute(res *DecodedGRPCRoute) error { var merr error - if err := validateParentRefs(res.Id, res.Data.ParentRefs); err != nil { + if err := validateParentRefs(res.Id, route.ParentRefs); err != nil { merr = multierror.Append(merr, err) } - if len(res.Data.Hostnames) > 0 { + if len(route.Hostnames) > 0 { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "hostnames", Wrapped: errors.New("should not populate hostnames"), }) } - for i, rule := range res.Data.Rules { + for i, rule := range route.Rules { wrapRuleErr := func(err error) error { return resource.ErrInvalidListElement{ Name: "rules", diff --git a/internal/mesh/internal/types/http_route.go b/internal/mesh/internal/types/http_route.go index d32f55dc6cc82..0ac2dcbf5c8b0 100644 --- a/internal/mesh/internal/types/http_route.go +++ b/internal/mesh/internal/types/http_route.go @@ -13,6 +13,7 @@ import ( "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" ) func RegisterHTTPRoute(r resource.Registry) { @@ -26,16 +27,20 @@ func RegisterHTTPRoute(r resource.Registry) { }) } -var MutateHTTPRoute = resource.DecodeAndMutate(mutateHTTPRoute) +func MutateHTTPRoute(res *pbresource.Resource) error { + var route pbmesh.HTTPRoute + + if err := res.Data.UnmarshalTo(&route); err != nil { + return resource.NewErrDataParse(&route, err) + } -func mutateHTTPRoute(res *DecodedHTTPRoute) (bool, error) { changed := false - if mutateParentRefs(res.Id.Tenancy, res.Data.ParentRefs) { + if mutateParentRefs(res.Id.Tenancy, route.ParentRefs) { changed = true } - for _, rule := range res.Data.Rules { + for _, rule := range route.Rules { for _, match := range rule.Matches { if match.Method != "" { norm := strings.ToUpper(match.Method) @@ -55,25 +60,33 @@ func mutateHTTPRoute(res *DecodedHTTPRoute) (bool, error) { } } - return changed, nil + if !changed { + return nil + } + + return res.Data.MarshalFrom(&route) } -var ValidateHTTPRoute = resource.DecodeAndValidate(validateHTTPRoute) +func ValidateHTTPRoute(res *pbresource.Resource) error { + var route pbmesh.HTTPRoute + + if err := res.Data.UnmarshalTo(&route); err != nil { + return resource.NewErrDataParse(&route, err) + } -func validateHTTPRoute(res *DecodedHTTPRoute) error { var merr error - if err := validateParentRefs(res.Id, res.Data.ParentRefs); err != nil { + if err := validateParentRefs(res.Id, route.ParentRefs); err != nil { merr = multierror.Append(merr, err) } - if len(res.Data.Hostnames) > 0 { + if len(route.Hostnames) > 0 { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "hostnames", Wrapped: errors.New("should not populate hostnames"), }) } - for i, rule := range res.Data.Rules { + for i, rule := range route.Rules { wrapRuleErr := func(err error) error { return resource.ErrInvalidListElement{ Name: "rules", diff --git a/internal/mesh/internal/types/mesh_configuration.go b/internal/mesh/internal/types/mesh_configuration.go deleted file mode 100644 index 323c86e544a77..0000000000000 --- a/internal/mesh/internal/types/mesh_configuration.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "github.com/hashicorp/consul/internal/resource" - pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" -) - -// RegisterMeshConfiguration takes the resource registry and registers -// the MeshConfiguration resource to it. -func RegisterMeshConfiguration(r resource.Registry) { - r.Register(resource.Registration{ - Type: pbmesh.MeshConfigurationType, - Proto: &pbmesh.MeshConfiguration{}, - Scope: resource.ScopePartition, - ACLs: nil, // TODO NET-6423 - Mutate: nil, // TODO NET-6425 - Validate: nil, // TODO NET-6424 - }) -} diff --git a/internal/mesh/internal/types/mesh_gateway.go b/internal/mesh/internal/types/mesh_gateway.go deleted file mode 100644 index 2583b4dcc01ae..0000000000000 --- a/internal/mesh/internal/types/mesh_gateway.go +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "github.com/hashicorp/consul/internal/resource" - pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" -) - -func RegisterMeshGateway(r resource.Registry) { - r.Register(resource.Registration{ - Type: pbmesh.MeshGatewayType, - Proto: &pbmesh.MeshGateway{}, - Scope: resource.ScopePartition, - ACLs: nil, // TODO NET-6416 - Mutate: nil, // TODO NET-6418 - Validate: nil, // TODO NET-6417 - }) -} diff --git a/internal/mesh/internal/types/proxy_configuration.go b/internal/mesh/internal/types/proxy_configuration.go index 9a4388a40f01d..081324d721675 100644 --- a/internal/mesh/internal/types/proxy_configuration.go +++ b/internal/mesh/internal/types/proxy_configuration.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/sdk/iptables" ) @@ -26,40 +27,52 @@ func RegisterProxyConfiguration(r resource.Registry) { }) } -var MutateProxyConfiguration = resource.DecodeAndMutate(mutateProxyConfiguration) +func MutateProxyConfiguration(res *pbresource.Resource) error { + var proxyCfg pbmesh.ProxyConfiguration + err := res.Data.UnmarshalTo(&proxyCfg) + if err != nil { + return resource.NewErrDataParse(&proxyCfg, err) + } -func mutateProxyConfiguration(res *DecodedProxyConfiguration) (bool, error) { changed := false // Default the tproxy outbound port. - if res.Data.IsTransparentProxy() { - if res.Data.GetDynamicConfig().GetTransparentProxy() == nil { - res.Data.DynamicConfig.TransparentProxy = &pbmesh.TransparentProxy{ + if proxyCfg.IsTransparentProxy() { + if proxyCfg.GetDynamicConfig().GetTransparentProxy() == nil { + proxyCfg.DynamicConfig.TransparentProxy = &pbmesh.TransparentProxy{ OutboundListenerPort: iptables.DefaultTProxyOutboundPort, } changed = true - } else if res.Data.GetDynamicConfig().GetTransparentProxy().OutboundListenerPort == 0 { - res.Data.DynamicConfig.TransparentProxy.OutboundListenerPort = iptables.DefaultTProxyOutboundPort + } else if proxyCfg.GetDynamicConfig().GetTransparentProxy().OutboundListenerPort == 0 { + proxyCfg.DynamicConfig.TransparentProxy.OutboundListenerPort = iptables.DefaultTProxyOutboundPort changed = true } } - return changed, nil + if !changed { + return nil + } + + return res.Data.MarshalFrom(&proxyCfg) } -var ValidateProxyConfiguration = resource.DecodeAndValidate(validateProxyConfiguration) +func ValidateProxyConfiguration(res *pbresource.Resource) error { + decodedProxyCfg, decodeErr := resource.Decode[*pbmesh.ProxyConfiguration](res) + if decodeErr != nil { + return resource.NewErrDataParse(decodedProxyCfg.GetData(), decodeErr) + } + proxyCfg := decodedProxyCfg.GetData() -func validateProxyConfiguration(res *DecodedProxyConfiguration) error { var err error - if selErr := catalog.ValidateSelector(res.Data.Workloads, false); selErr != nil { + if selErr := catalog.ValidateSelector(proxyCfg.Workloads, false); selErr != nil { err = multierror.Append(err, resource.ErrInvalidField{ Name: "workloads", Wrapped: selErr, }) } - if res.Data.GetDynamicConfig() == nil && res.Data.GetBootstrapConfig() == nil { + if proxyCfg.GetDynamicConfig() == nil && proxyCfg.GetBootstrapConfig() == nil { err = multierror.Append(err, resource.ErrInvalidFields{ Names: []string{"dynamic_config", "bootstrap_config"}, Wrapped: errMissingProxyConfigData, @@ -67,14 +80,14 @@ func validateProxyConfiguration(res *DecodedProxyConfiguration) error { } // nolint:staticcheck - if res.Data.GetOpaqueConfig() != nil { + if proxyCfg.GetOpaqueConfig() != nil { err = multierror.Append(err, resource.ErrInvalidField{ Name: "opaque_config", Wrapped: resource.ErrUnsupported, }) } - if dynamicCfgErr := validateDynamicProxyConfiguration(res.Data.GetDynamicConfig()); dynamicCfgErr != nil { + if dynamicCfgErr := validateDynamicProxyConfiguration(proxyCfg.GetDynamicConfig()); dynamicCfgErr != nil { err = multierror.Append(err, resource.ErrInvalidField{ Name: "dynamic_config", Wrapped: dynamicCfgErr, diff --git a/internal/mesh/internal/types/proxy_state_template.go b/internal/mesh/internal/types/proxy_state_template.go index 43d2148217e03..7db3dbaf55fd9 100644 --- a/internal/mesh/internal/types/proxy_state_template.go +++ b/internal/mesh/internal/types/proxy_state_template.go @@ -50,21 +50,25 @@ func RegisterProxyStateTemplate(r resource.Registry) { }) } -var ValidateProxyStateTemplate = resource.DecodeAndValidate(validateProxyStateTemplate) - -func validateProxyStateTemplate(res *DecodedProxyStateTemplate) error { +func ValidateProxyStateTemplate(res *pbresource.Resource) error { // TODO(v2): validate a lot more of this + var pst pbmesh.ProxyStateTemplate + + if err := res.Data.UnmarshalTo(&pst); err != nil { + return resource.NewErrDataParse(&pst, err) + } + var merr error - if res.Data.ProxyState != nil { + if pst.ProxyState != nil { wrapProxyStateErr := func(err error) error { return resource.ErrInvalidField{ Name: "proxy_state", Wrapped: err, } } - for name, cluster := range res.Data.ProxyState.Clusters { + for name, cluster := range pst.ProxyState.Clusters { if name == "" { merr = multierror.Append(merr, wrapProxyStateErr(resource.ErrInvalidMapKey{ Map: "clusters", diff --git a/internal/mesh/internal/types/tcp_route.go b/internal/mesh/internal/types/tcp_route.go index 02dd5aaa10fdd..c7470b14d55ae 100644 --- a/internal/mesh/internal/types/tcp_route.go +++ b/internal/mesh/internal/types/tcp_route.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/consul/internal/resource" pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" ) func RegisterTCPRoute(r resource.Registry) { @@ -23,16 +24,20 @@ func RegisterTCPRoute(r resource.Registry) { }) } -var MutateTCPRoute = resource.DecodeAndMutate(mutateTCPRoute) +func MutateTCPRoute(res *pbresource.Resource) error { + var route pbmesh.TCPRoute + + if err := res.Data.UnmarshalTo(&route); err != nil { + return resource.NewErrDataParse(&route, err) + } -func mutateTCPRoute(res *DecodedTCPRoute) (bool, error) { changed := false - if mutateParentRefs(res.Id.Tenancy, res.Data.ParentRefs) { + if mutateParentRefs(res.Id.Tenancy, route.ParentRefs) { changed = true } - for _, rule := range res.Data.Rules { + for _, rule := range route.Rules { for _, backend := range rule.BackendRefs { if backend.BackendRef == nil || backend.BackendRef.Ref == nil { continue @@ -43,26 +48,34 @@ func mutateTCPRoute(res *DecodedTCPRoute) (bool, error) { } } - return changed, nil + if !changed { + return nil + } + + return res.Data.MarshalFrom(&route) } -var ValidateTCPRoute = resource.DecodeAndValidate(validateTCPRoute) +func ValidateTCPRoute(res *pbresource.Resource) error { + var route pbmesh.TCPRoute + + if err := res.Data.UnmarshalTo(&route); err != nil { + return resource.NewErrDataParse(&route, err) + } -func validateTCPRoute(res *DecodedTCPRoute) error { var merr error - if err := validateParentRefs(res.Id, res.Data.ParentRefs); err != nil { + if err := validateParentRefs(res.Id, route.ParentRefs); err != nil { merr = multierror.Append(merr, err) } - if len(res.Data.Rules) > 1 { + if len(route.Rules) > 1 { merr = multierror.Append(merr, resource.ErrInvalidField{ Name: "rules", Wrapped: fmt.Errorf("must only specify a single rule for now"), }) } - for i, rule := range res.Data.Rules { + for i, rule := range route.Rules { wrapRuleErr := func(err error) error { return resource.ErrInvalidListElement{ Name: "rules", diff --git a/internal/mesh/internal/types/types.go b/internal/mesh/internal/types/types.go index d98e820e82b4b..cf1443aabf18d 100644 --- a/internal/mesh/internal/types/types.go +++ b/internal/mesh/internal/types/types.go @@ -18,8 +18,6 @@ func Register(r resource.Registry) { RegisterGRPCRoute(r) RegisterDestinationPolicy(r) RegisterComputedRoutes(r) - RegisterMeshGateway(r) - RegisterMeshConfiguration(r) // todo (v2): uncomment once we implement it. //RegisterDestinationsConfiguration(r) } diff --git a/internal/mesh/internal/types/xroute.go b/internal/mesh/internal/types/xroute.go index 92e2136cd1356..619c9cb682435 100644 --- a/internal/mesh/internal/types/xroute.go +++ b/internal/mesh/internal/types/xroute.go @@ -288,17 +288,28 @@ func isValidRetryCondition(retryOn string) bool { func xRouteACLHooks[R XRouteData]() *resource.ACLHooks { hooks := &resource.ACLHooks{ - Read: resource.DecodeAndAuthorizeRead(aclReadHookXRoute[R]), - Write: resource.DecodeAndAuthorizeWrite(aclWriteHookXRoute[R]), + Read: aclReadHookXRoute[R], + Write: aclWriteHookXRoute[R], List: resource.NoOpACLListHook, } return hooks } -func aclReadHookXRoute[R XRouteData](authorizer acl.Authorizer, _ *acl.AuthorizerContext, res *resource.DecodedResource[R]) error { +func aclReadHookXRoute[R XRouteData](authorizer acl.Authorizer, _ *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { + if res == nil { + return resource.ErrNeedResource + } + + dec, err := resource.Decode[R](res) + if err != nil { + return err + } + + route := dec.Data + // Need service:read on ALL of the services this is controlling traffic for. - for _, parentRef := range res.Data.GetParentRefs() { + for _, parentRef := range route.GetParentRefs() { parentAuthzContext := resource.AuthorizerContext(parentRef.Ref.GetTenancy()) parentServiceName := parentRef.Ref.GetName() @@ -310,9 +321,16 @@ func aclReadHookXRoute[R XRouteData](authorizer acl.Authorizer, _ *acl.Authorize return nil } -func aclWriteHookXRoute[R XRouteData](authorizer acl.Authorizer, _ *acl.AuthorizerContext, res *resource.DecodedResource[R]) error { +func aclWriteHookXRoute[R XRouteData](authorizer acl.Authorizer, _ *acl.AuthorizerContext, res *pbresource.Resource) error { + dec, err := resource.Decode[R](res) + if err != nil { + return err + } + + route := dec.Data + // Need service:write on ALL of the services this is controlling traffic for. - for _, parentRef := range res.Data.GetParentRefs() { + for _, parentRef := range route.GetParentRefs() { parentAuthzContext := resource.AuthorizerContext(parentRef.Ref.GetTenancy()) parentServiceName := parentRef.Ref.GetName() @@ -322,7 +340,7 @@ func aclWriteHookXRoute[R XRouteData](authorizer acl.Authorizer, _ *acl.Authoriz } // Need service:read on ALL of the services this directs traffic at. - for _, backendRef := range res.Data.GetUnderlyingBackendRefs() { + for _, backendRef := range route.GetUnderlyingBackendRefs() { backendAuthzContext := resource.AuthorizerContext(backendRef.Ref.GetTenancy()) backendServiceName := backendRef.Ref.GetName() diff --git a/internal/mesh/proxy-tracker/proxy_tracker.go b/internal/mesh/proxy-tracker/proxy_tracker.go index f60cacb5cd1e4..d9dae03a13cde 100644 --- a/internal/mesh/proxy-tracker/proxy_tracker.go +++ b/internal/mesh/proxy-tracker/proxy_tracker.go @@ -6,7 +6,6 @@ package proxytracker import ( "errors" "fmt" - "github.com/hashicorp/consul/lib/channels" "sync" "github.com/hashicorp/go-hclog" @@ -208,8 +207,32 @@ func (pt *ProxyTracker) PushChange(proxyID *pbresource.ID, proxyState proxysnaps func (pt *ProxyTracker) deliverLatest(proxyID *pbresource.ID, proxyState proxysnapshot.ProxySnapshot, ch chan proxysnapshot.ProxySnapshot) { pt.config.Logger.Trace("delivering latest proxy snapshot to proxy", "proxyID", proxyID) - err := channels.DeliverLatest(proxyState, ch) - if err != nil { + // Send if chan is empty + select { + case ch <- proxyState: + return + default: + } + + // Not empty, drain the chan of older snapshots and redeliver. For now we only + // use 1-buffered chans but this will still work if we change that later. +OUTER: + for { + select { + case <-ch: + continue + default: + break OUTER + } + } + + // Now send again + select { + case ch <- proxyState: + return + default: + // This should not be possible since we should be the only sender, enforced + // by m.mu but error and drop the update rather than panic. pt.config.Logger.Error("failed to deliver proxyState to proxy", "proxy", proxyID.String(), ) diff --git a/internal/multicluster/exports.go b/internal/multicluster/exports.go deleted file mode 100644 index a4fc9a6e5d7a3..0000000000000 --- a/internal/multicluster/exports.go +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package multicluster - -import ( - "github.com/hashicorp/consul/internal/controller" - "github.com/hashicorp/consul/internal/multicluster/internal/controllers" - "github.com/hashicorp/consul/internal/multicluster/internal/types" - "github.com/hashicorp/consul/internal/resource" -) - -var ( - // API Group Information - APIGroup = types.GroupName - VersionV2Beta1 = types.VersionV2Beta1 - CurrentVersion = types.CurrentVersion -) - -// RegisterTypes adds all resource types within the "multicluster" API group -// to the given type registry -func RegisterTypes(r resource.Registry) { - types.Register(r) -} - -// RegisterControllers registers controllers for the multicluster types with -// the given controller Manager. -func RegisterControllers(mgr *controller.Manager) { - controllers.Register(mgr) -} diff --git a/internal/multicluster/internal/controllers/exportedservices/controller.go b/internal/multicluster/internal/controllers/exportedservices/controller.go deleted file mode 100644 index ba7e42f36cce7..0000000000000 --- a/internal/multicluster/internal/controllers/exportedservices/controller.go +++ /dev/null @@ -1,340 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package exportedservices - -import ( - "context" - "fmt" - "sort" - - "google.golang.org/protobuf/proto" - "google.golang.org/protobuf/types/known/anypb" - - "github.com/hashicorp/consul/internal/controller" - "github.com/hashicorp/consul/internal/multicluster/internal/types" - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/storage" - pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" -) - -func Controller() controller.Controller { - - return controller.ForType(pbmulticluster.ComputedExportedServicesType). - WithWatch(pbmulticluster.ExportedServicesType, ReplaceTypeForComputedExportedServices()). - WithWatch(pbcatalog.ServiceType, ReplaceTypeForComputedExportedServices()). - WithWatch(pbmulticluster.NamespaceExportedServicesType, ReplaceTypeForComputedExportedServices()). - WithWatch(pbmulticluster.PartitionExportedServicesType, ReplaceTypeForComputedExportedServices()). - WithReconciler(&reconciler{}) -} - -type reconciler struct{} - -type serviceExports struct { - ref *pbresource.Reference - partitions map[string]struct{} - peers map[string]struct{} -} - -func (r *reconciler) Reconcile(ctx context.Context, rt controller.Runtime, req controller.Request) error { - rt.Logger = rt.Logger.With("resource-id", req.ID) - rt.Logger.Trace("reconciling exported services") - exportedServices, err := resource.ListDecodedResource[*pbmulticluster.ExportedServices](ctx, rt.Client, &pbresource.ListRequest{ - Tenancy: &pbresource.Tenancy{ - Namespace: storage.Wildcard, - Partition: req.ID.Tenancy.Partition, - PeerName: resource.DefaultPeerName, - }, - Type: pbmulticluster.ExportedServicesType, - }) - if err != nil { - rt.Logger.Error("error getting exported services", "error", err) - return err - } - namespaceExportedServices, err := resource.ListDecodedResource[*pbmulticluster.NamespaceExportedServices](ctx, rt.Client, &pbresource.ListRequest{ - Tenancy: &pbresource.Tenancy{ - Namespace: storage.Wildcard, - Partition: req.ID.Tenancy.Partition, - PeerName: resource.DefaultPeerName, - }, - Type: pbmulticluster.NamespaceExportedServicesType, - }) - if err != nil { - rt.Logger.Error("error getting namespace exported services", "error", err) - return err - } - partitionedExportedServices, err := resource.ListDecodedResource[*pbmulticluster.PartitionExportedServices](ctx, rt.Client, &pbresource.ListRequest{ - Tenancy: &pbresource.Tenancy{ - Partition: req.ID.Tenancy.Partition, - PeerName: resource.DefaultPeerName, - }, - Type: pbmulticluster.PartitionExportedServicesType, - }) - if err != nil { - rt.Logger.Error("error getting partitioned exported services", "error", err) - return err - } - oldComputedExportedService, err := getOldComputedExportedService(ctx, rt, req) - if err != nil { - return err - } - if len(exportedServices) == 0 && len(namespaceExportedServices) == 0 && len(partitionedExportedServices) == 0 { - if oldComputedExportedService.GetResource() != nil { - rt.Logger.Trace("deleting computed exported services") - if err := deleteResource(ctx, rt, oldComputedExportedService.GetResource()); err != nil { - rt.Logger.Error("error deleting computed exported service", "error", err) - return err - } - } - return nil - } - namespace := getNamespaceForServices(exportedServices, namespaceExportedServices, partitionedExportedServices) - services, err := resource.ListDecodedResource[*pbcatalog.Service](ctx, rt.Client, &pbresource.ListRequest{ - Tenancy: &pbresource.Tenancy{ - Namespace: namespace, - Partition: req.ID.Tenancy.Partition, - PeerName: resource.DefaultPeerName, - }, - Type: pbcatalog.ServiceType, - }) - if err != nil { - rt.Logger.Error("error getting services", "error", err) - return err - } - builder := newExportedServicesBuilder() - - svcs := make(map[resource.ReferenceKey]struct{}, len(services)) - for _, svc := range services { - svcs[resource.NewReferenceKey(svc.Id)] = struct{}{} - } - - for _, es := range exportedServices { - for _, svc := range es.Data.Services { - id := &pbresource.ID{ - Type: pbcatalog.ServiceType, - Tenancy: es.Id.Tenancy, - Name: svc, - } - if _, ok := svcs[resource.NewReferenceKey(id)]; ok { - builder.track(id, es.Data.Consumers) - } - } - } - - for _, nes := range namespaceExportedServices { - for _, svc := range services { - if svc.Id.Tenancy.Namespace != nes.Id.Tenancy.Namespace { - continue - } - builder.track(svc.Id, nes.Data.Consumers) - } - } - - for _, pes := range partitionedExportedServices { - for _, svc := range services { - builder.track(svc.Id, pes.Data.Consumers) - } - } - newComputedExportedService := builder.build() - - if oldComputedExportedService.GetResource() != nil && newComputedExportedService == nil { - rt.Logger.Trace("deleting computed exported services") - if err := deleteResource(ctx, rt, oldComputedExportedService.GetResource()); err != nil { - rt.Logger.Error("error deleting computed exported service", "error", err) - return err - } - return nil - } - if proto.Equal(newComputedExportedService, oldComputedExportedService.GetData()) { - rt.Logger.Trace("skip writing computed exported services") - return nil - } - newComputedExportedServiceData, err := anypb.New(newComputedExportedService) - if err != nil { - rt.Logger.Error("error marshalling latest computed exported service", "error", err) - return err - } - - rt.Logger.Trace("writing computed exported services") - _, err = rt.Client.Write(ctx, &pbresource.WriteRequest{ - Resource: &pbresource.Resource{ - Id: req.ID, - Owner: nil, - Data: newComputedExportedServiceData, - }, - }) - if err != nil { - rt.Logger.Error("error writing computed exported service", "error", err) - return err - } - return nil -} - -func ReplaceTypeForComputedExportedServices() controller.DependencyMapper { - return func(_ context.Context, _ controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) { - return []controller.Request{ - { - ID: &pbresource.ID{ - Type: pbmulticluster.ComputedExportedServicesType, - Tenancy: &pbresource.Tenancy{ - Partition: res.Id.Tenancy.Partition, - }, - Name: "global", - }, - }, - }, nil - } -} - -func getOldComputedExportedService(ctx context.Context, rt controller.Runtime, req controller.Request) (*resource.DecodedResource[*pbmulticluster.ComputedExportedServices], error) { - computedExpSvcID := &pbresource.ID{ - Name: types.ComputedExportedServicesName, - Type: pbmulticluster.ComputedExportedServicesType, - Tenancy: &pbresource.Tenancy{ - Partition: req.ID.Tenancy.Partition, - }, - } - computedExpSvcRes, err := resource.GetDecodedResource[*pbmulticluster.ComputedExportedServices](ctx, rt.Client, computedExpSvcID) - if err != nil { - rt.Logger.Error("error fetching computed exported service", "error", err) - return nil, err - } - return computedExpSvcRes, nil -} - -type exportedServicesBuilder struct { - data map[resource.ReferenceKey]*serviceExports -} - -func newExportedServicesBuilder() *exportedServicesBuilder { - return &exportedServicesBuilder{ - data: make(map[resource.ReferenceKey]*serviceExports), - } -} - -func (b *exportedServicesBuilder) track(id *pbresource.ID, consumers []*pbmulticluster.ExportedServicesConsumer) error { - key := resource.NewReferenceKey(id) - exports, ok := b.data[key] - - if !ok { - exports = &serviceExports{ - ref: resource.Reference(id, ""), - partitions: make(map[string]struct{}), - peers: make(map[string]struct{}), - } - b.data[key] = exports - } - - for _, c := range consumers { - switch v := c.ConsumerTenancy.(type) { - case *pbmulticluster.ExportedServicesConsumer_Peer: - exports.peers[v.Peer] = struct{}{} - case *pbmulticluster.ExportedServicesConsumer_Partition: - exports.partitions[v.Partition] = struct{}{} - case *pbmulticluster.ExportedServicesConsumer_SamenessGroup: - // TODO do we currently validate that sameness groups can't be set? - return fmt.Errorf("unexpected export to sameness group %q", v.SamenessGroup) - } - } - - return nil -} - -func (b *exportedServicesBuilder) build() *pbmulticluster.ComputedExportedServices { - if len(b.data) == 0 { - return nil - } - - ces := &pbmulticluster.ComputedExportedServices{ - Consumers: make([]*pbmulticluster.ComputedExportedService, 0, len(b.data)), - } - - for _, svc := range sortRefValue(b.data) { - consumers := make([]*pbmulticluster.ComputedExportedServicesConsumer, 0, len(svc.peers)+len(svc.partitions)) - - for _, peer := range sortKeys(svc.peers) { - consumers = append(consumers, &pbmulticluster.ComputedExportedServicesConsumer{ - ConsumerTenancy: &pbmulticluster.ComputedExportedServicesConsumer_Peer{ - Peer: peer, - }, - }) - } - - for _, partition := range sortKeys(svc.partitions) { - consumers = append(consumers, &pbmulticluster.ComputedExportedServicesConsumer{ - ConsumerTenancy: &pbmulticluster.ComputedExportedServicesConsumer_Partition{ - Partition: partition, - }, - }) - } - - ces.Consumers = append(ces.Consumers, &pbmulticluster.ComputedExportedService{ - TargetRef: svc.ref, - Consumers: consumers, - }) - } - - return ces -} - -func sortKeys(m map[string]struct{}) []string { - keys := make([]string, 0, len(m)) - for key := range m { - keys = append(keys, key) - } - sort.Strings(keys) - return keys -} - -func sortRefValue(m map[resource.ReferenceKey]*serviceExports) []*serviceExports { - vals := make([]*serviceExports, 0, len(m)) - for _, val := range m { - vals = append(vals, val) - } - sort.Slice(vals, func(i, j int) bool { - return resource.ReferenceToString(vals[i].ref) < resource.ReferenceToString(vals[j].ref) - }) - return vals -} - -func getNamespaceForServices(exportedServices []*types.DecodedExportedServices, namespaceExportedServices []*types.DecodedNamespaceExportedServices, partitionedExportedServices []*types.DecodedPartitionExportedServices) string { - if len(partitionedExportedServices) > 0 { - return storage.Wildcard - } - resources := []*pbresource.Resource{} - for _, exp := range exportedServices { - resources = append(resources, exp.GetResource()) - } - for _, exp := range namespaceExportedServices { - resources = append(resources, exp.GetResource()) - } - return getNamespace(resources) -} - -func getNamespace(resources []*pbresource.Resource) string { - if len(resources) == 0 { - // We shouldn't ever hit this. - panic("resources cannot be empty") - } - - namespace := resources[0].Id.Tenancy.Namespace - for _, res := range resources[1:] { - if res.Id.Tenancy.Namespace != namespace { - return storage.Wildcard - } - } - return namespace -} - -func deleteResource(ctx context.Context, rt controller.Runtime, resource *pbresource.Resource) error { - _, err := rt.Client.Delete(ctx, &pbresource.DeleteRequest{ - Id: resource.GetId(), - Version: resource.GetVersion(), - }) - if err != nil { - return err - } - return nil -} diff --git a/internal/multicluster/internal/controllers/exportedservices/controller_test.go b/internal/multicluster/internal/controllers/exportedservices/controller_test.go deleted file mode 100644 index 667f4ef3a9c08..0000000000000 --- a/internal/multicluster/internal/controllers/exportedservices/controller_test.go +++ /dev/null @@ -1,440 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package exportedservices - -import ( - "context" - "fmt" - "testing" - - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/suite" - - svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" - "github.com/hashicorp/consul/internal/catalog" - "github.com/hashicorp/consul/internal/controller" - "github.com/hashicorp/consul/internal/multicluster/internal/types" - "github.com/hashicorp/consul/internal/resource" - rtest "github.com/hashicorp/consul/internal/resource/resourcetest" - pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/consul/proto/private/prototest" - "github.com/hashicorp/consul/sdk/testutil" - "github.com/hashicorp/consul/version/versiontest" -) - -type controllerSuite struct { - suite.Suite - ctx context.Context - client *rtest.Client - rt controller.Runtime - isEnterprise bool - reconciler *reconciler - tenancies []*pbresource.Tenancy -} - -func (suite *controllerSuite) SetupTest() { - suite.ctx = testutil.TestContext(suite.T()) - suite.tenancies = rtest.TestTenancies() - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(types.Register, catalog.RegisterTypes). - WithTenancies(suite.tenancies...). - WithTenancies(rtest.Tenancy("default.app"), rtest.Tenancy("foo.app")). - Run(suite.T()) - - suite.client = rtest.NewClient(client) - suite.rt = controller.Runtime{ - Client: suite.client, - Logger: testutil.Logger(suite.T()), - } - suite.reconciler = &reconciler{} - suite.isEnterprise = versiontest.IsEnterprise() -} - -func (suite *controllerSuite) TestReconcile() { - suite.runTestCaseWithTenancies(suite.reconcileTest) -} - -func TestController(t *testing.T) { - suite.Run(t, new(controllerSuite)) -} - -func (suite *controllerSuite) runTestCaseWithTenancies(testFunc func(*pbresource.Tenancy)) { - for _, tenancy := range suite.tenancies { - suite.Run(suite.appendTenancyInfo(tenancy), func() { - testFunc(tenancy) - }) - } -} - -func (suite *controllerSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_Namespace_%s_Partition", tenancy.Namespace, tenancy.Partition) -} - -func (suite *controllerSuite) getComputedExportedSvc(id *pbresource.ID) *pbmulticluster.ComputedExportedServices { - computedExportedService := suite.client.RequireResourceExists(suite.T(), id) - decodedComputedExportedService := rtest.MustDecode[*pbmulticluster.ComputedExportedServices](suite.T(), computedExportedService) - return decodedComputedExportedService.Data -} - -func (suite *controllerSuite) reconcileTest(tenancy *pbresource.Tenancy) { - id := rtest.Resource(pbmulticluster.ComputedExportedServicesType, "global").WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - }).ID() - require.NotNil(suite.T(), id) - - svc1 := rtest.Resource(pbcatalog.ServiceType, "svc1"). - WithData(suite.T(), &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - exportedSvcData := &pbmulticluster.ExportedServices{ - Services: []string{"svc1", "svcx"}, - Consumers: []*pbmulticluster.ExportedServicesConsumer{{ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Peer{ - Peer: "peer-0", - }}}, - } - - if suite.isEnterprise { - exportedSvcData.Consumers = append(exportedSvcData.Consumers, &pbmulticluster.ExportedServicesConsumer{ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Partition{ - Partition: "part-0", - }}) - } - expSvc := rtest.Resource(pbmulticluster.ExportedServicesType, "expsvc").WithData(suite.T(), exportedSvcData).WithTenancy(tenancy).Write(suite.T(), suite.client) - require.NotNil(suite.T(), expSvc) - - err := suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - actualComputedExportedService := suite.getComputedExportedSvc(id) - expectedComputedExportedService := getExpectation(tenancy, suite.isEnterprise, 0) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - rtest.Resource(pbcatalog.ServiceType, "svc2"). - WithData(suite.T(), &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - svc0 := rtest.Resource(pbcatalog.ServiceType, "svc0"). - WithData(suite.T(), &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - Namespace: "app", - }). - Write(suite.T(), suite.client) - - exportedNamespaceSvcData := &pbmulticluster.NamespaceExportedServices{ - Consumers: []*pbmulticluster.ExportedServicesConsumer{{ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Peer{ - Peer: "peer-1", - }}}, - } - - nameexpSvc := rtest.Resource(pbmulticluster.NamespaceExportedServicesType, "namesvc").WithData(suite.T(), exportedNamespaceSvcData).WithTenancy(tenancy).Write(suite.T(), suite.client) - require.NotNil(suite.T(), nameexpSvc) - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - actualComputedExportedService = suite.getComputedExportedSvc(id) - expectedComputedExportedService = getExpectation(tenancy, suite.isEnterprise, 1) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - svc3 := rtest.Resource(pbcatalog.ServiceType, "svc3"). - WithData(suite.T(), &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - actualComputedExportedService = suite.getComputedExportedSvc(id) - expectedComputedExportedService = getExpectation(tenancy, suite.isEnterprise, 2) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - suite.client.MustDelete(suite.T(), svc3.Id) - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - actualComputedExportedService = suite.getComputedExportedSvc(id) - expectedComputedExportedService = getExpectation(tenancy, suite.isEnterprise, 3) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - partitionedExportedSvcData := &pbmulticluster.PartitionExportedServices{ - Consumers: []*pbmulticluster.ExportedServicesConsumer{{ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Peer{ - Peer: "peer-1", - }}, {ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Peer{ - Peer: "peer-2", - }}}, - } - - partexpSvc := rtest.Resource(pbmulticluster.PartitionExportedServicesType, "partsvc").WithData(suite.T(), partitionedExportedSvcData).WithTenancy(&pbresource.Tenancy{Partition: tenancy.Partition}).Write(suite.T(), suite.client) - require.NotNil(suite.T(), partexpSvc) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - actualComputedExportedService = suite.getComputedExportedSvc(id) - expectedComputedExportedService = getExpectation(tenancy, suite.isEnterprise, 4) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - svc4 := rtest.Resource(pbcatalog.ServiceType, "svc4"). - WithData(suite.T(), &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - Namespace: "app", - }). - Write(suite.T(), suite.client) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - actualComputedExportedService = suite.getComputedExportedSvc(id) - expectedComputedExportedService = getExpectation(tenancy, suite.isEnterprise, 5) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - suite.client.MustDelete(suite.T(), svc4.Id) - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - actualComputedExportedService = suite.getComputedExportedSvc(id) - expectedComputedExportedService = getExpectation(tenancy, suite.isEnterprise, 6) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - rtest.Resource(pbcatalog.ServiceType, "svc5"). - WithData(suite.T(), &pbcatalog.Service{ - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "http", Protocol: pbcatalog.Protocol_PROTOCOL_HTTP}, - }, - }). - WithTenancy(tenancy). - Write(suite.T(), suite.client) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - actualComputedExportedService = suite.getComputedExportedSvc(id) - expectedComputedExportedService = getExpectation(tenancy, suite.isEnterprise, 7) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - suite.client.MustDelete(suite.T(), partexpSvc.Id) - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - actualComputedExportedService = suite.getComputedExportedSvc(id) - expectedComputedExportedService = getExpectation(tenancy, suite.isEnterprise, 8) - - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - suite.client.MustDelete(suite.T(), nameexpSvc.Id) - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - actualComputedExportedService = suite.getComputedExportedSvc(id) - - expectedComputedExportedService = getExpectation(tenancy, suite.isEnterprise, 9) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - suite.client.MustDelete(suite.T(), expSvc.Id) - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - suite.client.RequireResourceNotFound(suite.T(), id) - - nameexpSvc1 := rtest.Resource(pbmulticluster.NamespaceExportedServicesType, "namesvc1").WithData(suite.T(), exportedNamespaceSvcData).WithTenancy(&pbresource.Tenancy{ - Partition: tenancy.Partition, - Namespace: "app", - }).Write(suite.T(), suite.client) - require.NotNil(suite.T(), nameexpSvc1) - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - actualComputedExportedService = suite.getComputedExportedSvc(id) - expectedComputedExportedService = getExpectation(&pbresource.Tenancy{ - Partition: tenancy.Partition, - Namespace: "app", - }, suite.isEnterprise, 10) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - expSvc1 := rtest.Resource(pbmulticluster.ExportedServicesType, "expsvc1").WithData(suite.T(), exportedSvcData).WithTenancy(tenancy).Write(suite.T(), suite.client) - require.NotNil(suite.T(), expSvc1) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - actualComputedExportedService = suite.getComputedExportedSvc(id) - expectedComputedExportedService = getExpectation(tenancy, suite.isEnterprise, 11) - prototest.AssertDeepEqual(suite.T(), expectedComputedExportedService, actualComputedExportedService) - - suite.client.MustDelete(suite.T(), svc0.Id) - suite.client.MustDelete(suite.T(), svc1.Id) - - err = suite.reconciler.Reconcile(suite.ctx, suite.rt, controller.Request{ID: id}) - require.NoError(suite.T(), err) - - suite.client.RequireResourceNotFound(suite.T(), id) - -} - -func getExpectation(tenancy *pbresource.Tenancy, isEnterprise bool, testCase int) *pbmulticluster.ComputedExportedServices { - makeCES := func(consumers ...*pbmulticluster.ComputedExportedService) *pbmulticluster.ComputedExportedServices { - return &pbmulticluster.ComputedExportedServices{ - Consumers: consumers, - } - } - makeConsumer := func(ref *pbresource.Reference, consumers ...*pbmulticluster.ComputedExportedServicesConsumer) *pbmulticluster.ComputedExportedService { - var actual []*pbmulticluster.ComputedExportedServicesConsumer - for _, c := range consumers { - _, ok := c.ConsumerTenancy.(*pbmulticluster.ComputedExportedServicesConsumer_Partition) - if (isEnterprise && ok) || !ok { - actual = append(actual, c) - } - } - - return &pbmulticluster.ComputedExportedService{ - TargetRef: ref, - Consumers: actual, - } - } - svc0Ref := &pbresource.Reference{ - Type: pbcatalog.ServiceType, - Tenancy: &pbresource.Tenancy{ - Partition: tenancy.Partition, - Namespace: "app", - PeerName: resource.DefaultPeerName, - }, - Name: "svc0", - } - svc1Ref := &pbresource.Reference{ - Type: pbcatalog.ServiceType, - Tenancy: tenancy, - Name: "svc1", - } - svc2Ref := &pbresource.Reference{ - Type: pbcatalog.ServiceType, - Tenancy: tenancy, - Name: "svc2", - } - svc3Ref := &pbresource.Reference{ - Type: pbcatalog.ServiceType, - Tenancy: tenancy, - Name: "svc3", - } - svc4Ref := &pbresource.Reference{ - Type: pbcatalog.ServiceType, - Tenancy: &pbresource.Tenancy{ - Partition: tenancy.Partition, - Namespace: "app", - PeerName: resource.DefaultPeerName, - }, - Name: "svc4", - } - svc5Ref := &pbresource.Reference{ - Type: pbcatalog.ServiceType, - Tenancy: tenancy, - Name: "svc5", - } - - peer0Consumer := &pbmulticluster.ComputedExportedServicesConsumer{ - ConsumerTenancy: &pbmulticluster.ComputedExportedServicesConsumer_Peer{ - Peer: "peer-0", - }, - } - peer1Consumer := &pbmulticluster.ComputedExportedServicesConsumer{ - ConsumerTenancy: &pbmulticluster.ComputedExportedServicesConsumer_Peer{ - Peer: "peer-1", - }, - } - peer2Consumer := &pbmulticluster.ComputedExportedServicesConsumer{ - ConsumerTenancy: &pbmulticluster.ComputedExportedServicesConsumer_Peer{ - Peer: "peer-2", - }, - } - - part0Consumer := &pbmulticluster.ComputedExportedServicesConsumer{ - ConsumerTenancy: &pbmulticluster.ComputedExportedServicesConsumer_Partition{ - Partition: "part-0", - }, - } - - switch testCase { - case 0: - return makeCES(makeConsumer(svc1Ref, peer0Consumer, part0Consumer)) - case 1: - return makeCES( - makeConsumer(svc1Ref, peer0Consumer, peer1Consumer, part0Consumer), - makeConsumer(svc2Ref, peer1Consumer), - ) - case 2: - return makeCES( - makeConsumer(svc1Ref, peer0Consumer, peer1Consumer, part0Consumer), - makeConsumer(svc2Ref, peer1Consumer), - makeConsumer(svc3Ref, peer1Consumer), - ) - case 3: - return makeCES( - makeConsumer(svc1Ref, peer0Consumer, peer1Consumer, part0Consumer), - makeConsumer(svc2Ref, peer1Consumer), - ) - case 4: - return makeCES( - makeConsumer(svc0Ref, peer1Consumer, peer2Consumer), - makeConsumer(svc1Ref, peer0Consumer, peer1Consumer, peer2Consumer, part0Consumer), - makeConsumer(svc2Ref, peer1Consumer, peer2Consumer), - ) - case 5: - return makeCES( - makeConsumer(svc0Ref, peer1Consumer, peer2Consumer), - makeConsumer(svc4Ref, peer1Consumer, peer2Consumer), - makeConsumer(svc1Ref, peer0Consumer, peer1Consumer, peer2Consumer, part0Consumer), - makeConsumer(svc2Ref, peer1Consumer, peer2Consumer), - ) - case 6: - return makeCES( - makeConsumer(svc0Ref, peer1Consumer, peer2Consumer), - makeConsumer(svc1Ref, peer0Consumer, peer1Consumer, peer2Consumer, part0Consumer), - makeConsumer(svc2Ref, peer1Consumer, peer2Consumer), - ) - case 7: - return makeCES( - makeConsumer(svc0Ref, peer1Consumer, peer2Consumer), - makeConsumer(svc1Ref, peer0Consumer, peer1Consumer, peer2Consumer, part0Consumer), - makeConsumer(svc2Ref, peer1Consumer, peer2Consumer), - makeConsumer(svc5Ref, peer1Consumer, peer2Consumer), - ) - case 8: - return makeCES( - makeConsumer(svc1Ref, peer0Consumer, peer1Consumer, part0Consumer), - makeConsumer(svc2Ref, peer1Consumer), - makeConsumer(svc5Ref, peer1Consumer), - ) - case 9: - return makeCES( - makeConsumer(svc1Ref, peer0Consumer, part0Consumer), - ) - case 10: - return makeCES( - makeConsumer(svc0Ref, peer1Consumer), - ) - case 11: - return makeCES( - makeConsumer(svc0Ref, peer1Consumer), - makeConsumer(svc1Ref, peer0Consumer, part0Consumer), - ) - } - - return nil -} diff --git a/internal/multicluster/internal/controllers/register.go b/internal/multicluster/internal/controllers/register.go deleted file mode 100644 index c3bcedcecc468..0000000000000 --- a/internal/multicluster/internal/controllers/register.go +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package controllers - -import ( - "github.com/hashicorp/consul/internal/controller" - "github.com/hashicorp/consul/internal/multicluster/internal/controllers/exportedservices" -) - -func Register(mgr *controller.Manager) { - mgr.Register(exportedservices.Controller()) -} diff --git a/internal/multicluster/internal/types/computed_exported_services.go b/internal/multicluster/internal/types/computed_exported_services.go deleted file mode 100644 index 70c900c9b86cd..0000000000000 --- a/internal/multicluster/internal/types/computed_exported_services.go +++ /dev/null @@ -1,37 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/internal/resource" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" -) - -const ( - ComputedExportedServicesName = "global" -) - -func RegisterComputedExportedServices(r resource.Registry) { - r.Register(resource.Registration{ - Type: pbmulticluster.ComputedExportedServicesType, - Proto: &pbmulticluster.ComputedExportedServices{}, - Scope: resource.ScopePartition, - Validate: ValidateComputedExportedServices, - ACLs: &resource.ACLHooks{ - Read: aclReadHookComputedExportedServices, - Write: aclWriteHookComputedExportedServices, - List: resource.NoOpACLListHook, - }, - }) -} - -func aclReadHookComputedExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { - return authorizer.ToAllowAuthorizer().MeshReadAllowed(authzContext) -} - -func aclWriteHookComputedExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, _ *pbresource.Resource) error { - return authorizer.ToAllowAuthorizer().MeshWriteAllowed(authzContext) -} diff --git a/internal/multicluster/internal/types/computed_exported_services_test.go b/internal/multicluster/internal/types/computed_exported_services_test.go deleted file mode 100644 index 0315c5788e4df..0000000000000 --- a/internal/multicluster/internal/types/computed_exported_services_test.go +++ /dev/null @@ -1,180 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/resource/resourcetest" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/consul/version/versiontest" -) - -func computedExportedServicesWithPartition(partitionName string) *pbmulticluster.ComputedExportedServices { - consumers := []*pbmulticluster.ComputedExportedService{ - { - Consumers: []*pbmulticluster.ComputedExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ComputedExportedServicesConsumer_Partition{ - Partition: partitionName, - }, - }, - }, - }, - } - return &pbmulticluster.ComputedExportedServices{ - Consumers: consumers, - } -} - -func computedExportedServicesWithPeer(peerName string) *pbmulticluster.ComputedExportedServices { - consumers := []*pbmulticluster.ComputedExportedService{ - { - Consumers: []*pbmulticluster.ComputedExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ComputedExportedServicesConsumer_Peer{ - Peer: peerName, - }, - }, - }, - }, - } - return &pbmulticluster.ComputedExportedServices{ - Consumers: consumers, - } -} - -func TestComputedExportedServicesValidations_InvalidName(t *testing.T) { - res := resourcetest.Resource(pbmulticluster.ComputedExportedServicesType, "computed-exported-services"). - WithData(t, computedExportedServicesWithPeer("peer")). - Build() - - err := ValidateComputedExportedServices(res) - require.Error(t, err) - expectedError := errors.New("invalid \"name\" field: name can only be \"global\"") - require.ErrorAs(t, err, &expectedError) -} - -func TestComputedExportedServicesACLs(t *testing.T) { - // Wire up a registry to generically invoke hooks - registry := resource.NewRegistry() - Register(registry) - - type testcase struct { - rules string - readOK string - writeOK string - listOK string - } - - const ( - DENY = resourcetest.DENY - ALLOW = resourcetest.ALLOW - DEFAULT = resourcetest.DEFAULT - ) - - exportedServiceData := &pbmulticluster.ComputedExportedServices{} - res := resourcetest.Resource(pbmulticluster.ComputedExportedServicesType, "global"). - WithData(t, exportedServiceData). - Build() - resourcetest.ValidateAndNormalize(t, registry, res) - - cases := map[string]testcase{ - "no rules": { - rules: ``, - readOK: DENY, - writeOK: DENY, - listOK: DEFAULT, - }, - "mesh read policy": { - rules: `mesh = "read"`, - readOK: ALLOW, - writeOK: DENY, - listOK: DEFAULT, - }, - "mesh write policy": { - rules: `mesh = "write"`, - readOK: ALLOW, - writeOK: ALLOW, - listOK: DEFAULT, - }, - } - - for _, tc := range cases { - aclTestCase := resourcetest.ACLTestCase{ - Rules: tc.rules, - Res: res, - ReadOK: tc.readOK, - WriteOK: tc.writeOK, - ListOK: tc.listOK, - } - resourcetest.RunACLTestCase(t, aclTestCase, registry) - } -} - -func TestComputedExportedServicesValidations(t *testing.T) { - type testcase struct { - Resource *pbresource.Resource - expectErrorCE []string - expectErrorENT []string - } - - isEnterprise := versiontest.IsEnterprise() - - run := func(t *testing.T, tc testcase) { - expectError := tc.expectErrorCE - if isEnterprise { - expectError = tc.expectErrorENT - } - err := ValidateComputedExportedServices(tc.Resource) - if len(expectError) == 0 { - require.NoError(t, err) - } else { - require.Error(t, err) - for _, er := range expectError { - require.ErrorContains(t, err, er) - } - } - } - - cases := map[string]testcase{ - "computed exported services with peer": { - Resource: resourcetest.Resource(pbmulticluster.ComputedExportedServicesType, ComputedExportedServicesName). - WithData(t, computedExportedServicesWithPeer("peer")). - Build(), - }, - "computed exported services with partition": { - Resource: resourcetest.Resource(pbmulticluster.ComputedExportedServicesType, ComputedExportedServicesName). - WithData(t, computedExportedServicesWithPartition("partition")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "partition": can only be set in Enterprise`}, - }, - "computed exported services with peer empty": { - Resource: resourcetest.Resource(pbmulticluster.ComputedExportedServicesType, ComputedExportedServicesName). - WithData(t, computedExportedServicesWithPeer("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "peer": can not be empty`}, - expectErrorENT: []string{`invalid element at index 0 of list "peer": can not be empty`}, - }, - "computed exported services with partition empty": { - Resource: resourcetest.Resource(pbmulticluster.ComputedExportedServicesType, ComputedExportedServicesName). - WithData(t, computedExportedServicesWithPartition("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "partition": can not be empty`, - `invalid element at index 0 of list "partition": can only be set in Enterprise`}, - expectErrorENT: []string{`invalid element at index 0 of list "partition": can not be empty`}, - }, - } - - for name, tc := range cases { - t.Run(name, func(t *testing.T) { - run(t, tc) - }) - } -} diff --git a/internal/multicluster/internal/types/decoded.go b/internal/multicluster/internal/types/decoded.go deleted file mode 100644 index 6a1b545f0faf0..0000000000000 --- a/internal/multicluster/internal/types/decoded.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "github.com/hashicorp/consul/internal/resource" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" -) - -type ( - DecodedExportedServices = resource.DecodedResource[*pbmulticluster.ExportedServices] - DecodedNamespaceExportedServices = resource.DecodedResource[*pbmulticluster.NamespaceExportedServices] - DecodedPartitionExportedServices = resource.DecodedResource[*pbmulticluster.PartitionExportedServices] -) diff --git a/internal/multicluster/internal/types/exported_services.go b/internal/multicluster/internal/types/exported_services.go deleted file mode 100644 index 87cebb244ab4e..0000000000000 --- a/internal/multicluster/internal/types/exported_services.go +++ /dev/null @@ -1,59 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/internal/resource" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" -) - -func RegisterExportedServices(r resource.Registry) { - r.Register(resource.Registration{ - Type: pbmulticluster.ExportedServicesType, - Proto: &pbmulticluster.ExportedServices{}, - Scope: resource.ScopeNamespace, - Validate: ValidateExportedServices, - ACLs: &resource.ACLHooks{ - Read: aclReadHookExportedServices, - Write: aclWriteHookExportedServices, - List: resource.NoOpACLListHook, - }, - }) -} - -func aclReadHookExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { - if res == nil { - return resource.ErrNeedResource - } - - var exportedService pbmulticluster.ExportedServices - - if err := res.Data.UnmarshalTo(&exportedService); err != nil { - return resource.NewErrDataParse(&exportedService, err) - } - - for _, serviceName := range exportedService.Services { - if err := authorizer.ToAllowAuthorizer().ServiceReadAllowed(serviceName, authzContext); err != nil { - return err - } - } - return nil -} - -func aclWriteHookExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { - var exportedService pbmulticluster.ExportedServices - - if err := res.Data.UnmarshalTo(&exportedService); err != nil { - return resource.NewErrDataParse(&exportedService, err) - } - - for _, serviceName := range exportedService.Services { - if err := authorizer.ToAllowAuthorizer().ServiceWriteAllowed(serviceName, authzContext); err != nil { - return err - } - } - return nil -} diff --git a/internal/multicluster/internal/types/exported_services_test.go b/internal/multicluster/internal/types/exported_services_test.go deleted file mode 100644 index 23d9453264a56..0000000000000 --- a/internal/multicluster/internal/types/exported_services_test.go +++ /dev/null @@ -1,220 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "errors" - "testing" - - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/resource/resourcetest" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/consul/version/versiontest" -) - -func inValidExportedServices() *pbmulticluster.ExportedServices { - return &pbmulticluster.ExportedServices{} -} - -func exportedServicesWithPeer(peerName string) *pbmulticluster.ExportedServices { - consumers := []*pbmulticluster.ExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Peer{ - Peer: peerName, - }, - }, - } - return &pbmulticluster.ExportedServices{ - Services: []string{"api", "frontend", "backend"}, - Consumers: consumers, - } -} - -func exportedServicesWithPartition(partitionName string) *pbmulticluster.ExportedServices { - consumers := []*pbmulticluster.ExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Partition{ - Partition: partitionName, - }, - }, - } - return &pbmulticluster.ExportedServices{ - Services: []string{"api", "frontend", "backend"}, - Consumers: consumers, - } -} - -func exportedServicesWithSamenessGroup(samenessGroupName string) *pbmulticluster.ExportedServices { - consumers := []*pbmulticluster.ExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_SamenessGroup{ - SamenessGroup: samenessGroupName, - }, - }, - } - return &pbmulticluster.ExportedServices{ - Services: []string{"api", "frontend", "backend"}, - Consumers: consumers, - } -} - -func TestExportedServicesValidation_NoServices(t *testing.T) { - res := resourcetest.Resource(pbmulticluster.ExportedServicesType, "exportedservices1"). - WithData(t, inValidExportedServices()). - Build() - - err := ValidateExportedServices(res) - require.Error(t, err) - expectedError := errors.New("invalid \"services\" field: at least one service must be set") - require.ErrorAs(t, err, &expectedError) -} - -func TestExportedServicesACLs(t *testing.T) { - // Wire up a registry to generically invoke hooks - registry := resource.NewRegistry() - Register(registry) - - type testcase struct { - rules string - readOK string - writeOK string - listOK string - } - - const ( - DENY = resourcetest.DENY - ALLOW = resourcetest.ALLOW - DEFAULT = resourcetest.DEFAULT - ) - - exportedServiceData := &pbmulticluster.ExportedServices{ - Services: []string{"api", "backend"}, - } - res := resourcetest.Resource(pbmulticluster.ExportedServicesType, "exps"). - WithData(t, exportedServiceData). - Build() - resourcetest.ValidateAndNormalize(t, registry, res) - - cases := map[string]testcase{ - "no rules": { - rules: ``, - readOK: DENY, - writeOK: DENY, - listOK: DEFAULT, - }, - "all services has read policy": { - rules: `service "api" { policy = "read" } service "backend" {policy = "read"}`, - readOK: ALLOW, - writeOK: DENY, - listOK: DEFAULT, - }, - "all services has write policy": { - rules: `service "api" { policy = "write" } service "backend" {policy = "write"}`, - readOK: ALLOW, - writeOK: ALLOW, - listOK: DEFAULT, - }, - "only one services has read policy": { - rules: `service "api" { policy = "read" }`, - readOK: DENY, - writeOK: DENY, - listOK: DEFAULT, - }, - "only one services has write policy": { - rules: `service "api" { policy = "write" }`, - readOK: DENY, - writeOK: DENY, - listOK: DEFAULT, - }, - } - - for _, tc := range cases { - aclTestCase := resourcetest.ACLTestCase{ - Rules: tc.rules, - Res: res, - ReadOK: tc.readOK, - WriteOK: tc.writeOK, - ListOK: tc.listOK, - } - resourcetest.RunACLTestCase(t, aclTestCase, registry) - } -} - -func TestExportedServicesValidation(t *testing.T) { - type testcase struct { - Resource *pbresource.Resource - expectErrorCE []string - expectErrorENT []string - } - - isEnterprise := versiontest.IsEnterprise() - - run := func(t *testing.T, tc testcase) { - expectError := tc.expectErrorCE - if isEnterprise { - expectError = tc.expectErrorENT - } - err := ValidateExportedServices(tc.Resource) - if len(expectError) == 0 { - require.NoError(t, err) - } else { - require.Error(t, err) - for _, er := range expectError { - require.ErrorContains(t, err, er) - } - } - } - - cases := map[string]testcase{ - "exported services with peer": { - Resource: resourcetest.Resource(pbmulticluster.ExportedServicesType, "exported-services"). - WithData(t, exportedServicesWithPeer("peer")). - Build(), - }, - "exported services with partition": { - Resource: resourcetest.Resource(pbmulticluster.ExportedServicesType, "exported-services"). - WithData(t, exportedServicesWithPartition("partition")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "partition": can only be set in Enterprise`}, - }, - "exported services with sameness_group": { - Resource: resourcetest.Resource(pbmulticluster.ExportedServicesType, "exported-services"). - WithData(t, exportedServicesWithSamenessGroup("sameness_group")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "sameness_group": can only be set in Enterprise`}, - }, - "exported services with peer empty": { - Resource: resourcetest.Resource(pbmulticluster.ExportedServicesType, "exported-services"). - WithData(t, exportedServicesWithPeer("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "peer": can not be empty or local`}, - expectErrorENT: []string{`invalid element at index 0 of list "peer": can not be empty or local`}, - }, - "exported services with partition empty": { - Resource: resourcetest.Resource(pbmulticluster.ExportedServicesType, "exported-services"). - WithData(t, exportedServicesWithPartition("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "partition": can not be empty`, - `invalid element at index 0 of list "partition": can only be set in Enterprise`}, - expectErrorENT: []string{`invalid element at index 0 of list "partition": can not be empty`}, - }, - "exported services with sameness_group empty": { - Resource: resourcetest.Resource(pbmulticluster.ExportedServicesType, "exported-services"). - WithData(t, exportedServicesWithSamenessGroup("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "sameness_group": can not be empty`, - `invalid element at index 0 of list "sameness_group": can only be set in Enterprise`}, - expectErrorENT: []string{`invalid element at index 0 of list "sameness_group": can not be empty`}, - }, - } - - for name, tc := range cases { - t.Run(name, func(t *testing.T) { - run(t, tc) - }) - } -} diff --git a/internal/multicluster/internal/types/helpers.go b/internal/multicluster/internal/types/helpers.go deleted file mode 100644 index 5dac17f1e7a97..0000000000000 --- a/internal/multicluster/internal/types/helpers.go +++ /dev/null @@ -1,135 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "fmt" - "github.com/hashicorp/consul/internal/resource" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/go-multierror" -) - -func validateExportedServiceConsumerCommon(consumer *pbmulticluster.ExportedServicesConsumer, indx int) error { - switch consumer.GetConsumerTenancy().(type) { - case *pbmulticluster.ExportedServicesConsumer_Peer: - { - if consumer.GetPeer() == "" || consumer.GetPeer() == "local" { - return resource.ErrInvalidListElement{ - Name: "peer", - Index: indx, - Wrapped: fmt.Errorf("can not be empty or local"), - } - } - } - case *pbmulticluster.ExportedServicesConsumer_Partition: - { - if consumer.GetPartition() == "" { - return resource.ErrInvalidListElement{ - Name: "partition", - Index: indx, - Wrapped: fmt.Errorf("can not be empty"), - } - } - } - case *pbmulticluster.ExportedServicesConsumer_SamenessGroup: - { - if consumer.GetSamenessGroup() == "" { - return resource.ErrInvalidListElement{ - Name: "sameness_group", - Index: indx, - Wrapped: fmt.Errorf("can not be empty"), - } - } - } - } - return nil -} - -func validateExportedServicesConsumersEnterprise(consumers []*pbmulticluster.ExportedServicesConsumer) error { - var merr error - - for indx, consumer := range consumers { - vmerr := validateExportedServiceConsumerCommon(consumer, indx) - if vmerr != nil { - merr = multierror.Append(merr, vmerr) - } - vmerr = validateExportedServicesConsumer(consumer, indx) - if vmerr != nil { - merr = multierror.Append(merr, vmerr) - } - } - - return merr -} - -func ValidateExportedServices(res *pbresource.Resource) error { - var exportedService pbmulticluster.ExportedServices - - if err := res.Data.UnmarshalTo(&exportedService); err != nil { - return resource.NewErrDataParse(&exportedService, err) - } - - var merr error - - if len(exportedService.Services) == 0 { - merr = multierror.Append(merr, resource.ErrInvalidField{ - Name: "services", - Wrapped: fmt.Errorf("at least one service must be set"), - }) - } - - vmerr := validateExportedServicesConsumersEnterprise(exportedService.Consumers) - - if vmerr != nil { - merr = multierror.Append(merr, vmerr) - } - - return merr -} - -func ValidateNamespaceExportedServices(res *pbresource.Resource) error { - var exportedService pbmulticluster.NamespaceExportedServices - - if err := res.Data.UnmarshalTo(&exportedService); err != nil { - return resource.NewErrDataParse(&exportedService, err) - } - - return validateExportedServicesConsumersEnterprise(exportedService.Consumers) -} - -func ValidatePartitionExportedServices(res *pbresource.Resource) error { - var exportedService pbmulticluster.PartitionExportedServices - - if err := res.Data.UnmarshalTo(&exportedService); err != nil { - return resource.NewErrDataParse(&exportedService, err) - } - - return validateExportedServicesConsumersEnterprise(exportedService.Consumers) -} - -func ValidateComputedExportedServices(res *pbresource.Resource) error { - var computedExportedServices pbmulticluster.ComputedExportedServices - - if err := res.Data.UnmarshalTo(&computedExportedServices); err != nil { - return resource.NewErrDataParse(&computedExportedServices, err) - } - - var merr error - - if res.Id.Name != ComputedExportedServicesName { - merr = multierror.Append(merr, resource.ErrInvalidField{ - Name: "name", - Wrapped: fmt.Errorf("name can only be \"global\""), - }) - } - - vmerr := ValidateComputedExportedServicesEnterprise(&computedExportedServices) - - if vmerr != nil { - merr = multierror.Append(merr, vmerr) - } - - return merr -} diff --git a/internal/multicluster/internal/types/helpers_ce.go b/internal/multicluster/internal/types/helpers_ce.go deleted file mode 100644 index b997b8671ad05..0000000000000 --- a/internal/multicluster/internal/types/helpers_ce.go +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -//go:build !consulent - -package types - -import ( - "fmt" - "github.com/hashicorp/consul/internal/resource" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/go-multierror" -) - -func validateExportedServicesConsumer(consumer *pbmulticluster.ExportedServicesConsumer, indx int) error { - switch consumer.GetConsumerTenancy().(type) { - case *pbmulticluster.ExportedServicesConsumer_Partition: - return resource.ErrInvalidListElement{ - Name: "partition", - Index: indx, - Wrapped: fmt.Errorf("can only be set in Enterprise"), - } - case *pbmulticluster.ExportedServicesConsumer_SamenessGroup: - return resource.ErrInvalidListElement{ - Name: "sameness_group", - Index: indx, - Wrapped: fmt.Errorf("can only be set in Enterprise"), - } - } - return nil -} - -func ValidateComputedExportedServicesEnterprise(computedExportedServices *pbmulticluster.ComputedExportedServices) error { - - var merr error - - for indx, consumer := range computedExportedServices.GetConsumers() { - for _, computedExportedServiceConsumer := range consumer.GetConsumers() { - switch computedExportedServiceConsumer.GetConsumerTenancy().(type) { - case *pbmulticluster.ComputedExportedServicesConsumer_Partition: - merr = multierror.Append(merr, resource.ErrInvalidListElement{ - Name: "partition", - Index: indx, - Wrapped: fmt.Errorf("can only be set in Enterprise"), - }) - if computedExportedServiceConsumer.GetPartition() == "" { - merr = multierror.Append(merr, resource.ErrInvalidListElement{ - Name: "partition", - Index: indx, - Wrapped: fmt.Errorf("can not be empty"), - }) - } - case *pbmulticluster.ComputedExportedServicesConsumer_Peer: - if computedExportedServiceConsumer.GetPeer() == "" { - merr = multierror.Append(merr, resource.ErrInvalidListElement{ - Name: "peer", - Index: indx, - Wrapped: fmt.Errorf("can not be empty"), - }) - } - } - } - } - - return merr -} diff --git a/internal/multicluster/internal/types/namespace_exported_services.go b/internal/multicluster/internal/types/namespace_exported_services.go deleted file mode 100644 index 857ea868b8e96..0000000000000 --- a/internal/multicluster/internal/types/namespace_exported_services.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/internal/resource" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" -) - -func RegisterNamespaceExportedServices(r resource.Registry) { - r.Register(resource.Registration{ - Type: pbmulticluster.NamespaceExportedServicesType, - Proto: &pbmulticluster.NamespaceExportedServices{}, - Scope: resource.ScopeNamespace, - Validate: ValidateNamespaceExportedServices, - ACLs: &resource.ACLHooks{ - Read: aclReadHookNamespaceExportedServices, - Write: aclWriteHookNamespaceExportedServices, - List: resource.NoOpACLListHook, - }, - }) -} - -func aclReadHookNamespaceExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, res *pbresource.Resource) error { - return authorizer.ToAllowAuthorizer().MeshReadAllowed(authzContext) -} - -func aclWriteHookNamespaceExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { - return authorizer.ToAllowAuthorizer().MeshWriteAllowed(authzContext) -} diff --git a/internal/multicluster/internal/types/namespace_exported_services_test.go b/internal/multicluster/internal/types/namespace_exported_services_test.go deleted file mode 100644 index 06864997b3c2a..0000000000000 --- a/internal/multicluster/internal/types/namespace_exported_services_test.go +++ /dev/null @@ -1,187 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "testing" - - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/resource/resourcetest" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/consul/version/versiontest" -) - -func validNamespaceExportedServicesWithPeer(peerName string) *pbmulticluster.NamespaceExportedServices { - consumers := []*pbmulticluster.ExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Peer{ - Peer: peerName, - }, - }, - } - return &pbmulticluster.NamespaceExportedServices{ - Consumers: consumers, - } -} - -func validNamespaceExportedServicesWithPartition(partitionName string) *pbmulticluster.NamespaceExportedServices { - consumers := []*pbmulticluster.ExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Partition{ - Partition: partitionName, - }, - }, - } - return &pbmulticluster.NamespaceExportedServices{ - Consumers: consumers, - } -} - -func validNamespaceExportedServicesWithSamenessGroup(samenessGroupName string) *pbmulticluster.NamespaceExportedServices { - consumers := []*pbmulticluster.ExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_SamenessGroup{ - SamenessGroup: samenessGroupName, - }, - }, - } - return &pbmulticluster.NamespaceExportedServices{ - Consumers: consumers, - } -} - -func TestNamespaceExportedServicesACLs(t *testing.T) { - // Wire up a registry to generically invoke hooks - registry := resource.NewRegistry() - Register(registry) - - type testcase struct { - rules string - readOK string - writeOK string - listOK string - } - - const ( - DENY = resourcetest.DENY - ALLOW = resourcetest.ALLOW - DEFAULT = resourcetest.DEFAULT - ) - - cases := map[string]testcase{ - "no rules": { - rules: ``, - readOK: DENY, - writeOK: DENY, - listOK: DEFAULT, - }, - "mesh read policy": { - rules: `mesh = "read"`, - readOK: ALLOW, - writeOK: DENY, - listOK: DEFAULT, - }, - "mesh write policy": { - rules: `mesh = "write"`, - readOK: ALLOW, - writeOK: ALLOW, - listOK: DEFAULT, - }, - } - - exportedServiceData := &pbmulticluster.NamespaceExportedServices{} - res := resourcetest.Resource(pbmulticluster.NamespaceExportedServicesType, "namespace-exported-services"). - WithData(t, exportedServiceData). - Build() - resourcetest.ValidateAndNormalize(t, registry, res) - - for _, tc := range cases { - aclTestCase := resourcetest.ACLTestCase{ - Rules: tc.rules, - Res: res, - ReadOK: tc.readOK, - WriteOK: tc.writeOK, - ListOK: tc.listOK, - } - resourcetest.RunACLTestCase(t, aclTestCase, registry) - } -} - -func TestNamespaceExportedServicesValidations(t *testing.T) { - type testcase struct { - Resource *pbresource.Resource - expectErrorCE []string - expectErrorENT []string - } - - isEnterprise := versiontest.IsEnterprise() - - run := func(t *testing.T, tc testcase) { - expectError := tc.expectErrorCE - if isEnterprise { - expectError = tc.expectErrorENT - } - err := ValidateNamespaceExportedServices(tc.Resource) - if len(expectError) == 0 { - require.NoError(t, err) - } else { - require.Error(t, err) - for _, er := range expectError { - require.ErrorContains(t, err, er) - } - } - } - - cases := map[string]testcase{ - "namespace exported services with peer": { - Resource: resourcetest.Resource(pbmulticluster.NamespaceExportedServicesType, "namespace-exported-services"). - WithData(t, validNamespaceExportedServicesWithPeer("peer")). - Build(), - }, - "namespace exported services with partition": { - Resource: resourcetest.Resource(pbmulticluster.NamespaceExportedServicesType, "namespace-exported-services"). - WithData(t, validNamespaceExportedServicesWithPartition("partition")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "partition": can only be set in Enterprise`}, - }, - "namespace exported services with sameness_group": { - Resource: resourcetest.Resource(pbmulticluster.NamespaceExportedServicesType, "namespace-exported-services"). - WithData(t, validNamespaceExportedServicesWithSamenessGroup("sameness_group")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "sameness_group": can only be set in Enterprise`}, - }, - "namespace exported services with peer empty": { - Resource: resourcetest.Resource(pbmulticluster.NamespaceExportedServicesType, "namespace-exported-services"). - WithData(t, validNamespaceExportedServicesWithPeer("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "peer": can not be empty or local`}, - expectErrorENT: []string{`invalid element at index 0 of list "peer": can not be empty or local`}, - }, - "namespace exported services with partition empty": { - Resource: resourcetest.Resource(pbmulticluster.NamespaceExportedServicesType, "namespace-exported-services"). - WithData(t, validNamespaceExportedServicesWithPartition("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "partition": can not be empty`, - `invalid element at index 0 of list "partition": can only be set in Enterprise`}, - expectErrorENT: []string{`invalid element at index 0 of list "partition": can not be empty`}, - }, - "namespace exported services with sameness_group empty": { - Resource: resourcetest.Resource(pbmulticluster.NamespaceExportedServicesType, "namespace-exported-services"). - WithData(t, validNamespaceExportedServicesWithSamenessGroup("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "sameness_group": can not be empty`, - `invalid element at index 0 of list "sameness_group": can only be set in Enterprise`}, - expectErrorENT: []string{`invalid element at index 0 of list "sameness_group": can not be empty`}, - }, - } - - for name, tc := range cases { - t.Run(name, func(t *testing.T) { - run(t, tc) - }) - } -} diff --git a/internal/multicluster/internal/types/partition_exported_services.go b/internal/multicluster/internal/types/partition_exported_services.go deleted file mode 100644 index 110eb5d6efa13..0000000000000 --- a/internal/multicluster/internal/types/partition_exported_services.go +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/internal/resource" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" -) - -func RegisterPartitionExportedServices(r resource.Registry) { - r.Register(resource.Registration{ - Type: pbmulticluster.PartitionExportedServicesType, - Proto: &pbmulticluster.PartitionExportedServices{}, - Scope: resource.ScopePartition, - Validate: ValidatePartitionExportedServices, - ACLs: &resource.ACLHooks{ - Read: aclReadHookPartitionExportedServices, - Write: aclWriteHookPartitionExportedServices, - List: resource.NoOpACLListHook, - }, - }) -} - -func aclReadHookPartitionExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, res *pbresource.Resource) error { - return authorizer.ToAllowAuthorizer().MeshReadAllowed(authzContext) -} - -func aclWriteHookPartitionExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { - return authorizer.ToAllowAuthorizer().MeshWriteAllowed(authzContext) -} diff --git a/internal/multicluster/internal/types/partition_exported_services_test.go b/internal/multicluster/internal/types/partition_exported_services_test.go deleted file mode 100644 index ff557aae8fd2c..0000000000000 --- a/internal/multicluster/internal/types/partition_exported_services_test.go +++ /dev/null @@ -1,187 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "testing" - - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/resource/resourcetest" - pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/consul/version/versiontest" -) - -func validPartitionExportedServicesWithPeer(peerName string) *pbmulticluster.PartitionExportedServices { - consumers := []*pbmulticluster.ExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Peer{ - Peer: peerName, - }, - }, - } - return &pbmulticluster.PartitionExportedServices{ - Consumers: consumers, - } -} - -func validPartitionExportedServicesWithPartition(partitionName string) *pbmulticluster.PartitionExportedServices { - consumers := []*pbmulticluster.ExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_Partition{ - Partition: partitionName, - }, - }, - } - return &pbmulticluster.PartitionExportedServices{ - Consumers: consumers, - } -} - -func validPartitionExportedServicesWithSamenessGroup(samenessGroupName string) *pbmulticluster.PartitionExportedServices { - consumers := []*pbmulticluster.ExportedServicesConsumer{ - { - ConsumerTenancy: &pbmulticluster.ExportedServicesConsumer_SamenessGroup{ - SamenessGroup: samenessGroupName, - }, - }, - } - return &pbmulticluster.PartitionExportedServices{ - Consumers: consumers, - } -} - -func TestPartitionExportedServicesACLs(t *testing.T) { - // Wire up a registry to generically invoke hooks - registry := resource.NewRegistry() - Register(registry) - - type testcase struct { - rules string - readOK string - writeOK string - listOK string - } - - const ( - DENY = resourcetest.DENY - ALLOW = resourcetest.ALLOW - DEFAULT = resourcetest.DEFAULT - ) - - cases := map[string]testcase{ - "no rules": { - rules: ``, - readOK: DENY, - writeOK: DENY, - listOK: DEFAULT, - }, - "mesh read policy": { - rules: `mesh = "read"`, - readOK: ALLOW, - writeOK: DENY, - listOK: DEFAULT, - }, - "mesh write policy": { - rules: `mesh = "write"`, - readOK: ALLOW, - writeOK: ALLOW, - listOK: DEFAULT, - }, - } - - exportedServiceData := &pbmulticluster.PartitionExportedServices{} - res := resourcetest.Resource(pbmulticluster.PartitionExportedServicesType, "partition-exported-services"). - WithData(t, exportedServiceData). - Build() - resourcetest.ValidateAndNormalize(t, registry, res) - - for _, tc := range cases { - aclTestCase := resourcetest.ACLTestCase{ - Rules: tc.rules, - Res: res, - ReadOK: tc.readOK, - WriteOK: tc.writeOK, - ListOK: tc.listOK, - } - resourcetest.RunACLTestCase(t, aclTestCase, registry) - } -} - -func TestPartitionExportedServicesValidations(t *testing.T) { - type testcase struct { - Resource *pbresource.Resource - expectErrorCE []string - expectErrorENT []string - } - - isEnterprise := versiontest.IsEnterprise() - - run := func(t *testing.T, tc testcase) { - expectError := tc.expectErrorCE - if isEnterprise { - expectError = tc.expectErrorENT - } - err := ValidatePartitionExportedServices(tc.Resource) - if len(expectError) == 0 { - require.NoError(t, err) - } else { - require.Error(t, err) - for _, er := range expectError { - require.ErrorContains(t, err, er) - } - } - } - - cases := map[string]testcase{ - "partition exported services with peer": { - Resource: resourcetest.Resource(pbmulticluster.PartitionExportedServicesType, "partition-exported-services"). - WithData(t, validPartitionExportedServicesWithPeer("peer")). - Build(), - }, - "partition exported services with partition": { - Resource: resourcetest.Resource(pbmulticluster.PartitionExportedServicesType, "partition-exported-services"). - WithData(t, validPartitionExportedServicesWithPartition("partition")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "partition": can only be set in Enterprise`}, - }, - "partition exported services with sameness_group": { - Resource: resourcetest.Resource(pbmulticluster.PartitionExportedServicesType, "partition-exported-services"). - WithData(t, validPartitionExportedServicesWithSamenessGroup("sameness_group")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "sameness_group": can only be set in Enterprise`}, - }, - "partition exported services with peer empty": { - Resource: resourcetest.Resource(pbmulticluster.PartitionExportedServicesType, "partition-exported-services"). - WithData(t, validPartitionExportedServicesWithPeer("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "peer": can not be empty or local`}, - expectErrorENT: []string{`invalid element at index 0 of list "peer": can not be empty or local`}, - }, - "partition exported services with partition empty": { - Resource: resourcetest.Resource(pbmulticluster.PartitionExportedServicesType, "partition-exported-services"). - WithData(t, validPartitionExportedServicesWithPartition("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "partition": can not be empty`, - `invalid element at index 0 of list "partition": can only be set in Enterprise`}, - expectErrorENT: []string{`invalid element at index 0 of list "partition": can not be empty`}, - }, - "partition exported services with sameness_group empty": { - Resource: resourcetest.Resource(pbmulticluster.PartitionExportedServicesType, "partition-exported-services"). - WithData(t, validPartitionExportedServicesWithSamenessGroup("")). - Build(), - expectErrorCE: []string{`invalid element at index 0 of list "sameness_group": can not be empty`, - `invalid element at index 0 of list "sameness_group": can only be set in Enterprise`}, - expectErrorENT: []string{`invalid element at index 0 of list "sameness_group": can not be empty`}, - }, - } - - for name, tc := range cases { - t.Run(name, func(t *testing.T) { - run(t, tc) - }) - } -} diff --git a/internal/multicluster/internal/types/types.go b/internal/multicluster/internal/types/types.go deleted file mode 100644 index 9ee6691e19ec8..0000000000000 --- a/internal/multicluster/internal/types/types.go +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package types - -import ( - "github.com/hashicorp/consul/internal/resource" -) - -const ( - GroupName = "multicluster" - VersionV2Beta1 = "v2beta1" - CurrentVersion = VersionV2Beta1 -) - -func Register(r resource.Registry) { - RegisterExportedServices(r) - RegisterNamespaceExportedServices(r) - RegisterPartitionExportedServices(r) - RegisterComputedExportedServices(r) -} diff --git a/internal/resource/decode.go b/internal/resource/decode.go index 2b96853f1e13d..ba9abd87d60d9 100644 --- a/internal/resource/decode.go +++ b/internal/resource/decode.go @@ -16,10 +16,8 @@ import ( // DecodedResource is a generic holder to contain an original Resource and its // decoded contents. type DecodedResource[T proto.Message] struct { - // Embedding here allows us to shadow the Resource.Data Any field to fake out - // using a single struct with inlined data. - *pbresource.Resource - Data T + Resource *pbresource.Resource + Data T } func (d *DecodedResource[T]) GetResource() *pbresource.Resource { @@ -70,20 +68,3 @@ func GetDecodedResource[T proto.Message](ctx context.Context, client pbresource. } return Decode[T](rsp.Resource) } - -func ListDecodedResource[T proto.Message](ctx context.Context, client pbresource.ResourceServiceClient, req *pbresource.ListRequest) ([]*DecodedResource[T], error) { - rsp, err := client.List(ctx, req) - if err != nil { - return nil, err - } - - results := make([]*DecodedResource[T], len(rsp.Resources)) - for idx, rsc := range rsp.Resources { - d, err := Decode[T](rsc) - if err != nil { - return nil, err - } - results[idx] = d - } - return results, nil -} diff --git a/internal/resource/decode_test.go b/internal/resource/decode_test.go index 31db247c70882..02e86fddfbf7d 100644 --- a/internal/resource/decode_test.go +++ b/internal/resource/decode_test.go @@ -22,7 +22,7 @@ import ( func TestGetDecodedResource(t *testing.T) { var ( - baseClient = svctest.NewResourceServiceBuilder().WithRegisterFns(demo.RegisterTypes).Run(t) + baseClient = svctest.RunResourceService(t, demo.RegisterTypes) client = rtest.NewClient(baseClient) ctx = testutil.TestContext(t) ) diff --git a/internal/resource/demo/controller.go b/internal/resource/demo/controller.go index a8757fcae2624..7f1bba902ea51 100644 --- a/internal/resource/demo/controller.go +++ b/internal/resource/demo/controller.go @@ -71,7 +71,7 @@ func (r *artistReconciler) Reconcile(ctx context.Context, rt controller.Runtime, actualAlbums, err := rt.Client.List(ctx, &pbresource.ListRequest{ Type: TypeV2Album, Tenancy: res.Id.Tenancy, - NamePrefix: fmt.Sprintf("%s-", res.Id.Name), + NamePrefix: fmt.Sprintf("%s/", res.Id.Name), }) if err != nil { return err diff --git a/internal/resource/demo/controller_test.go b/internal/resource/demo/controller_test.go index 303ecfe235892..a8c2640d615a8 100644 --- a/internal/resource/demo/controller_test.go +++ b/internal/resource/demo/controller_test.go @@ -16,9 +16,7 @@ import ( ) func TestArtistReconciler(t *testing.T) { - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(RegisterTypes). - Run(t) + client := svctest.RunResourceService(t, RegisterTypes) // Seed the database with an artist. res, err := GenerateV2Artist() diff --git a/internal/resource/demo/demo.go b/internal/resource/demo/demo.go index 12fced6718e61..8e978c9fb49ab 100644 --- a/internal/resource/demo/demo.go +++ b/internal/resource/demo/demo.go @@ -354,7 +354,7 @@ func generateV2Album(artistID *pbresource.ID, rand *rand.Rand) (*pbresource.Reso Id: &pbresource.ID{ Type: TypeV2Album, Tenancy: clone(artistID.Tenancy), - Name: fmt.Sprintf("%s-%s-%s", artistID.Name, strings.ToLower(adjective), strings.ToLower(noun)), + Name: fmt.Sprintf("%s/%s-%s", artistID.Name, strings.ToLower(adjective), strings.ToLower(noun)), }, Owner: artistID, Data: data, diff --git a/internal/resource/hooks.go b/internal/resource/hooks.go deleted file mode 100644 index 2b9d72b88925f..0000000000000 --- a/internal/resource/hooks.go +++ /dev/null @@ -1,107 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package resource - -import ( - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/proto-public/pbresource" - "google.golang.org/protobuf/proto" -) - -// DecodedValidationHook is the function signature needed for usage with the DecodeAndValidate function -type DecodedValidationHook[T proto.Message] func(*DecodedResource[T]) error - -// DecodeAndValidate will generate a validation hook function that decodes the specified type and -// passes it off to another validation hook. This is mainly a convenience to avoid many other -// validation hooks needing to attempt decoding the data and erroring in a consistent manner. -func DecodeAndValidate[T proto.Message](fn DecodedValidationHook[T]) ValidationHook { - return func(res *pbresource.Resource) error { - decoded, err := Decode[T](res) - if err != nil { - return err - } - - return fn(decoded) - } -} - -// DecodedMutationHook is the function signature needed for usage with the DecodeAndMutate function -// The boolean return value indicates whether the Data field within the DecodedResource was modified. -// When true, the DecodeAndMutate hook function will automatically re-encode the Any data and store -// it on the internal Resource's Data field. -type DecodedMutationHook[T proto.Message] func(*DecodedResource[T]) (bool, error) - -// DecodeAndMutate will generate a MutationHook that decodes the specified type and passes it -// off to another mutation hook. This is mainly a convenience to avoid other mutation hooks -// needing to decode and potentially reencode the Any data. When the inner mutation hook returns -// no error and that the Data was modified (true for the boolean return value), the generated -// hook will reencode the Any data back into the Resource wrapper -func DecodeAndMutate[T proto.Message](fn DecodedMutationHook[T]) MutationHook { - return func(res *pbresource.Resource) error { - decoded, err := Decode[T](res) - if err != nil { - return err - } - - modified, err := fn(decoded) - if err != nil { - return err - } - - if modified { - return decoded.Resource.Data.MarshalFrom(decoded.Data) - } - return nil - } -} - -// DecodedAuthorizationHook is the function signature needed for usage with the DecodeAndAuthorizeWrite -// and DecodeAndAuthorizeRead functions. -type DecodedAuthorizationHook[T proto.Message] func(acl.Authorizer, *acl.AuthorizerContext, *DecodedResource[T]) error - -// DecodeAndAuthorizeWrite will generate an ACLAuthorizeWriteHook that decodes the specified type and passes -// it off to another authorization hook. This is mainly a convenience to avoid many other write authorization -// hooks needing to attempt decoding the data and erroring in a consistent manner. -func DecodeAndAuthorizeWrite[T proto.Message](fn DecodedAuthorizationHook[T]) ACLAuthorizeWriteHook { - return func(authz acl.Authorizer, ctx *acl.AuthorizerContext, res *pbresource.Resource) error { - decoded, err := Decode[T](res) - if err != nil { - return err - } - - return fn(authz, ctx, decoded) - } -} - -// DecodeAndAuthorizeRead will generate an ACLAuthorizeReadHook that decodes the specified type and passes -// it off to another authorization hook. This is mainly a convenience to avoid many other read authorization -// hooks needing to attempt decoding the data and erroring in a consistent manner. -func DecodeAndAuthorizeRead[T proto.Message](fn DecodedAuthorizationHook[T]) ACLAuthorizeReadHook { - return func(authz acl.Authorizer, ctx *acl.AuthorizerContext, _ *pbresource.ID, res *pbresource.Resource) error { - if res == nil { - return ErrNeedResource - } - - decoded, err := Decode[T](res) - if err != nil { - return err - } - - return fn(authz, ctx, decoded) - } -} - -type ReadAuthorizationWithResourceHook func(acl.Authorizer, *acl.AuthorizerContext, *pbresource.Resource) error - -// AuthorizeReadWithResource is a small wrapper to ensure that the authorization function is -// invoked with the full resource being read instead of just an id. -func AuthorizeReadWithResource(fn ReadAuthorizationWithResourceHook) ACLAuthorizeReadHook { - return func(authz acl.Authorizer, ctx *acl.AuthorizerContext, id *pbresource.ID, res *pbresource.Resource) error { - if res == nil { - return ErrNeedResource - } - - return fn(authz, ctx, res) - } -} diff --git a/internal/resource/hooks_test.go b/internal/resource/hooks_test.go deleted file mode 100644 index d9fa4d4272b74..0000000000000 --- a/internal/resource/hooks_test.go +++ /dev/null @@ -1,243 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package resource_test - -import ( - "fmt" - "testing" - - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/resource/demo" - rtest "github.com/hashicorp/consul/internal/resource/resourcetest" - "github.com/hashicorp/consul/proto-public/pbresource" - pbdemo "github.com/hashicorp/consul/proto/private/pbdemo/v2" - "github.com/stretchr/testify/require" -) - -func TestDecodeAndValidate(t *testing.T) { - res := rtest.Resource(demo.TypeV2Artist, "babypants"). - WithData(t, &pbdemo.Artist{Name: "caspar babypants"}). - Build() - - t.Run("ok", func(t *testing.T) { - err := resource.DecodeAndValidate[*pbdemo.Artist](func(dec *resource.DecodedResource[*pbdemo.Artist]) error { - require.NotNil(t, dec.Resource) - require.NotNil(t, dec.Data) - - return nil - })(res) - - require.NoError(t, err) - }) - - t.Run("inner-validation-error", func(t *testing.T) { - fakeErr := fmt.Errorf("fake") - - err := resource.DecodeAndValidate[*pbdemo.Artist](func(dec *resource.DecodedResource[*pbdemo.Artist]) error { - return fakeErr - })(res) - - require.Error(t, err) - require.Equal(t, fakeErr, err) - }) - - t.Run("decode-error", func(t *testing.T) { - err := resource.DecodeAndValidate[*pbdemo.Album](func(dec *resource.DecodedResource[*pbdemo.Album]) error { - require.Fail(t, "callback should not be called when decoding fails") - return nil - })(res) - - require.Error(t, err) - require.ErrorAs(t, err, &resource.ErrDataParse{}) - }) -} - -func TestDecodeAndMutate(t *testing.T) { - res := rtest.Resource(demo.TypeV2Artist, "babypants"). - WithData(t, &pbdemo.Artist{Name: "caspar babypants"}). - Build() - - t.Run("no-writeback", func(t *testing.T) { - original := res.Data.Value - - err := resource.DecodeAndMutate[*pbdemo.Artist](func(dec *resource.DecodedResource[*pbdemo.Artist]) (bool, error) { - require.NotNil(t, dec.Resource) - require.NotNil(t, dec.Data) - - // we are going to change the data but not tell the outer hook about it - dec.Data.Name = "changed" - - return false, nil - })(res) - - require.NoError(t, err) - // Ensure that the outer hook didn't overwrite the resources data because we told it not to - require.Equal(t, original, res.Data.Value) - }) - - t.Run("writeback", func(t *testing.T) { - original := res.Data.Value - - err := resource.DecodeAndMutate[*pbdemo.Artist](func(dec *resource.DecodedResource[*pbdemo.Artist]) (bool, error) { - require.NotNil(t, dec.Resource) - require.NotNil(t, dec.Data) - - dec.Data.Name = "changed" - - return true, nil - })(res) - - require.NoError(t, err) - // Ensure that the outer hook reencoded the Any data because we told it to. - require.NotEqual(t, original, res.Data.Value) - }) - - t.Run("inner-mutation-error", func(t *testing.T) { - fakeErr := fmt.Errorf("fake") - - err := resource.DecodeAndMutate[*pbdemo.Artist](func(dec *resource.DecodedResource[*pbdemo.Artist]) (bool, error) { - return false, fakeErr - })(res) - - require.Error(t, err) - require.Equal(t, fakeErr, err) - }) - - t.Run("decode-error", func(t *testing.T) { - err := resource.DecodeAndMutate[*pbdemo.Album](func(dec *resource.DecodedResource[*pbdemo.Album]) (bool, error) { - require.Fail(t, "callback should not be called when decoding fails") - return false, nil - })(res) - - require.Error(t, err) - require.ErrorAs(t, err, &resource.ErrDataParse{}) - }) -} - -func TestDecodeAndAuthorizeWrite(t *testing.T) { - res := rtest.Resource(demo.TypeV2Artist, "babypants"). - WithData(t, &pbdemo.Artist{Name: "caspar babypants"}). - Build() - - t.Run("allowed", func(t *testing.T) { - err := resource.DecodeAndAuthorizeWrite[*pbdemo.Artist](func(a acl.Authorizer, c *acl.AuthorizerContext, dec *resource.DecodedResource[*pbdemo.Artist]) error { - require.NotNil(t, a) - require.NotNil(t, c) - require.NotNil(t, dec.Resource) - require.NotNil(t, dec.Data) - - // access allowed - return nil - })(acl.DenyAll(), &acl.AuthorizerContext{}, res) - - require.NoError(t, err) - }) - - t.Run("denied", func(t *testing.T) { - err := resource.DecodeAndAuthorizeWrite[*pbdemo.Artist](func(a acl.Authorizer, c *acl.AuthorizerContext, dec *resource.DecodedResource[*pbdemo.Artist]) error { - return acl.PermissionDenied("fake") - })(acl.DenyAll(), nil, res) - - require.Error(t, err) - require.True(t, acl.IsErrPermissionDenied(err)) - }) - - t.Run("decode-error", func(t *testing.T) { - err := resource.DecodeAndAuthorizeWrite[*pbdemo.Album](func(a acl.Authorizer, c *acl.AuthorizerContext, dec *resource.DecodedResource[*pbdemo.Album]) error { - require.Fail(t, "callback should not be called when decoding fails") - return nil - })(acl.DenyAll(), &acl.AuthorizerContext{}, res) - - require.Error(t, err) - require.ErrorAs(t, err, &resource.ErrDataParse{}) - }) -} - -func TestDecodeAndAuthorizeRead(t *testing.T) { - res := rtest.Resource(demo.TypeV2Artist, "babypants"). - WithData(t, &pbdemo.Artist{Name: "caspar babypants"}). - Build() - - t.Run("allowed", func(t *testing.T) { - err := resource.DecodeAndAuthorizeRead[*pbdemo.Artist](func(a acl.Authorizer, c *acl.AuthorizerContext, dec *resource.DecodedResource[*pbdemo.Artist]) error { - require.NotNil(t, a) - require.NotNil(t, c) - require.NotNil(t, dec.Resource) - require.NotNil(t, dec.Data) - - // access allowed - return nil - })(acl.DenyAll(), &acl.AuthorizerContext{}, nil, res) - - require.NoError(t, err) - }) - - t.Run("denied", func(t *testing.T) { - err := resource.DecodeAndAuthorizeRead[*pbdemo.Artist](func(a acl.Authorizer, c *acl.AuthorizerContext, dec *resource.DecodedResource[*pbdemo.Artist]) error { - return acl.PermissionDenied("fake") - })(acl.DenyAll(), nil, nil, res) - - require.Error(t, err) - require.True(t, acl.IsErrPermissionDenied(err)) - }) - - t.Run("decode-error", func(t *testing.T) { - err := resource.DecodeAndAuthorizeRead[*pbdemo.Album](func(a acl.Authorizer, c *acl.AuthorizerContext, dec *resource.DecodedResource[*pbdemo.Album]) error { - require.Fail(t, "callback should not be called when decoding fails") - return nil - })(acl.DenyAll(), &acl.AuthorizerContext{}, nil, res) - - require.Error(t, err) - require.ErrorAs(t, err, &resource.ErrDataParse{}) - }) - - t.Run("err-need-resource", func(t *testing.T) { - err := resource.DecodeAndAuthorizeRead[*pbdemo.Artist](func(a acl.Authorizer, c *acl.AuthorizerContext, dec *resource.DecodedResource[*pbdemo.Artist]) error { - require.Fail(t, "callback should not be called when no resource was provided to be decoded") - return nil - })(acl.DenyAll(), &acl.AuthorizerContext{}, nil, nil) - - require.Error(t, err) - require.ErrorIs(t, err, resource.ErrNeedResource) - }) -} - -func TestAuthorizeReadWithResource(t *testing.T) { - res := rtest.Resource(demo.TypeV2Artist, "babypants"). - WithData(t, &pbdemo.Artist{Name: "caspar babypants"}). - Build() - - t.Run("allowed", func(t *testing.T) { - err := resource.AuthorizeReadWithResource(func(a acl.Authorizer, c *acl.AuthorizerContext, res *pbresource.Resource) error { - require.NotNil(t, a) - require.NotNil(t, c) - require.NotNil(t, res) - - // access allowed - return nil - })(acl.DenyAll(), &acl.AuthorizerContext{}, nil, res) - - require.NoError(t, err) - }) - - t.Run("denied", func(t *testing.T) { - err := resource.AuthorizeReadWithResource(func(a acl.Authorizer, c *acl.AuthorizerContext, res *pbresource.Resource) error { - return acl.PermissionDenied("fake") - })(acl.DenyAll(), nil, nil, res) - - require.Error(t, err) - require.True(t, acl.IsErrPermissionDenied(err)) - }) - - t.Run("err-need-resource", func(t *testing.T) { - err := resource.AuthorizeReadWithResource(func(a acl.Authorizer, c *acl.AuthorizerContext, res *pbresource.Resource) error { - require.Fail(t, "callback should not be called when no resource was provided to be decoded") - return nil - })(acl.DenyAll(), &acl.AuthorizerContext{}, nil, nil) - - require.Error(t, err) - require.ErrorIs(t, err, resource.ErrNeedResource) - }) -} diff --git a/internal/resource/http/http_test.go b/internal/resource/http/http_test.go index aa36b8a38cbdd..50f50fbe39488 100644 --- a/internal/resource/http/http_test.go +++ b/internal/resource/http/http_test.go @@ -12,17 +12,17 @@ import ( "strings" "testing" + "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" - "github.com/hashicorp/go-hclog" - - svc "github.com/hashicorp/consul/agent/grpc-external/services/resource" + resourceSvc "github.com/hashicorp/consul/agent/grpc-external/services/resource" svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" + pbdemov1 "github.com/hashicorp/consul/proto/private/pbdemo/v1" + "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" "github.com/hashicorp/consul/proto-public/pbresource" - pbdemov1 "github.com/hashicorp/consul/proto/private/pbdemo/v1" pbdemov2 "github.com/hashicorp/consul/proto/private/pbdemo/v2" "github.com/hashicorp/consul/sdk/testutil" ) @@ -42,13 +42,9 @@ func TestResourceHandler_InputValidation(t *testing.T) { request *http.Request response *httptest.ResponseRecorder expectedResponseCode int - responseBodyContains string + expectedErrorMessage string } - - client := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - Run(t) - + client := svctest.RunResourceService(t, demo.RegisterTypes) resourceHandler := resourceHandler{ resource.Registration{ Type: demo.TypeV2Artist, @@ -76,7 +72,7 @@ func TestResourceHandler_InputValidation(t *testing.T) { `)), response: httptest.NewRecorder(), expectedResponseCode: http.StatusBadRequest, - responseBodyContains: "resource.id.name invalid", + expectedErrorMessage: "rpc error: code = InvalidArgument desc = resource.id.name is required", }, { description: "wrong schema", @@ -93,21 +89,21 @@ func TestResourceHandler_InputValidation(t *testing.T) { `)), response: httptest.NewRecorder(), expectedResponseCode: http.StatusBadRequest, - responseBodyContains: "Request body didn't follow the resource schema", + expectedErrorMessage: "Request body didn't follow the resource schema", }, { description: "invalid request body", request: httptest.NewRequest("PUT", "/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader("bad-input")), response: httptest.NewRecorder(), expectedResponseCode: http.StatusBadRequest, - responseBodyContains: "Request body format is invalid", + expectedErrorMessage: "Request body format is invalid", }, { description: "no id", request: httptest.NewRequest("DELETE", "/?partition=default&peer_name=local&namespace=default", strings.NewReader("")), response: httptest.NewRecorder(), expectedResponseCode: http.StatusBadRequest, - responseBodyContains: "id.name invalid", + expectedErrorMessage: "rpc error: code = InvalidArgument desc = id.name is required", }, } @@ -123,23 +119,23 @@ func TestResourceHandler_InputValidation(t *testing.T) { require.NoError(t, err) require.Equal(t, tc.expectedResponseCode, tc.response.Result().StatusCode) - require.Contains(t, string(b), tc.responseBodyContains) + require.Equal(t, tc.expectedErrorMessage, string(b)) }) } } func TestResourceWriteHandler(t *testing.T) { - aclResolver := &svc.MockACLResolver{} + aclResolver := &resourceSvc.MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything). Return(svctest.AuthorizerFrom(t, demo.ArtistV1ReadPolicy, demo.ArtistV2ReadPolicy), nil) aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything). Return(svctest.AuthorizerFrom(t, demo.ArtistV1WritePolicy, demo.ArtistV2WritePolicy), nil) - builder := svctest.NewResourceServiceBuilder(). - WithACLResolver(aclResolver). - WithRegisterFns(demo.RegisterTypes) - client := builder.Run(t) - handler := NewHandler(client, builder.Registry(), parseToken, hclog.NewNullLogger()) + client := svctest.RunResourceServiceWithConfig(t, resourceSvc.Config{ACLResolver: aclResolver}, demo.RegisterTypes) + + r := resource.NewRegistry() + demo.RegisterTypes(r) + handler := NewHandler(client, r, parseToken, hclog.NewNullLogger()) t.Run("should be blocked if the token is not authorized", func(t *testing.T) { rsp := httptest.NewRecorder() @@ -162,7 +158,6 @@ func TestResourceWriteHandler(t *testing.T) { require.Equal(t, http.StatusForbidden, rsp.Result().StatusCode) }) - var readRsp *pbresource.ReadResponse t.Run("should write to the resource backend", func(t *testing.T) { rsp := httptest.NewRecorder() req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default", strings.NewReader(` @@ -188,8 +183,7 @@ func TestResourceWriteHandler(t *testing.T) { require.Equal(t, "Keith Urban", result["data"].(map[string]any)["name"]) require.Equal(t, "keith-urban", result["id"].(map[string]any)["name"]) - var err error - readRsp, err = client.Read(testutil.TestContext(t), &pbresource.ReadRequest{ + readRsp, err := client.Read(testutil.TestContext(t), &pbresource.ReadRequest{ Id: &pbresource.ID{ Type: demo.TypeV2Artist, Tenancy: resource.DefaultNamespacedTenancy(), @@ -206,7 +200,7 @@ func TestResourceWriteHandler(t *testing.T) { t.Run("should update the record with version parameter", func(t *testing.T) { rsp := httptest.NewRecorder() - req := httptest.NewRequest("PUT", fmt.Sprintf("/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=%s", readRsp.Resource.Version), strings.NewReader(` + req := httptest.NewRequest("PUT", "/demo/v2/artist/keith-urban?partition=default&peer_name=local&namespace=default&version=1", strings.NewReader(` { "metadata": { "foo": "bar" @@ -357,7 +351,7 @@ func deleteResource(t *testing.T, artistHandler http.Handler, resourceUri *Resou } func TestResourceReadHandler(t *testing.T) { - aclResolver := &svc.MockACLResolver{} + aclResolver := &resourceSvc.MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything). Return(svctest.AuthorizerFrom(t, demo.ArtistV1ReadPolicy, demo.ArtistV2ReadPolicy), nil) aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything). @@ -365,11 +359,11 @@ func TestResourceReadHandler(t *testing.T) { aclResolver.On("ResolveTokenAndDefaultMeta", fakeToken, mock.Anything, mock.Anything). Return(svctest.AuthorizerFrom(t, ""), nil) - builder := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - WithACLResolver(aclResolver) - client := builder.Run(t) - handler := NewHandler(client, builder.Registry(), parseToken, hclog.NewNullLogger()) + client := svctest.RunResourceServiceWithConfig(t, resourceSvc.Config{ACLResolver: aclResolver}, demo.RegisterTypes) + + r := resource.NewRegistry() + demo.RegisterTypes(r) + handler := NewHandler(client, r, parseToken, hclog.NewNullLogger()) createdResource := createResource(t, handler, nil) @@ -412,17 +406,18 @@ func TestResourceReadHandler(t *testing.T) { } func TestResourceDeleteHandler(t *testing.T) { - aclResolver := &svc.MockACLResolver{} + aclResolver := &resourceSvc.MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistReadPolicy, mock.Anything, mock.Anything). Return(svctest.AuthorizerFrom(t, demo.ArtistV2ReadPolicy), nil) aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything). Return(svctest.AuthorizerFrom(t, demo.ArtistV2WritePolicy), nil) - builder := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - WithACLResolver(aclResolver) - client := builder.Run(t) - handler := NewHandler(client, builder.Registry(), parseToken, hclog.NewNullLogger()) + client := svctest.RunResourceServiceWithConfig(t, resourceSvc.Config{ACLResolver: aclResolver}, demo.RegisterTypes) + + r := resource.NewRegistry() + demo.RegisterTypes(r) + + handler := NewHandler(client, r, parseToken, hclog.NewNullLogger()) t.Run("should surface PermissionDenied error from resource service", func(t *testing.T) { createResource(t, handler, nil) @@ -488,17 +483,18 @@ func TestResourceDeleteHandler(t *testing.T) { } func TestResourceListHandler(t *testing.T) { - aclResolver := &svc.MockACLResolver{} + aclResolver := &resourceSvc.MockACLResolver{} aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistListPolicy, mock.Anything, mock.Anything). Return(svctest.AuthorizerFrom(t, demo.ArtistV2ListPolicy), nil) aclResolver.On("ResolveTokenAndDefaultMeta", testACLTokenArtistWritePolicy, mock.Anything, mock.Anything). Return(svctest.AuthorizerFrom(t, demo.ArtistV2WritePolicy), nil) - builder := svctest.NewResourceServiceBuilder(). - WithRegisterFns(demo.RegisterTypes). - WithACLResolver(aclResolver) - client := builder.Run(t) - handler := NewHandler(client, builder.Registry(), parseToken, hclog.NewNullLogger()) + client := svctest.RunResourceServiceWithConfig(t, resourceSvc.Config{ACLResolver: aclResolver}, demo.RegisterTypes) + + r := resource.NewRegistry() + demo.RegisterTypes(r) + + handler := NewHandler(client, r, parseToken, hclog.NewNullLogger()) t.Run("should return MethodNotAllowed", func(t *testing.T) { rsp := httptest.NewRecorder() diff --git a/internal/resource/reaper/controller.go b/internal/resource/reaper/controller.go index c79dde5551122..f8de86f92196e 100644 --- a/internal/resource/reaper/controller.go +++ b/internal/resource/reaper/controller.go @@ -7,12 +7,11 @@ import ( "context" "time" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/proto-public/pbresource" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" ) const ( diff --git a/internal/resource/reaper/controller_test.go b/internal/resource/reaper/controller_test.go index 58ed2564fe3f6..c06ccedab582d 100644 --- a/internal/resource/reaper/controller_test.go +++ b/internal/resource/reaper/controller_test.go @@ -15,209 +15,179 @@ import ( "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/internal/resource/demo" - "github.com/hashicorp/consul/internal/resource/resourcetest" - rtest "github.com/hashicorp/consul/internal/resource/resourcetest" "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/sdk/testutil" ) func TestReconcile_ResourceWithNoChildren(t *testing.T) { - client := setupResourceService(t) - runReaperTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Seed the database with an artist. - res, err := demo.GenerateV2Artist() - - // set resource tenancy from default to test tenancy - res.Id.Tenancy = tenancy - - require.NoError(t, err) - ctx := testutil.TestContext(t) - writeRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: res}) - require.NoError(t, err) - - // Delete the artist to create a tombstone - _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: writeRsp.Resource.Id}) - require.NoError(t, err) - - // Retrieve tombstone - listRsp, err := client.List(ctx, &pbresource.ListRequest{ - Type: resource.TypeV1Tombstone, - Tenancy: tenancy, - }) - require.NoError(t, err) - require.Len(t, listRsp.Resources, 1) - tombstone := listRsp.Resources[0] - - // Verify reconcile does first pass and queues up for a second pass - rec := newReconciler() - runtime := controller.Runtime{ - Client: client, - Logger: testutil.Logger(t), - } - req := controller.Request{ID: tombstone.Id} - require.ErrorIs(t, controller.RequeueAfterError(secondPassDelay), rec.Reconcile(ctx, runtime, req)) - - // Verify condition FirstPassCompleted is true - readRsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: tombstone.Id}) - require.NoError(t, err) - tombstone = readRsp.Resource - condition := tombstone.Status[statusKeyReaperController].Conditions[0] - require.Equal(t, conditionTypeFirstPassCompleted, condition.Type) - require.Equal(t, pbresource.Condition_STATE_TRUE, condition.State) - - // Verify reconcile does second pass and tombstone is deleted - // Fake out time so elapsed time > secondPassDelay - rec.timeNow = func() time.Time { return time.Now().Add(secondPassDelay + time.Second) } - require.NoError(t, rec.Reconcile(ctx, runtime, req)) - _, err = client.Read(ctx, &pbresource.ReadRequest{Id: tombstone.Id}) - require.Error(t, err) - require.Equal(t, codes.NotFound.String(), status.Code(err).String()) - - // Reconcile again to verify no-op on an already deleted tombstone - require.NoError(t, rec.Reconcile(ctx, runtime, req)) + client := svctest.RunResourceService(t, demo.RegisterTypes) + + // Seed the database with an artist. + res, err := demo.GenerateV2Artist() + require.NoError(t, err) + ctx := testutil.TestContext(t) + writeRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: res}) + require.NoError(t, err) + + // Delete the artist to create a tombstone + _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: writeRsp.Resource.Id}) + require.NoError(t, err) + + // Retrieve tombstone + listRsp, err := client.List(ctx, &pbresource.ListRequest{ + Type: resource.TypeV1Tombstone, + Tenancy: writeRsp.Resource.Id.Tenancy, }) + require.NoError(t, err) + require.Len(t, listRsp.Resources, 1) + tombstone := listRsp.Resources[0] + + // Verify reconcile does first pass and queues up for a second pass + rec := newReconciler() + runtime := controller.Runtime{ + Client: client, + Logger: testutil.Logger(t), + } + req := controller.Request{ID: tombstone.Id} + require.ErrorIs(t, controller.RequeueAfterError(secondPassDelay), rec.Reconcile(ctx, runtime, req)) + + // Verify condition FirstPassCompleted is true + readRsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: tombstone.Id}) + require.NoError(t, err) + tombstone = readRsp.Resource + condition := tombstone.Status[statusKeyReaperController].Conditions[0] + require.Equal(t, conditionTypeFirstPassCompleted, condition.Type) + require.Equal(t, pbresource.Condition_STATE_TRUE, condition.State) + + // Verify reconcile does second pass and tombstone is deleted + // Fake out time so elapsed time > secondPassDelay + rec.timeNow = func() time.Time { return time.Now().Add(secondPassDelay + time.Second) } + require.NoError(t, rec.Reconcile(ctx, runtime, req)) + _, err = client.Read(ctx, &pbresource.ReadRequest{Id: tombstone.Id}) + require.Error(t, err) + require.Equal(t, codes.NotFound.String(), status.Code(err).String()) + + // Reconcile again to verify no-op on an already deleted tombstone + require.NoError(t, rec.Reconcile(ctx, runtime, req)) } func TestReconcile_ResourceWithChildren(t *testing.T) { - client := setupResourceService(t) - runReaperTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Seed the database with an artist - res, err := demo.GenerateV2Artist() + client := svctest.RunResourceService(t, demo.RegisterTypes) - // set resource tenancy from default to test tenancy - res.Id.Tenancy = tenancy + // Seed the database with an artist + res, err := demo.GenerateV2Artist() + require.NoError(t, err) + ctx := testutil.TestContext(t) + writeRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: res}) + require.NoError(t, err) + artist := writeRsp.Resource + // Create 3 albums owned by the artist + numAlbums := 3 + for i := 0; i < numAlbums; i++ { + res, err = demo.GenerateV2Album(artist.Id) require.NoError(t, err) - ctx := testutil.TestContext(t) - writeRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: res}) - require.NoError(t, err) - artist := writeRsp.Resource - - // Create 3 albums owned by the artist - numAlbums := 3 - for i := 0; i < numAlbums; i++ { - res, err = demo.GenerateV2Album(artist.Id) - require.NoError(t, err) - _, err := client.Write(ctx, &pbresource.WriteRequest{Resource: res}) - require.NoError(t, err) - } - - // Delete the artist to create a tombstone - _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: writeRsp.Resource.Id}) + _, err := client.Write(ctx, &pbresource.WriteRequest{Resource: res}) require.NoError(t, err) + } - // Retrieve the tombstone - listRsp, err := client.List(ctx, &pbresource.ListRequest{ - Type: resource.TypeV1Tombstone, - Tenancy: writeRsp.Resource.Id.Tenancy, - }) - require.NoError(t, err) - require.Len(t, listRsp.Resources, 1) - tombstone := listRsp.Resources[0] - - // Verify reconcile does first pass delete and queues up for a second pass - rec := newReconciler() - runtime := controller.Runtime{ - Client: client, - Logger: testutil.Logger(t), - } - req := controller.Request{ID: tombstone.Id} - require.ErrorIs(t, controller.RequeueAfterError(secondPassDelay), rec.Reconcile(ctx, runtime, req)) - - // Verify 3 albums deleted - listRsp, err = client.List(ctx, &pbresource.ListRequest{ - Type: demo.TypeV2Album, - Tenancy: artist.Id.Tenancy, - }) - require.NoError(t, err) - require.Empty(t, listRsp.Resources) + // Delete the artist to create a tombstone + _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: writeRsp.Resource.Id}) + require.NoError(t, err) - // Verify condition FirstPassCompleted is true - readRsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: tombstone.Id}) - require.NoError(t, err) - tombstone = readRsp.Resource - condition := tombstone.Status[statusKeyReaperController].Conditions[0] - require.Equal(t, conditionTypeFirstPassCompleted, condition.Type) - require.Equal(t, pbresource.Condition_STATE_TRUE, condition.State) - - // Verify reconcile does second pass - // Fake out time so elapsed time > secondPassDelay - rec.timeNow = func() time.Time { return time.Now().Add(secondPassDelay + time.Second) } - require.NoError(t, rec.Reconcile(ctx, runtime, req)) - - // Verify artist tombstone deleted - _, err = client.Read(ctx, &pbresource.ReadRequest{Id: tombstone.Id}) - require.Error(t, err) - require.Equal(t, codes.NotFound.String(), status.Code(err).String()) - - // Verify tombstones for 3 albums created - listRsp, err = client.List(ctx, &pbresource.ListRequest{ - Type: resource.TypeV1Tombstone, - Tenancy: artist.Id.Tenancy, - }) - require.NoError(t, err) - require.Len(t, listRsp.Resources, numAlbums) + // Retrieve the tombstone + listRsp, err := client.List(ctx, &pbresource.ListRequest{ + Type: resource.TypeV1Tombstone, + Tenancy: writeRsp.Resource.Id.Tenancy, }) -} - -func TestReconcile_RequeueWithDelayWhenSecondPassDelayNotElapsed(t *testing.T) { - client := setupResourceService(t) - runReaperTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { - // Seed the database with an artist. - res, err := demo.GenerateV2Artist() - - // set resource tenancy from default to test tenancy - res.Id.Tenancy = tenancy - - require.NoError(t, err) - ctx := testutil.TestContext(t) - writeRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: res}) - require.NoError(t, err) - - // Delete the artist to create a tombstone - _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: writeRsp.Resource.Id}) - require.NoError(t, err) - - // Retrieve tombstone - listRsp, err := client.List(ctx, &pbresource.ListRequest{ - Type: resource.TypeV1Tombstone, - Tenancy: writeRsp.Resource.Id.Tenancy, - }) - require.NoError(t, err) - require.Len(t, listRsp.Resources, 1) - tombstone := listRsp.Resources[0] - - // Verify reconcile does first pass and queues up for a second pass - rec := newReconciler() - runtime := controller.Runtime{ - Client: client, - Logger: testutil.Logger(t), - } - req := controller.Request{ID: tombstone.Id} - require.ErrorIs(t, controller.RequeueAfterError(secondPassDelay), rec.Reconcile(ctx, runtime, req)) - - // Verify condition FirstPassCompleted is true - readRsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: tombstone.Id}) - require.NoError(t, err) - tombstone = readRsp.Resource - condition := tombstone.Status[statusKeyReaperController].Conditions[0] - require.Equal(t, conditionTypeFirstPassCompleted, condition.Type) - require.Equal(t, pbresource.Condition_STATE_TRUE, condition.State) + require.NoError(t, err) + require.Len(t, listRsp.Resources, 1) + tombstone := listRsp.Resources[0] + + // Verify reconcile does first pass delete and queues up for a second pass + rec := newReconciler() + runtime := controller.Runtime{ + Client: client, + Logger: testutil.Logger(t), + } + req := controller.Request{ID: tombstone.Id} + require.ErrorIs(t, controller.RequeueAfterError(secondPassDelay), rec.Reconcile(ctx, runtime, req)) - // Verify requeued for second pass since secondPassDelay time has not elapsed - require.ErrorIs(t, controller.RequeueAfterError(secondPassDelay), rec.Reconcile(ctx, runtime, req)) + // Verify 3 albums deleted + listRsp, err = client.List(ctx, &pbresource.ListRequest{ + Type: demo.TypeV2Album, + Tenancy: artist.Id.Tenancy, + }) + require.NoError(t, err) + require.Empty(t, listRsp.Resources) + + // Verify condition FirstPassCompleted is true + readRsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: tombstone.Id}) + require.NoError(t, err) + tombstone = readRsp.Resource + condition := tombstone.Status[statusKeyReaperController].Conditions[0] + require.Equal(t, conditionTypeFirstPassCompleted, condition.Type) + require.Equal(t, pbresource.Condition_STATE_TRUE, condition.State) + + // Verify reconcile does second pass + // Fake out time so elapsed time > secondPassDelay + rec.timeNow = func() time.Time { return time.Now().Add(secondPassDelay + time.Second) } + require.NoError(t, rec.Reconcile(ctx, runtime, req)) + + // Verify artist tombstone deleted + _, err = client.Read(ctx, &pbresource.ReadRequest{Id: tombstone.Id}) + require.Error(t, err) + require.Equal(t, codes.NotFound.String(), status.Code(err).String()) + + // Verify tombstones for 3 albums created + listRsp, err = client.List(ctx, &pbresource.ListRequest{ + Type: resource.TypeV1Tombstone, + Tenancy: artist.Id.Tenancy, }) + require.NoError(t, err) + require.Len(t, listRsp.Resources, numAlbums) } -func runReaperTestCaseWithTenancies(testCase func(tenancy *pbresource.Tenancy)) { - for _, tenancy := range resourcetest.TestTenancies() { - testCase(tenancy) +func TestReconcile_RequeueWithDelayWhenSecondPassDelayNotElapsed(t *testing.T) { + client := svctest.RunResourceService(t, demo.RegisterTypes) + + // Seed the database with an artist. + res, err := demo.GenerateV2Artist() + require.NoError(t, err) + ctx := testutil.TestContext(t) + writeRsp, err := client.Write(ctx, &pbresource.WriteRequest{Resource: res}) + require.NoError(t, err) + + // Delete the artist to create a tombstone + _, err = client.Delete(ctx, &pbresource.DeleteRequest{Id: writeRsp.Resource.Id}) + require.NoError(t, err) + + // Retrieve tombstone + listRsp, err := client.List(ctx, &pbresource.ListRequest{ + Type: resource.TypeV1Tombstone, + Tenancy: writeRsp.Resource.Id.Tenancy, + }) + require.NoError(t, err) + require.Len(t, listRsp.Resources, 1) + tombstone := listRsp.Resources[0] + + // Verify reconcile does first pass and queues up for a second pass + rec := newReconciler() + runtime := controller.Runtime{ + Client: client, + Logger: testutil.Logger(t), } -} - -func setupResourceService(t *testing.T) pbresource.ResourceServiceClient { - return svctest.NewResourceServiceBuilder(). - WithTenancies(rtest.TestTenancies()...). - WithRegisterFns(demo.RegisterTypes). - Run(t) + req := controller.Request{ID: tombstone.Id} + require.ErrorIs(t, controller.RequeueAfterError(secondPassDelay), rec.Reconcile(ctx, runtime, req)) + + // Verify condition FirstPassCompleted is true + readRsp, err := client.Read(ctx, &pbresource.ReadRequest{Id: tombstone.Id}) + require.NoError(t, err) + tombstone = readRsp.Resource + condition := tombstone.Status[statusKeyReaperController].Conditions[0] + require.Equal(t, conditionTypeFirstPassCompleted, condition.Type) + require.Equal(t, pbresource.Condition_STATE_TRUE, condition.State) + + // Verify requeued for second pass since secondPassDelay time has not elapsed + require.ErrorIs(t, controller.RequeueAfterError(secondPassDelay), rec.Reconcile(ctx, runtime, req)) } diff --git a/internal/resource/registry.go b/internal/resource/registry.go index 7897ffb1b4bce..20c1f4dc41a85 100644 --- a/internal/resource/registry.go +++ b/internal/resource/registry.go @@ -42,17 +42,6 @@ type Registry interface { Types() []Registration } -// ValidationHook is the function signature for a validation hook. These hooks can inspect -// the data as they see fit but are expected to not mutate the data in any way. If Go -// supported it, we would pass something akin to a const pointer into the callback to have -// the compiler enforce this immutability. -type ValidationHook func(*pbresource.Resource) error - -// MutationHook is the function signature for a validation hook. These hooks can inspect -// and mutate the resource. If modifying the resources Data, the hook needs to ensure that -// the data gets reencoded and stored back to the Data field. -type MutationHook func(*pbresource.Resource) error - type Registration struct { // Type is the GVK of the resource type. Type *pbresource.Type @@ -67,13 +56,13 @@ type Registration struct { // Validate is called to structurally validate the resource (e.g. // check for required fields). Validate can assume that Mutate // has been called. - Validate ValidationHook + Validate func(*pbresource.Resource) error // Mutate is called to fill out any autogenerated fields (e.g. UUIDs) or // apply defaults before validation. Mutate can assume that // Resource.ID is populated and has non-empty tenancy fields. This does // not mean those tenancy fields actually exist. - Mutate MutationHook + Mutate func(*pbresource.Resource) error // Scope describes the tenancy scope of a resource. Scope Scope @@ -81,10 +70,6 @@ type Registration struct { var ErrNeedResource = errors.New("authorization check requires the entire resource") -type ACLAuthorizeReadHook func(acl.Authorizer, *acl.AuthorizerContext, *pbresource.ID, *pbresource.Resource) error -type ACLAuthorizeWriteHook func(acl.Authorizer, *acl.AuthorizerContext, *pbresource.Resource) error -type ACLAuthorizeListHook func(acl.Authorizer, *acl.AuthorizerContext) error - type ACLHooks struct { // Read is used to authorize Read RPCs and to filter results in List // RPCs. @@ -94,17 +79,17 @@ type ACLHooks struct { // check will be deferred until the data is fetched from the storage layer. // // If it is omitted, `operator:read` permission is assumed. - Read ACLAuthorizeReadHook + Read func(acl.Authorizer, *acl.AuthorizerContext, *pbresource.ID, *pbresource.Resource) error // Write is used to authorize Write and Delete RPCs. // // If it is omitted, `operator:write` permission is assumed. - Write ACLAuthorizeWriteHook + Write func(acl.Authorizer, *acl.AuthorizerContext, *pbresource.Resource) error // List is used to authorize List RPCs. // // If it is omitted, we only filter the results using Read. - List ACLAuthorizeListHook + List func(acl.Authorizer, *acl.AuthorizerContext) error } // Resource type registry diff --git a/internal/resource/resource.go b/internal/resource/resource.go deleted file mode 100644 index 6830f10931204..0000000000000 --- a/internal/resource/resource.go +++ /dev/null @@ -1,97 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package resource - -import ( - "fmt" - "strings" - - mapset "github.com/deckarep/golang-set/v2" - - "github.com/hashicorp/consul/agent/dns" - "github.com/hashicorp/consul/proto-public/pbresource" -) - -// MaxNameLength is the maximum length of a resource name. -const MaxNameLength = 63 - -// DeletionTimestampKey is the key in a resource's metadata that stores the timestamp -// when a resource was marked for deletion. This only applies to resources with finalizers. -const DeletionTimestampKey = "deletionTimestamp" - -// FinalizerKey is the key in resource's metadata that stores the whitespace separated -// list of finalizers. -const FinalizerKey = "finalizers" - -// ValidateName returns an error a name is not a valid resource name. -// The error will contain reference to what constitutes a valid resource name. -func ValidateName(name string) error { - if !dns.IsValidLabel(name) || strings.ToLower(name) != name || len(name) > MaxNameLength { - return fmt.Errorf("a resource name must consist of lower case alphanumeric characters or '-', must start and end with an alphanumeric character and be less than %d characters, got: %q", MaxNameLength+1, name) - } - return nil -} - -// IsMarkedForDeletion returns true if a resource has been marked for deletion, -// false otherwise. -func IsMarkedForDeletion(res *pbresource.Resource) bool { - if res.Metadata == nil { - return false - } - _, ok := res.Metadata[DeletionTimestampKey] - return ok -} - -// HasFinalizers returns true if a resource has one or more finalizers, false otherwise. -func HasFinalizers(res *pbresource.Resource) bool { - return GetFinalizers(res).Cardinality() >= 1 -} - -// HasFinalizer returns true if a resource has a given finalizers, false otherwise. -func HasFinalizer(res *pbresource.Resource, finalizer string) bool { - return GetFinalizers(res).Contains(finalizer) -} - -// AddFinalizer adds a finalizer to the given resource. -func AddFinalizer(res *pbresource.Resource, finalizer string) { - finalizerSet := GetFinalizers(res) - finalizerSet.Add(finalizer) - if res.Metadata == nil { - res.Metadata = map[string]string{} - } - res.Metadata[FinalizerKey] = strings.Join(finalizerSet.ToSlice(), " ") -} - -// RemoveFinalizer removes a finalizer from the given resource. -func RemoveFinalizer(res *pbresource.Resource, finalizer string) { - finalizerSet := GetFinalizers(res) - finalizerSet.Remove(finalizer) - - if finalizerSet.Cardinality() == 0 { - // Remove key if no finalizers to prevent dual representations of - // the same state. - _, keyExists := res.Metadata[FinalizerKey] - if keyExists { - delete(res.Metadata, FinalizerKey) - } - } else { - // Add/update key - if res.Metadata == nil { - res.Metadata = map[string]string{} - } - res.Metadata[FinalizerKey] = strings.Join(finalizerSet.ToSlice(), " ") - } -} - -// GetFinalizers returns the set of finalizers for the given resource. -func GetFinalizers(res *pbresource.Resource) mapset.Set[string] { - if res.Metadata == nil { - return mapset.NewSet[string]() - } - finalizers, ok := res.Metadata[FinalizerKey] - if !ok { - return mapset.NewSet[string]() - } - return mapset.NewSet[string](strings.Fields(finalizers)...) -} diff --git a/internal/resource/resource_test.go b/internal/resource/resource_test.go deleted file mode 100644 index 5057bd4cf8f36..0000000000000 --- a/internal/resource/resource_test.go +++ /dev/null @@ -1,53 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package resource_test - -import ( - "testing" - - mapset "github.com/deckarep/golang-set/v2" - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/internal/resource" - rtest "github.com/hashicorp/consul/internal/resource/resourcetest" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" -) - -func TestFinalizer(t *testing.T) { - t.Run("no finalizers", func(t *testing.T) { - res := rtest.Resource(pbtenancy.NamespaceType, "ns1").Build() - require.False(t, resource.HasFinalizers(res)) - require.False(t, resource.HasFinalizer(res, "finalizer1")) - require.Equal(t, mapset.NewSet[string](), resource.GetFinalizers(res)) - resource.RemoveFinalizer(res, "finalizer") - }) - - t.Run("add finalizer", func(t *testing.T) { - res := rtest.Resource(pbtenancy.NamespaceType, "ns1").Build() - resource.AddFinalizer(res, "finalizer1") - require.True(t, resource.HasFinalizers(res)) - require.True(t, resource.HasFinalizer(res, "finalizer1")) - require.False(t, resource.HasFinalizer(res, "finalizer2")) - require.Equal(t, mapset.NewSet[string]("finalizer1"), resource.GetFinalizers(res)) - - // add duplicate -> noop - resource.AddFinalizer(res, "finalizer1") - require.Equal(t, mapset.NewSet[string]("finalizer1"), resource.GetFinalizers(res)) - }) - - t.Run("remove finalizer", func(t *testing.T) { - res := rtest.Resource(pbtenancy.NamespaceType, "ns1").Build() - resource.AddFinalizer(res, "finalizer1") - resource.AddFinalizer(res, "finalizer2") - resource.RemoveFinalizer(res, "finalizer1") - require.False(t, resource.HasFinalizer(res, "finalizer1")) - require.True(t, resource.HasFinalizer(res, "finalizer2")) - require.Equal(t, mapset.NewSet[string]("finalizer2"), resource.GetFinalizers(res)) - - // remove non-existent -> noop - resource.RemoveFinalizer(res, "finalizer3") - require.Equal(t, mapset.NewSet[string]("finalizer2"), resource.GetFinalizers(res)) - }) - -} diff --git a/internal/resource/resourcetest/client.go b/internal/resource/resourcetest/client.go index 894f6e7e5b861..a9ad08f5358de 100644 --- a/internal/resource/resourcetest/client.go +++ b/internal/resource/resourcetest/client.go @@ -280,17 +280,6 @@ func (client *Client) WaitForStatusCondition(t T, id *pbresource.ID, statusKey s return res } -func (client *Client) WaitForStatusConditionAnyGen(t T, id *pbresource.ID, statusKey string, condition *pbresource.Condition) *pbresource.Resource { - t.Helper() - - var res *pbresource.Resource - client.retry(t, func(r *retry.R) { - res = client.RequireStatusCondition(r, id, statusKey, condition) - }) - - return res -} - func (client *Client) WaitForStatusConditions(t T, id *pbresource.ID, statusKey string, conditions ...*pbresource.Condition) *pbresource.Resource { t.Helper() @@ -324,17 +313,6 @@ func (client *Client) WaitForResourceState(t T, id *pbresource.ID, verify func(T return res } -func (client *Client) WaitForResourceExists(t T, id *pbresource.ID) *pbresource.Resource { - t.Helper() - - var res *pbresource.Resource - client.retry(t, func(r *retry.R) { - res = client.RequireResourceExists(r, id) - }) - - return res -} - func (client *Client) WaitForDeletion(t T, id *pbresource.ID) { t.Helper() @@ -366,7 +344,7 @@ func (client *Client) MustDelete(t T, id *pbresource.ID) { // to the delete. func (client *Client) CleanupDelete(t T, id *pbresource.ID) { t.Helper() - client.retryDelete(t, id, false) + client.retryDelete(t, id, true) } func (client *Client) retryDelete(t T, id *pbresource.ID, shouldDelay bool) { diff --git a/internal/resource/resourcetest/tenancy.go b/internal/resource/resourcetest/tenancy.go index 72757466ed200..5f5c0525b6f43 100644 --- a/internal/resource/resourcetest/tenancy.go +++ b/internal/resource/resourcetest/tenancy.go @@ -4,28 +4,13 @@ package resourcetest import ( - "fmt" "strings" "testing" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/consul/version/versiontest" ) -// TestTenancies returns a list of tenancies which represent -// the namespace and partition combinations that can be used in unit tests -func TestTenancies() []*pbresource.Tenancy { - isEnterprise := versiontest.IsEnterprise() - - tenancies := []*pbresource.Tenancy{Tenancy("default.default")} - if isEnterprise { - tenancies = append(tenancies, Tenancy("default.bar"), Tenancy("foo.default"), Tenancy("foo.bar")) - } - - return tenancies -} - // Tenancy constructs a pbresource.Tenancy from a concise string representation // suitable for use in unit tests. // @@ -65,19 +50,3 @@ func DefaultTenancyForType(t *testing.T, reg resource.Registration) *pbresource. return nil } } - -func AppendTenancyInfoSubtest(name string, subtestName string, tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_%s_Namespace_%s_Partition/%s", name, tenancy.Namespace, tenancy.Partition, subtestName) -} - -func AppendTenancyInfo(name string, tenancy *pbresource.Tenancy) string { - return fmt.Sprintf("%s_%s_Namespace_%s_Partition", name, tenancy.Namespace, tenancy.Partition) -} - -func RunWithTenancies(testFunc func(tenancy *pbresource.Tenancy), t *testing.T) { - for _, tenancy := range TestTenancies() { - t.Run(AppendTenancyInfo(t.Name(), tenancy), func(t *testing.T) { - testFunc(tenancy) - }) - } -} diff --git a/internal/resource/resourcetest/testing.go b/internal/resource/resourcetest/testing.go index 6ea5ce910365d..1be9947226bd2 100644 --- a/internal/resource/resourcetest/testing.go +++ b/internal/resource/resourcetest/testing.go @@ -3,10 +3,14 @@ package resourcetest -import "github.com/hashicorp/consul/sdk/testutil" - // T represents the subset of testing.T methods that will be used // by the various functionality in this package type T interface { - testutil.TestingTB + Helper() + Log(args ...interface{}) + Logf(format string, args ...interface{}) + Errorf(format string, args ...interface{}) + Fatalf(format string, args ...interface{}) + FailNow() + Cleanup(func()) } diff --git a/internal/resource/sort_test.go b/internal/resource/sort_test.go index 3b7622adb1a91..e319266d9a925 100644 --- a/internal/resource/sort_test.go +++ b/internal/resource/sort_test.go @@ -17,9 +17,6 @@ import ( ) func TestLessReference(t *testing.T) { - if testing.Short() { - t.Skip("too slow for testing.Short") - } parseTenancy := func(s string) *pbresource.Tenancy { // format is: .. parts := strings.Split(s, ".") diff --git a/internal/resource/tenancy.go b/internal/resource/tenancy.go index 597253aa8dc13..126e12413f6a8 100644 --- a/internal/resource/tenancy.go +++ b/internal/resource/tenancy.go @@ -5,6 +5,7 @@ package resource import ( "fmt" + "strings" "google.golang.org/protobuf/proto" @@ -24,6 +25,15 @@ const ( DefaultPeerName = "local" ) +// V2TenancyBridge is used by the resource service to access V2 implementations of +// partitions and namespaces. +type V2TenancyBridge struct { +} + +func NewV2TenancyBridge() TenancyBridge { + return &V2TenancyBridge{} +} + // Scope describes the tenancy scope of a resource. type Scope int @@ -52,6 +62,20 @@ func (s Scope) String() string { panic(fmt.Sprintf("string mapping missing for scope %v", int(s))) } +// Normalize lowercases the partition and namespace. +func Normalize(tenancy *pbresource.Tenancy) { + if tenancy == nil { + return + } + tenancy.Partition = strings.ToLower(tenancy.Partition) + tenancy.Namespace = strings.ToLower(tenancy.Namespace) + + // TODO(spatel): NET-5475 - Remove as part of peer_name moving to PeerTenancy + if tenancy.PeerName == "" { + tenancy.PeerName = DefaultPeerName + } +} + // DefaultClusteredTenancy returns the default tenancy for a cluster scoped resource. func DefaultClusteredTenancy() *pbresource.Tenancy { return &pbresource.Tenancy{ @@ -132,6 +156,7 @@ func defaultTenancy(itemTenancy, parentTenancy, scopeTenancy *pbresource.Tenancy if itemTenancy.PeerName == "" { itemTenancy.PeerName = DefaultPeerName } + Normalize(itemTenancy) if parentTenancy != nil { // Recursively normalize this tenancy as well. @@ -142,6 +167,7 @@ func defaultTenancy(itemTenancy, parentTenancy, scopeTenancy *pbresource.Tenancy if parentTenancy == nil { parentTenancy = scopeTenancy } + Normalize(parentTenancy) if !equalOrEmpty(itemTenancy.PeerName, DefaultPeerName) { panic("peering is not supported yet for resource tenancies") diff --git a/internal/resource/tenancy_bridge_ce.go b/internal/resource/tenancy_bridge_ce.go new file mode 100644 index 0000000000000..9f88c22361998 --- /dev/null +++ b/internal/resource/tenancy_bridge_ce.go @@ -0,0 +1,28 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build !consulent + +package resource + +func (b *V2TenancyBridge) PartitionExists(partition string) (bool, error) { + if partition == "default" { + return true, nil + } + return false, nil +} + +func (b *V2TenancyBridge) IsPartitionMarkedForDeletion(partition string) (bool, error) { + return false, nil +} + +func (b *V2TenancyBridge) NamespaceExists(partition, namespace string) (bool, error) { + if partition == "default" && namespace == "default" { + return true, nil + } + return false, nil +} + +func (b *V2TenancyBridge) IsNamespaceMarkedForDeletion(partition, namespace string) (bool, error) { + return false, nil +} diff --git a/internal/storage/inmem/backend_test.go b/internal/storage/inmem/backend_test.go index c1aa13b70e4cc..7978dcdf29935 100644 --- a/internal/storage/inmem/backend_test.go +++ b/internal/storage/inmem/backend_test.go @@ -15,9 +15,6 @@ import ( ) func TestBackend_Conformance(t *testing.T) { - if testing.Short() { - t.Skip("too slow for testing.Short") - } conformance.Test(t, conformance.TestOptions{ NewBackend: func(t *testing.T) storage.Backend { backend, err := inmem.NewBackend() diff --git a/internal/storage/raft/conformance_test.go b/internal/storage/raft/conformance_test.go index d76ae1b456cb8..6c75e462d21c3 100644 --- a/internal/storage/raft/conformance_test.go +++ b/internal/storage/raft/conformance_test.go @@ -23,9 +23,6 @@ import ( ) func TestBackend_Conformance(t *testing.T) { - if testing.Short() { - t.Skip("too slow for testing.Short") - } t.Run("Leader", func(t *testing.T) { conformance.Test(t, conformance.TestOptions{ NewBackend: func(t *testing.T) storage.Backend { diff --git a/internal/tenancy/exports.go b/internal/tenancy/exports.go index 18340ce039240..aadd7efb59beb 100644 --- a/internal/tenancy/exports.go +++ b/internal/tenancy/exports.go @@ -4,15 +4,21 @@ package tenancy import ( - "github.com/hashicorp/consul/internal/controller" "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/tenancy/internal/bridge" - "github.com/hashicorp/consul/internal/tenancy/internal/controllers" "github.com/hashicorp/consul/internal/tenancy/internal/types" ) -type ( - V2TenancyBridge = bridge.V2TenancyBridge +var ( + // API Group Information + + APIGroup = types.GroupName + VersionV1Alpha1 = types.VersionV1Alpha1 + CurrentVersion = types.CurrentVersion + + // Resource Kind Names. + + NamespaceKind = types.NamespaceKind + NamespaceV1Alpha1Type = types.NamespaceV1Alpha1Type ) // RegisterTypes adds all resource types within the "tenancy" API group @@ -20,15 +26,3 @@ type ( func RegisterTypes(r resource.Registry) { types.Register(r) } - -// RegisterControllers registers controllers for the tenancy types with -// the given controller manager. -func RegisterControllers(mgr *controller.Manager, deps Dependencies) { - controllers.Register(mgr, deps) -} - -func NewV2TenancyBridge() *V2TenancyBridge { - return bridge.NewV2TenancyBridge() -} - -type Dependencies = controllers.Dependencies diff --git a/internal/tenancy/internal/bridge/tenancy_bridge.go b/internal/tenancy/internal/bridge/tenancy_bridge.go deleted file mode 100644 index 9e369457a55d3..0000000000000 --- a/internal/tenancy/internal/bridge/tenancy_bridge.go +++ /dev/null @@ -1,76 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package bridge - -import ( - "context" - - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" -) - -// V2TenancyBridge is used by the resource service to access V2 implementations of -// partitions and namespaces. -type V2TenancyBridge struct { - client pbresource.ResourceServiceClient -} - -// WithClient inject a ResourceServiceClient in the V2TenancyBridge. -// This is needed to break a circular dependency between -// the ResourceServiceServer, ResourceServiceClient and the TenancyBridge -func (b *V2TenancyBridge) WithClient(client pbresource.ResourceServiceClient) *V2TenancyBridge { - b.client = client - return b -} - -func NewV2TenancyBridge() *V2TenancyBridge { - return &V2TenancyBridge{} -} - -func (b *V2TenancyBridge) NamespaceExists(partition, namespace string) (bool, error) { - if namespace == resource.DefaultNamespaceName { - // The default namespace implicitly exists in all partitions regardless of whether - // the resource has actually been created yet. Therefore all we need to do is check - // if the partition exists to know whether the namespace exists. - return b.PartitionExists(partition) - } - - _, err := b.client.Read(context.Background(), &pbresource.ReadRequest{ - Id: &pbresource.ID{ - Name: namespace, - Tenancy: &pbresource.Tenancy{ - Partition: partition, - }, - Type: pbtenancy.NamespaceType, - }, - }) - switch { - case err == nil: - return true, nil - case status.Code(err) == codes.NotFound: - return false, nil - default: - return false, err - } -} - -func (b *V2TenancyBridge) IsNamespaceMarkedForDeletion(partition, namespace string) (bool, error) { - rsp, err := b.client.Read(context.Background(), &pbresource.ReadRequest{ - Id: &pbresource.ID{ - Name: namespace, - Tenancy: &pbresource.Tenancy{ - Partition: partition, - }, - Type: pbtenancy.NamespaceType, - }, - }) - if err != nil { - return false, err - } - return resource.IsMarkedForDeletion(rsp.Resource), nil -} diff --git a/internal/tenancy/internal/bridge/tenancy_bridge_ce.go b/internal/tenancy/internal/bridge/tenancy_bridge_ce.go deleted file mode 100644 index 168ee643b8c06..0000000000000 --- a/internal/tenancy/internal/bridge/tenancy_bridge_ce.go +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -//go:build !consulent - -package bridge - -import "github.com/hashicorp/consul/internal/resource" - -func (b *V2TenancyBridge) PartitionExists(partition string) (bool, error) { - if partition == resource.DefaultPartitionName { - // In CE partition resources are never actually created. However, conceptually - // the default partition always exists. - return true, nil - } - return false, nil -} - -func (b *V2TenancyBridge) IsPartitionMarkedForDeletion(partition string) (bool, error) { - return false, nil -} diff --git a/internal/tenancy/internal/controllers/common/common.go b/internal/tenancy/internal/controllers/common/common.go deleted file mode 100644 index 38b8af862d938..0000000000000 --- a/internal/tenancy/internal/controllers/common/common.go +++ /dev/null @@ -1,196 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -// Common code shared by the partition and namespace controllers. -package common - -import ( - "context" - "errors" - "fmt" - - "github.com/hashicorp/consul/internal/controller" - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/proto-public/pbresource" -) - -const ( - // ConditionAccepted indicates the tenancy unit has a finalizer - // and contains a default namespace if a partition. - ConditionAccepted = "accepted" - ReasonAcceptedOK = "Ok" - ReasonEnsureHasFinalizerFailed = "EnsureHasFinalizerFailed" - - // ConditionDeleted indicates that the units tenants have been - // deleted. It never has a state other than false because the - // resource no longer exists at that point. - ConditionDeleted = "deleted" - ReasonDeletionInProgress = "DeletionInProgress" -) - -var ( - ErrStillHasTenants = errors.New("still has tenants") -) - -func EnsureHasFinalizer(ctx context.Context, rt controller.Runtime, res *pbresource.Resource, statusKey string) error { - // The statusKey doubles as the finalizer name for tenancy resources. - if resource.HasFinalizer(res, statusKey) { - rt.Logger.Trace("already has finalizer") - return nil - } - - // Finalizer hasn't been written, so add it. - resource.AddFinalizer(res, statusKey) - _, err := rt.Client.Write(ctx, &pbresource.WriteRequest{Resource: res}) - if err != nil { - return WriteStatus(ctx, rt, res, statusKey, ConditionAccepted, ReasonEnsureHasFinalizerFailed, err) - } - rt.Logger.Trace("added finalizer") - return err -} - -func EnsureTenantsDeleted(ctx context.Context, rt controller.Runtime, registry resource.Registry, res *pbresource.Resource, tenantScope resource.Scope, tenancy *pbresource.Tenancy) error { - // Useful stats to keep track of on every sweep - numExistingHasFinalizer := 0 - numExistingOwned := 0 - numImmediateDeletes := 0 - numDeferredDeletes := 0 - - // List doesn't support querying across all types so iterate through each one. - for _, reg := range registry.Types() { - // Skip tenants that aren't scoped to the tenancy unit. - if reg.Scope != tenantScope { - continue - } - - // Get all tenants of the current type. - rsp, err := rt.Client.List(ctx, &pbresource.ListRequest{Type: reg.Type, Tenancy: tenancy}) - if err != nil { - return err - } - - if len(rsp.Resources) > 0 { - rt.Logger.Trace(fmt.Sprintf("found %d tenant %s", len(rsp.Resources), reg.Type.Kind)) - } - - // Delete each qualified tenant. - for _, tenant := range rsp.Resources { - // Owned resources will be deleted when the parent resource is deleted (tombstone reaper) - // so just skip over them. - if tenant.Owner != nil { - numExistingOwned++ - continue - } - - // Skip anything that is already marked for deletion and has finalizers - // since deletion of those resource is out of our control. - if resource.IsMarkedForDeletion(tenant) && resource.HasFinalizers(tenant) { - numExistingHasFinalizer++ - continue - } - - // Delete tenant with a blanket non-CAS delete since we don't care about the version that - // is deleted. Since we don't know whether the delete was immediate or deferred due to the - // presense of a finalizer, we can't assume that the tenant is really deleted. - _, err = rt.Client.Delete(ctx, &pbresource.DeleteRequest{Id: tenant.Id, Version: ""}) - if err != nil { - // Bail on the first sign of trouble and retry in future reconciles. - return err - } - - // Classify the just deleted tenant since we're not fully vacated if a deferred delete occurred. - if resource.HasFinalizers(tenant) { - rt.Logger.Trace(fmt.Sprintf("deferred delete of %s tenant %q", res.Id.Type.Kind, tenant.Id.Name)) - numDeferredDeletes++ - } else { - rt.Logger.Trace(fmt.Sprintf("immediate delete of %s tenant %q", res.Id.Type.Kind, tenant.Id.Name)) - numImmediateDeletes++ - } - } - } - - // Force re-reconcile if we have any lingering tenants by returning an error. - if numExistingOwned+numExistingHasFinalizer+numDeferredDeletes > 0 { - if numExistingOwned > 0 { - rt.Logger.Debug(fmt.Sprintf("delete blocked on %d remaining owned tenants", numExistingOwned)) - } - if numExistingHasFinalizer > 0 { - rt.Logger.Debug(fmt.Sprintf("delete blocked on %d remaining tenants with finalizers", numExistingHasFinalizer)) - } - if numDeferredDeletes > 0 { - rt.Logger.Debug(fmt.Sprintf("delete blocked on %d tenants which were just marked for deletion", numDeferredDeletes)) - } - return ErrStillHasTenants - } - - // We should have zero tenants and be good to continue. - rt.Logger.Debug("no tenants - green light the delete") - return nil -} - -// EnsureResourceDelete makes sure a tenancy unit (partition or namespace) with no tenants is finally deleted. -func EnsureResourceDeleted(ctx context.Context, rt controller.Runtime, res *pbresource.Resource, statusKey string) error { - // Remove finalizer if present - if resource.HasFinalizer(res, statusKey) { - resource.RemoveFinalizer(res, statusKey) - _, err := rt.Client.Write(ctx, &pbresource.WriteRequest{Resource: res}) - if err != nil { - rt.Logger.Error("failed write to remove finalizer") - return WriteStatus(ctx, rt, res, statusKey, ConditionDeleted, ReasonDeletionInProgress, err) - } - rt.Logger.Trace("removed finalizer") - } - - // Finally, delete the tenancy unit. - _, err := rt.Client.Delete(ctx, &pbresource.DeleteRequest{Id: res.Id}) - if err != nil { - rt.Logger.Error("failed final delete", "error", err) - return WriteStatus(ctx, rt, res, statusKey, ConditionDeleted, ReasonDeletionInProgress, err) - } - - // Success - rt.Logger.Trace("finally deleted") - return nil -} - -// WriteStatus writes the tenancy resource status only if the status has changed. -// The state and message are based on whether the passed in error is nil -// (state=TRUE, message="") or not (state=FALSE, message=error). The passed in -// error is always returned unless the delegated call to client.WriteStatus -// itself fails. -func WriteStatus(ctx context.Context, rt controller.Runtime, res *pbresource.Resource, statusKey string, condition string, reason string, err error) error { - state := pbresource.Condition_STATE_TRUE - message := "" - if err != nil { - state = pbresource.Condition_STATE_FALSE - message = err.Error() - } - - newStatus := &pbresource.Status{ - ObservedGeneration: res.Generation, - Conditions: []*pbresource.Condition{{ - Type: condition, - State: state, - Reason: reason, - Message: message, - }}, - } - - // Skip the write if the status hasn't changed to keep write amplificiation in check. - if resource.EqualStatus(res.Status[statusKey], newStatus, false) { - return err - } - - _, statusErr := rt.Client.WriteStatus(ctx, &pbresource.WriteStatusRequest{ - Id: res.Id, - Key: statusKey, - Status: newStatus, - }) - - if statusErr != nil { - rt.Logger.Error("failed writing status", "error", statusErr) - return statusErr - } - rt.Logger.Trace("wrote status", "status", newStatus) - return err -} diff --git a/internal/tenancy/internal/controllers/namespace/controller.go b/internal/tenancy/internal/controllers/namespace/controller.go deleted file mode 100644 index 0d7a73e135741..0000000000000 --- a/internal/tenancy/internal/controllers/namespace/controller.go +++ /dev/null @@ -1,95 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package namespace - -import ( - "context" - - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - - "github.com/hashicorp/consul/internal/controller" - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/tenancy/internal/controllers/common" - "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" -) - -const ( - // StatusKey also serves as the finalizer name. - StatusKey = "consul.io/namespace-controller" - - // Conditions and reasons are shared with partitions. See - // common.go for the full list. -) - -func Controller(registry resource.Registry) controller.Controller { - return controller.ForType(pbtenancy.NamespaceType). - WithReconciler(&Reconciler{Registry: registry}) -} - -type Reconciler struct { - Registry resource.Registry -} - -// Reconcile is responsible for reconciling a namespace resource. -// -// When a namespace is created, ensures a finalizer is added for cleanup. -// -// When a namespace is marked for deletion, ensures tenants are deleted and -// the finalizer is removed. -func (r *Reconciler) Reconcile(ctx context.Context, rt controller.Runtime, req controller.Request) error { - rt.Logger = rt.Logger.With("resource", req.ID.Name, "controller", "namespace") - - // Never reconcile the default namespace in the default partition since it is - // created on system startup or snapshot restoration. Resource validation rules - // protect them being deleted. - if req.ID.Tenancy.Partition == resource.DefaultPartitionName && req.ID.Name == resource.DefaultNamespaceName { - rt.Logger.Trace("skipping reconcile of default namespace") - return nil - } - - // Read namespace to make sure we have the latest version. - rsp, err := rt.Client.Read(ctx, &pbresource.ReadRequest{Id: req.ID}) - switch { - case status.Code(err) == codes.NotFound: - // Namespace deleted - nothing to do. - rt.Logger.Trace("namespace not found, nothing to do") - return nil - case err != nil: - rt.Logger.Error("failed read", "error", err) - return err - } - res := rsp.Resource - - if resource.IsMarkedForDeletion(res) { - return ensureDeleted(ctx, rt, r.Registry, res) - } - - if err = common.EnsureHasFinalizer(ctx, rt, res, StatusKey); err != nil { - return err - } - - return common.WriteStatus(ctx, rt, res, StatusKey, common.ConditionAccepted, common.ReasonAcceptedOK, err) -} - -func ensureDeleted(ctx context.Context, rt controller.Runtime, registry resource.Registry, res *pbresource.Resource) error { - tenancy := &pbresource.Tenancy{ - Partition: res.Id.Tenancy.Partition, - Namespace: res.Id.Name, - PeerName: resource.DefaultPeerName, - } - // Delete namespace scoped tenants - if err := common.EnsureTenantsDeleted(ctx, rt, registry, res, resource.ScopeNamespace, tenancy); err != nil { - rt.Logger.Error("failed deleting tenants", "error", err) - return common.WriteStatus(ctx, rt, res, StatusKey, common.ConditionDeleted, common.ReasonDeletionInProgress, err) - } - - // Delete namespace resource since all namespace scoped tenants are deleted - if err := common.EnsureResourceDeleted(ctx, rt, res, StatusKey); err != nil { - rt.Logger.Error("failed deleting namespace", "error", err) - return err - } - return nil -} diff --git a/internal/tenancy/internal/controllers/register.go b/internal/tenancy/internal/controllers/register.go deleted file mode 100644 index 94b4255baeb57..0000000000000 --- a/internal/tenancy/internal/controllers/register.go +++ /dev/null @@ -1,12 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package controllers - -import ( - "github.com/hashicorp/consul/internal/resource" -) - -type Dependencies struct { - Registry resource.Registry -} diff --git a/internal/tenancy/internal/controllers/register_ce.go b/internal/tenancy/internal/controllers/register_ce.go deleted file mode 100644 index 6d346de9b0731..0000000000000 --- a/internal/tenancy/internal/controllers/register_ce.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -//go:build !consulent - -package controllers - -import ( - "github.com/hashicorp/consul/internal/controller" - "github.com/hashicorp/consul/internal/tenancy/internal/controllers/namespace" -) - -func Register(mgr *controller.Manager, deps Dependencies) { - mgr.Register(namespace.Controller(deps.Registry)) -} diff --git a/internal/tenancy/internal/types/namespace.go b/internal/tenancy/internal/types/namespace.go index e96aee96190dc..4bc95d1505f7d 100644 --- a/internal/tenancy/internal/types/namespace.go +++ b/internal/tenancy/internal/types/namespace.go @@ -5,43 +5,44 @@ package types import ( "fmt" - "strings" - - "google.golang.org/protobuf/types/known/anypb" - "github.com/hashicorp/consul/agent/dns" "github.com/hashicorp/consul/internal/resource" "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" + tenancyv1alpha1 "github.com/hashicorp/consul/proto-public/pbtenancy/v1alpha1" + "strings" +) + +const ( + NamespaceKind = "Namespace" +) + +var ( + NamespaceV1Alpha1Type = &pbresource.Type{ + Group: GroupName, + GroupVersion: VersionV1Alpha1, + Kind: NamespaceKind, + } + NamespaceType = NamespaceV1Alpha1Type ) func RegisterNamespace(r resource.Registry) { r.Register(resource.Registration{ - Type: pbtenancy.NamespaceType, - Proto: &pbtenancy.Namespace{}, + Type: NamespaceV1Alpha1Type, + Proto: &tenancyv1alpha1.Namespace{}, Scope: resource.ScopePartition, - Mutate: MutateNamespace, Validate: ValidateNamespace, + Mutate: MutateNamespace, // ACLs: TODO }) } -// MutateNamespace sets the resource data if nil since description and -// other fields are optional. func MutateNamespace(res *pbresource.Resource) error { - if res.Data != nil { - return nil - } - data, err := anypb.New(&pbtenancy.Namespace{}) - if err != nil { - return err - } - res.Data = data + res.Id.Name = strings.ToLower(res.Id.Name) return nil } func ValidateNamespace(res *pbresource.Resource) error { - var ns pbtenancy.Namespace + var ns tenancyv1alpha1.Namespace if err := res.Data.UnmarshalTo(&ns); err != nil { return resource.NewErrDataParse(&ns, err) diff --git a/internal/tenancy/internal/types/types_test.go b/internal/tenancy/internal/types/namespace_test.go similarity index 54% rename from internal/tenancy/internal/types/types_test.go rename to internal/tenancy/internal/types/namespace_test.go index df22b71f13a27..b64f86d5212bc 100644 --- a/internal/tenancy/internal/types/types_test.go +++ b/internal/tenancy/internal/types/namespace_test.go @@ -4,6 +4,14 @@ package types import ( + "context" + "errors" + svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" + rtest "github.com/hashicorp/consul/internal/resource/resourcetest" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto/private/prototest" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" "testing" "github.com/stretchr/testify/require" @@ -11,15 +19,14 @@ import ( "google.golang.org/protobuf/types/known/anypb" "github.com/hashicorp/consul/internal/resource" - pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" + pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v1alpha1" ) func createNamespaceResource(t *testing.T, data protoreflect.ProtoMessage) *pbresource.Resource { res := &pbresource.Resource{ Id: &pbresource.ID{ - Type: pbtenancy.NamespaceType, + Type: NamespaceV1Alpha1Type, Tenancy: resource.DefaultPartitionedTenancy(), Name: "ns1234", }, @@ -86,6 +93,28 @@ func TestValidateNamespace_ParseError(t *testing.T) { require.ErrorAs(t, err, &resource.ErrDataParse{}) } +func TestMutateNamespace(t *testing.T) { + tests := []struct { + name string + namespaceName string + expectedName string + err error + }{ + {"lower", "lower", "lower", nil}, + {"mixed", "MiXeD", "mixed", nil}, + {"upper", "UPPER", "upper", nil}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + res := &pbresource.Resource{Id: &pbresource.ID{Name: tt.namespaceName}} + if err := MutateNamespace(res); !errors.Is(err, tt.err) { + t.Errorf("MutateNamespace() error = %v", err) + } + require.Equal(t, res.Id.Name, tt.expectedName) + }) + } +} + func TestValidateNamespace(t *testing.T) { tests := []struct { name string @@ -114,6 +143,64 @@ func TestValidateNamespace(t *testing.T) { } } +func TestRead_Success(t *testing.T) { + client := svctest.RunResourceService(t, Register) + client = rtest.NewClient(client) + + res := rtest.Resource(NamespaceType, "ns1"). + WithData(t, validNamespace()). + Write(t, client) + + readRsp, err := client.Read(context.Background(), &pbresource.ReadRequest{Id: res.Id}) + require.NoError(t, err) + prototest.AssertDeepEqual(t, res.Id, readRsp.Resource.Id) +} + +func TestRead_NotFound(t *testing.T) { + client := svctest.RunResourceService(t, Register) + client = rtest.NewClient(client) + + res := rtest.Resource(NamespaceType, "ns1"). + WithData(t, validNamespace()).Build() + + _, err := client.Read(context.Background(), &pbresource.ReadRequest{Id: res.Id}) + require.Error(t, err) + require.Equal(t, codes.NotFound.String(), status.Code(err).String()) +} + +func TestDelete_Success(t *testing.T) { + client := svctest.RunResourceService(t, Register) + client = rtest.NewClient(client) + + res := rtest.Resource(NamespaceType, "ns1"). + WithData(t, validNamespace()).Write(t, client) + + readRsp, err := client.Read(context.Background(), &pbresource.ReadRequest{Id: res.Id}) + require.NoError(t, err) + prototest.AssertDeepEqual(t, res.Id, readRsp.Resource.Id) + + _, err = client.Delete(context.Background(), &pbresource.DeleteRequest{Id: res.Id}) + require.NoError(t, err) + + _, err = client.Read(context.Background(), &pbresource.ReadRequest{Id: res.Id}) + require.Error(t, err) + require.Equal(t, codes.NotFound.String(), status.Code(err).String()) + +} + +func TestRead_MixedCases_Success(t *testing.T) { + client := svctest.RunResourceService(t, Register) + client = rtest.NewClient(client) + + res := rtest.Resource(NamespaceType, "nS1"). + WithData(t, validNamespace()).Write(t, client) + + readRsp, err := client.Read(context.Background(), &pbresource.ReadRequest{Id: res.Id}) + require.NoError(t, err) + prototest.AssertDeepEqual(t, res.Id, readRsp.Resource.Id) + +} + func validNamespace() *pbtenancy.Namespace { return &pbtenancy.Namespace{ Description: "ns namespace", diff --git a/internal/tenancy/internal/types/types.go b/internal/tenancy/internal/types/types.go index 5955ade8a5d7b..be0a615153fd0 100644 --- a/internal/tenancy/internal/types/types.go +++ b/internal/tenancy/internal/types/types.go @@ -4,7 +4,7 @@ package types const ( - GroupName = "tenancy" - VersionV2Beta1 = "v2beta1" - CurrentVersion = VersionV2Beta1 + GroupName = "tenancy" + VersionV1Alpha1 = "v1alpha1" + CurrentVersion = VersionV1Alpha1 ) diff --git a/internal/tenancy/tenancytest/namespace_controller_test.go b/internal/tenancy/tenancytest/namespace_controller_test.go deleted file mode 100644 index 574ee92cd4716..0000000000000 --- a/internal/tenancy/tenancytest/namespace_controller_test.go +++ /dev/null @@ -1,159 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package tenancytest - -import ( - "context" - "testing" - - "github.com/stretchr/testify/require" - "github.com/stretchr/testify/suite" - - svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" - "github.com/hashicorp/consul/internal/controller" - "github.com/hashicorp/consul/internal/resource" - "github.com/hashicorp/consul/internal/resource/demo" - rtest "github.com/hashicorp/consul/internal/resource/resourcetest" - "github.com/hashicorp/consul/internal/tenancy/internal/controllers/common" - "github.com/hashicorp/consul/internal/tenancy/internal/controllers/namespace" - "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" - pbdemo "github.com/hashicorp/consul/proto/private/pbdemo/v1" - "github.com/hashicorp/consul/sdk/testutil" - "github.com/hashicorp/consul/sdk/testutil/retry" -) - -// Due to a circular dependency, this test can't reside in the package next to the controller it is testing. - -type nsTestSuite struct { - suite.Suite - - client *rtest.Client - runtime controller.Runtime - ctx context.Context -} - -func (ts *nsTestSuite) SetupTest() { - builder := svctest.NewResourceServiceBuilder(). - WithV2Tenancy(true). - WithRegisterFns(demo.RegisterTypes) - ts.client = rtest.NewClient(builder.Run(ts.T())) - ts.runtime = controller.Runtime{Client: ts.client, Logger: testutil.Logger(ts.T())} - ts.ctx = testutil.TestContext(ts.T()) - - mgr := controller.NewManager(ts.client, testutil.Logger(ts.T())) - mgr.Register(namespace.Controller(builder.Registry())) - mgr.SetRaftLeader(true) - ctx, cancel := context.WithCancel(context.Background()) - ts.T().Cleanup(cancel) - go mgr.Run(ctx) -} - -func (ts *nsTestSuite) waitForReconciliation(id *pbresource.ID, reason string) { - ts.T().Helper() - - retry.Run(ts.T(), func(r *retry.R) { - rsp, err := ts.client.Read(context.Background(), &pbresource.ReadRequest{ - Id: id, - }) - require.NoError(r, err) - - status, found := rsp.Resource.Status[namespace.StatusKey] - require.True(r, found) - require.Len(r, status.Conditions, 1) - require.Equal(r, reason, status.Conditions[0].Reason) - }) -} - -func (ts *nsTestSuite) TestNamespaceController_HappyPath() { - // Create namespace ns1 - ns1 := rtest.Resource(pbtenancy.NamespaceType, "ns1"). - // Keep this CE friendly by using default partition - WithTenancy(resource.DefaultPartitionedTenancy()). - WithData(ts.T(), &pbtenancy.Namespace{Description: "namespace ns1"}). - Write(ts.T(), ts.client) - - // Wait for it to be accepted - ts.waitForReconciliation(ns1.Id, common.ReasonAcceptedOK) - - // Verify namespace finalizer added - ns1 = ts.client.RequireResourceMeta(ts.T(), ns1.Id, resource.FinalizerKey, namespace.StatusKey) - - // Add a namespace scoped tenant to the namespace - artist1 := rtest.Resource(demo.TypeV1Artist, "moonchild"). - WithTenancy(&pbresource.Tenancy{ - Partition: resource.DefaultPartitionName, - Namespace: ns1.Id.Name, - PeerName: resource.DefaultPeerName, - }). - WithData(ts.T(), &pbdemo.Artist{Name: "Moonchild"}). - Write(ts.T(), ts.client) - - // Delete the namespace - _, err := ts.client.Delete(ts.ctx, &pbresource.DeleteRequest{Id: ns1.Id}) - require.NoError(ts.T(), err) - - // Wait for the namespace to be deleted - ts.client.WaitForDeletion(ts.T(), ns1.Id) - - // Verify tenants deleted. - ts.client.RequireResourceNotFound(ts.T(), artist1.Id) -} - -func (ts *nsTestSuite) TestNamespaceController_DeleteBlockedByTenantsWithFinalizers() { - // Create namespace ns1 - ns1 := rtest.Resource(pbtenancy.NamespaceType, "ns1"). - WithTenancy(resource.DefaultPartitionedTenancy()). - WithData(ts.T(), &pbtenancy.Namespace{Description: "namespace ns1"}). - Write(ts.T(), ts.client) - - // Wait for it to be accepted - ts.waitForReconciliation(ns1.Id, common.ReasonAcceptedOK) - - // Add artist to namespace - _ = rtest.Resource(demo.TypeV1Artist, "weezer"). - WithTenancy(&pbresource.Tenancy{ - Partition: resource.DefaultPartitionName, - Namespace: ns1.Id.Name, - PeerName: resource.DefaultPeerName, - }). - WithData(ts.T(), &pbdemo.Artist{Name: "Weezer"}). - Write(ts.T(), ts.client) - - // Add another artist to namespace with a finalizer so that is blocks namespace deletion. - artist2 := rtest.Resource(demo.TypeV1Artist, "foofighters"). - WithTenancy(&pbresource.Tenancy{ - Partition: resource.DefaultPartitionName, - Namespace: ns1.Id.Name, - PeerName: resource.DefaultPeerName, - }). - WithData(ts.T(), &pbdemo.Artist{Name: "Foo Fighters"}). - WithMeta(resource.FinalizerKey, "finalizer2"). - Write(ts.T(), ts.client) - - // Delete the namespace - this activates the controller logic to delete all tenants - ts.client.Delete(ts.ctx, &pbresource.DeleteRequest{Id: ns1.Id}) - - // Delete should be blocked by artist2 tenant with finalizer - ts.client.WaitForStatusConditionAnyGen(ts.T(), ns1.Id, namespace.StatusKey, &pbresource.Condition{ - Type: common.ConditionDeleted, - State: pbresource.Condition_STATE_FALSE, - Reason: common.ReasonDeletionInProgress, - Message: common.ErrStillHasTenants.Error(), - }) - - // Remove the finalizer on artist2 to unblock deletion of ns1 - artist2 = ts.client.RequireResourceExists(ts.T(), artist2.Id) - resource.RemoveFinalizer(artist2, "finalizer2") - _, err := ts.client.Write(ts.ctx, &pbresource.WriteRequest{Resource: artist2}) - require.NoError(ts.T(), err) - - // The final reconcile should delete artist since it was marked for deletion and - // and has no finalizers. Given no more tenants, wait for namespace to be deleted. - ts.client.WaitForDeletion(ts.T(), ns1.Id) -} - -func TestNamespaceControllerSuite(t *testing.T) { - suite.Run(t, new(nsTestSuite)) -} diff --git a/internal/tenancy/tenancytest/namespace_test.go b/internal/tenancy/tenancytest/namespace_test.go deleted file mode 100644 index 45beca9a6b12b..0000000000000 --- a/internal/tenancy/tenancytest/namespace_test.go +++ /dev/null @@ -1,116 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package tenancytest - -import ( - "context" - "testing" - - "github.com/stretchr/testify/require" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - - svctest "github.com/hashicorp/consul/agent/grpc-external/services/resource/testing" - "github.com/hashicorp/consul/internal/resource" - rtest "github.com/hashicorp/consul/internal/resource/resourcetest" - "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" - "github.com/hashicorp/consul/proto/private/prototest" -) - -func TestWriteNamespace_Success(t *testing.T) { - cl := rtest.NewClient(svctest.NewResourceServiceBuilder().WithV2Tenancy(true).Run(t)) - - res := rtest.Resource(pbtenancy.NamespaceType, "ns1"). - WithTenancy(resource.DefaultPartitionedTenancy()). - WithData(t, validNamespace()). - Build() - - writeRsp, err := cl.Write(context.Background(), &pbresource.WriteRequest{Resource: res}) - require.NoError(t, err) - prototest.AssertDeepEqual(t, res.Id.Type, writeRsp.Resource.Id.Type) - prototest.AssertDeepEqual(t, res.Id.Tenancy, writeRsp.Resource.Id.Tenancy) - prototest.AssertDeepEqual(t, res.Id.Name, writeRsp.Resource.Id.Name) - prototest.AssertDeepEqual(t, res.Data, writeRsp.Resource.Data) -} - -func TestReadNamespace_Success(t *testing.T) { - cl := rtest.NewClient(svctest.NewResourceServiceBuilder().WithV2Tenancy(true).Run(t)) - - res := rtest.Resource(pbtenancy.NamespaceType, "ns1"). - WithData(t, validNamespace()). - Write(t, cl) - - cases := []struct { - name string - resource *pbresource.Resource - errMsg string - }{ - { - name: "read namespace", - resource: rtest.Resource(pbtenancy.NamespaceType, "ns1"). - WithData(t, validNamespace()). - Build(), - }, - } - - for _, tc := range cases { - t.Run(tc.name, func(t *testing.T) { - readRsp, err := cl.Read(context.Background(), &pbresource.ReadRequest{Id: tc.resource.Id}) - require.NoError(t, err) - prototest.AssertDeepEqual(t, res.Id, readRsp.Resource.Id) - prototest.AssertDeepEqual(t, res.Data, readRsp.Resource.Data) - }) - } -} - -func TestDeleteNamespace_Success(t *testing.T) { - cl := rtest.NewClient(svctest.NewResourceServiceBuilder().WithV2Tenancy(true).Run(t)) - - res := rtest.Resource(pbtenancy.NamespaceType, "ns1"). - WithData(t, validNamespace()).Write(t, cl) - - readRsp, err := cl.Read(context.Background(), &pbresource.ReadRequest{Id: res.Id}) - require.NoError(t, err) - prototest.AssertDeepEqual(t, res.Id, readRsp.Resource.Id) - - _, err = cl.Delete(context.Background(), &pbresource.DeleteRequest{Id: res.Id}) - require.NoError(t, err) - - _, err = cl.Read(context.Background(), &pbresource.ReadRequest{Id: res.Id}) - require.Error(t, err) - require.Equal(t, codes.NotFound.String(), status.Code(err).String()) - -} - -func TestListNamespace_Success(t *testing.T) { - cl := rtest.NewClient(svctest.NewResourceServiceBuilder().WithV2Tenancy(true).Run(t)) - - res := rtest.Resource(pbtenancy.NamespaceType, "ns1"). - WithData(t, validNamespace()).Write(t, cl) - - require.NotNil(t, res) - res = rtest.Resource(pbtenancy.NamespaceType, "ns2"). - WithData(t, validNamespace()).Write(t, cl) - - require.NotNil(t, res) - - listRsp, err := cl.List(context.Background(), &pbresource.ListRequest{Type: pbtenancy.NamespaceType, Tenancy: resource.DefaultPartitionedTenancy()}) - require.NoError(t, err) - require.Len(t, listRsp.Resources, 3) - names := []string{ - listRsp.Resources[0].Id.Name, - listRsp.Resources[1].Id.Name, - listRsp.Resources[2].Id.Name, - } - require.Contains(t, names, "default") - require.Contains(t, names, "ns1") - require.Contains(t, names, "ns2") -} - -func validNamespace() *pbtenancy.Namespace { - return &pbtenancy.Namespace{ - Description: "ns namespace", - } -} diff --git a/lib/channels/deliver_latest.go b/lib/channels/deliver_latest.go deleted file mode 100644 index 2e43c135e9e13..0000000000000 --- a/lib/channels/deliver_latest.go +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 -package channels - -import "fmt" - -// DeliverLatest will drain the channel discarding any messages if there are any and sends the current message. -func DeliverLatest[T any](val T, ch chan T) error { - // Send if chan is empty - select { - case ch <- val: - return nil - default: - } - - // If it falls through to here, the channel is not empty. - // Drain the channel. - done := false - for !done { - select { - case <-ch: - continue - default: - done = true - } - } - - // Attempt to send again. If it is not empty, throw an error - select { - case ch <- val: - return nil - default: - return fmt.Errorf("failed to deliver latest event: chan full again after draining") - } -} diff --git a/logging/logfile_bsd.go b/logging/logfile_bsd.go index 21e5794245638..df599358d0478 100644 --- a/logging/logfile_bsd.go +++ b/logging/logfile_bsd.go @@ -14,5 +14,5 @@ import ( func (l *LogFile) createTime(stat os.FileInfo) time.Time { stat_t := stat.Sys().(*syscall.Stat_t) createTime := stat_t.Ctimespec - return time.Unix(int64(createTime.Sec), int64(createTime.Nsec)) //nolint:unconvert + return time.Unix(int64(createTime.Sec), int64(createTime.Nsec)) } diff --git a/proto-public/buf.gen.yaml b/proto-public/buf.gen.yaml index 98d07d57726c0..a58bd2511935f 100644 --- a/proto-public/buf.gen.yaml +++ b/proto-public/buf.gen.yaml @@ -6,9 +6,6 @@ managed: enabled: true go_package_prefix: default: github.com/hashicorp/consul/proto-public - except: - - buf.build/k8s/api - plugins: - name: go out: . diff --git a/proto-public/buf.lock b/proto-public/buf.lock deleted file mode 100644 index 8efc15e857d5d..0000000000000 --- a/proto-public/buf.lock +++ /dev/null @@ -1,8 +0,0 @@ -# Generated by buf. DO NOT EDIT. -version: v1 -deps: - - remote: buf.build - owner: k8s - repository: api - commit: 8f68e41b943c4de8a5e9c9a921c889a7 - digest: shake256:38ab77d24cf737d1204719a0ffc654056c29499f26b1546cc5af9ddb34e33799930d79d1f5a4a04b0f5c149097eabbeed37a5d2abf9552169a7d52011f6a8d6f diff --git a/proto-public/buf.yaml b/proto-public/buf.yaml index 514843327354c..878225723ea34 100644 --- a/proto-public/buf.yaml +++ b/proto-public/buf.yaml @@ -2,8 +2,6 @@ # SPDX-License-Identifier: MPL-2.0 version: v1 -deps: - - buf.build/k8s/api name: buf.build/hashicorp/consul lint: use: @@ -21,4 +19,3 @@ lint: breaking: use: - FILE - diff --git a/proto-public/go.mod b/proto-public/go.mod index 8ac41fa9406dd..ab00c6c62e2ce 100644 --- a/proto-public/go.mod +++ b/proto-public/go.mod @@ -7,30 +7,19 @@ require ( golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 google.golang.org/grpc v1.56.3 google.golang.org/protobuf v1.30.0 - k8s.io/api v0.26.2 ) require ( github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/go-logr/logr v1.2.4 // indirect - github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gofuzz v1.2.0 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect + github.com/kr/pretty v0.3.0 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/rogpeppe/go-internal v1.10.0 // indirect github.com/stretchr/objx v0.5.0 // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apimachinery v0.26.2 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) diff --git a/proto-public/go.sum b/proto-public/go.sum index 135da88aac60a..f11647a8490ed 100644 --- a/proto-public/go.sum +++ b/proto-public/go.sum @@ -1,79 +1,44 @@ +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= +github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= @@ -83,25 +48,10 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= -k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= -k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= -k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= diff --git a/proto-public/pbcatalog/v2beta1/failover_policy.pb.go b/proto-public/pbcatalog/v2beta1/failover_policy.pb.go index b97535df0ff12..7819ed5f2dfd6 100644 --- a/proto-public/pbcatalog/v2beta1/failover_policy.pb.go +++ b/proto-public/pbcatalog/v2beta1/failover_policy.pb.go @@ -24,8 +24,6 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) -// +kubebuilder:validation:Enum=FAILOVER_MODE_UNSPECIFIED;FAILOVER_MODE_SEQUENTIAL;FAILOVER_MODE_ORDER_BY_LOCALITY -// +kubebuilder:validation:Type=string type FailoverMode int32 const ( diff --git a/proto-public/pbcatalog/v2beta1/failover_policy.proto b/proto-public/pbcatalog/v2beta1/failover_policy.proto index abbeb46a3ae8b..dec86807f7543 100644 --- a/proto-public/pbcatalog/v2beta1/failover_policy.proto +++ b/proto-public/pbcatalog/v2beta1/failover_policy.proto @@ -43,8 +43,6 @@ message FailoverDestination { string datacenter = 3; } -// +kubebuilder:validation:Enum=FAILOVER_MODE_UNSPECIFIED;FAILOVER_MODE_SEQUENTIAL;FAILOVER_MODE_ORDER_BY_LOCALITY -// +kubebuilder:validation:Type=string enum FailoverMode { FAILOVER_MODE_UNSPECIFIED = 0; FAILOVER_MODE_SEQUENTIAL = 1; diff --git a/proto-public/pbcatalog/v2beta1/health.pb.binary.go b/proto-public/pbcatalog/v2beta1/health.pb.binary.go index 1bb5bc00b4ad5..b5592db6c4647 100644 --- a/proto-public/pbcatalog/v2beta1/health.pb.binary.go +++ b/proto-public/pbcatalog/v2beta1/health.pb.binary.go @@ -96,13 +96,3 @@ func (msg *CheckTLSConfig) MarshalBinary() ([]byte, error) { func (msg *CheckTLSConfig) UnmarshalBinary(b []byte) error { return proto.Unmarshal(b, msg) } - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *NodeHealthStatus) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *NodeHealthStatus) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto-public/pbcatalog/v2beta1/health.pb.go b/proto-public/pbcatalog/v2beta1/health.pb.go index 7160253694606..68899af76bd3f 100644 --- a/proto-public/pbcatalog/v2beta1/health.pb.go +++ b/proto-public/pbcatalog/v2beta1/health.pb.go @@ -25,8 +25,6 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) -// +kubebuilder:validation:Enum=HEALTH_ANY;HEALTH_PASSING;HEALTH_WARNING;HEALTH_CRITICAL;HEALTH_MAINTENANCE -// +kubebuilder:validation:Type=string type Health int32 const ( @@ -83,7 +81,7 @@ func (Health) EnumDescriptor() ([]byte, []int) { return file_pbcatalog_v2beta1_health_proto_rawDescGZIP(), []int{0} } -// This resource will belong to a workload and will have an ownership relationship. +// This resource will belong to a workload or a node and will have an ownership relationship. type HealthStatus struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -718,82 +716,6 @@ func (x *CheckTLSConfig) GetUseTls() bool { return false } -// This resource will belong to a node and will have an ownership relationship. -type NodeHealthStatus struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Type is the type of this health check, such as http, tcp, or kubernetes-readiness - Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - // Health is the status. This maps to existing health check statuses. - Status Health `protobuf:"varint,2,opt,name=status,proto3,enum=hashicorp.consul.catalog.v2beta1.Health" json:"status,omitempty"` - // Description is the description for this status. - Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"` - // Output is the output from running the check that resulted in this status - Output string `protobuf:"bytes,4,opt,name=output,proto3" json:"output,omitempty"` -} - -func (x *NodeHealthStatus) Reset() { - *x = NodeHealthStatus{} - if protoimpl.UnsafeEnabled { - mi := &file_pbcatalog_v2beta1_health_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *NodeHealthStatus) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*NodeHealthStatus) ProtoMessage() {} - -func (x *NodeHealthStatus) ProtoReflect() protoreflect.Message { - mi := &file_pbcatalog_v2beta1_health_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use NodeHealthStatus.ProtoReflect.Descriptor instead. -func (*NodeHealthStatus) Descriptor() ([]byte, []int) { - return file_pbcatalog_v2beta1_health_proto_rawDescGZIP(), []int{9} -} - -func (x *NodeHealthStatus) GetType() string { - if x != nil { - return x.Type - } - return "" -} - -func (x *NodeHealthStatus) GetStatus() Health { - if x != nil { - return x.Status - } - return Health_HEALTH_ANY -} - -func (x *NodeHealthStatus) GetDescription() string { - if x != nil { - return x.Description - } - return "" -} - -func (x *NodeHealthStatus) GetOutput() string { - if x != nil { - return x.Output - } - return "" -} - var File_pbcatalog_v2beta1_health_proto protoreflect.FileDescriptor var file_pbcatalog_v2beta1_health_proto_rawDesc = []byte{ @@ -908,44 +830,33 @@ var file_pbcatalog_v2beta1_health_proto_rawDesc = []byte{ 0x0a, 0x0f, 0x74, 0x6c, 0x73, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x5f, 0x74, 0x6c, - 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x75, 0x73, 0x65, 0x54, 0x6c, 0x73, 0x22, - 0xaa, 0x01, 0x0a, 0x10, 0x4e, 0x6f, 0x64, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x40, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, - 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, - 0x74, 0x68, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, - 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, 0x75, - 0x74, 0x70, 0x75, 0x74, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, 0x02, 0x2a, 0x6d, 0x0a, 0x06, - 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x12, 0x0e, 0x0a, 0x0a, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, - 0x5f, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, - 0x5f, 0x50, 0x41, 0x53, 0x53, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x48, 0x45, - 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x57, 0x41, 0x52, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x13, - 0x0a, 0x0f, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x43, 0x52, 0x49, 0x54, 0x49, 0x43, 0x41, - 0x4c, 0x10, 0x03, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x4d, 0x41, - 0x49, 0x4e, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x43, 0x45, 0x10, 0x04, 0x42, 0xa1, 0x02, 0x0a, 0x24, - 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, - 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x32, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x42, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x74, - 0x6f, 0x50, 0x01, 0x5a, 0x49, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, - 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, - 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, - 0x03, 0x48, 0x43, 0x43, 0xaa, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, - 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, - 0x6f, 0x67, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x2c, 0x48, 0x61, 0x73, + 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x75, 0x73, 0x65, 0x54, 0x6c, 0x73, 0x2a, + 0x6d, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x12, 0x0e, 0x0a, 0x0a, 0x48, 0x45, 0x41, + 0x4c, 0x54, 0x48, 0x5f, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x48, 0x45, 0x41, + 0x4c, 0x54, 0x48, 0x5f, 0x50, 0x41, 0x53, 0x53, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x12, 0x0a, + 0x0e, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x57, 0x41, 0x52, 0x4e, 0x49, 0x4e, 0x47, 0x10, + 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x43, 0x52, 0x49, 0x54, + 0x49, 0x43, 0x41, 0x4c, 0x10, 0x03, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, + 0x5f, 0x4d, 0x41, 0x49, 0x4e, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x43, 0x45, 0x10, 0x04, 0x42, 0xa1, + 0x02, 0x0a, 0x24, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, + 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x49, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, + 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, + 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, + 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x43, 0xaa, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, + 0x6f, 0x67, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, - 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x47, 0x50, - 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x23, 0x48, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x43, - 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x2c, + 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, + 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x23, 0x48, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x3a, 0x3a, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, + 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -961,7 +872,7 @@ func file_pbcatalog_v2beta1_health_proto_rawDescGZIP() []byte { } var file_pbcatalog_v2beta1_health_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_pbcatalog_v2beta1_health_proto_msgTypes = make([]protoimpl.MessageInfo, 11) +var file_pbcatalog_v2beta1_health_proto_msgTypes = make([]protoimpl.MessageInfo, 10) var file_pbcatalog_v2beta1_health_proto_goTypes = []interface{}{ (Health)(0), // 0: hashicorp.consul.catalog.v2beta1.Health (*HealthStatus)(nil), // 1: hashicorp.consul.catalog.v2beta1.HealthStatus @@ -973,32 +884,30 @@ var file_pbcatalog_v2beta1_health_proto_goTypes = []interface{}{ (*GRPCCheck)(nil), // 7: hashicorp.consul.catalog.v2beta1.GRPCCheck (*OSServiceCheck)(nil), // 8: hashicorp.consul.catalog.v2beta1.OSServiceCheck (*CheckTLSConfig)(nil), // 9: hashicorp.consul.catalog.v2beta1.CheckTLSConfig - (*NodeHealthStatus)(nil), // 10: hashicorp.consul.catalog.v2beta1.NodeHealthStatus - nil, // 11: hashicorp.consul.catalog.v2beta1.HTTPCheck.HeaderEntry - (*WorkloadSelector)(nil), // 12: hashicorp.consul.catalog.v2beta1.WorkloadSelector - (*durationpb.Duration)(nil), // 13: google.protobuf.Duration + nil, // 10: hashicorp.consul.catalog.v2beta1.HTTPCheck.HeaderEntry + (*WorkloadSelector)(nil), // 11: hashicorp.consul.catalog.v2beta1.WorkloadSelector + (*durationpb.Duration)(nil), // 12: google.protobuf.Duration } var file_pbcatalog_v2beta1_health_proto_depIdxs = []int32{ 0, // 0: hashicorp.consul.catalog.v2beta1.HealthStatus.status:type_name -> hashicorp.consul.catalog.v2beta1.Health - 12, // 1: hashicorp.consul.catalog.v2beta1.HealthChecks.workloads:type_name -> hashicorp.consul.catalog.v2beta1.WorkloadSelector + 11, // 1: hashicorp.consul.catalog.v2beta1.HealthChecks.workloads:type_name -> hashicorp.consul.catalog.v2beta1.WorkloadSelector 3, // 2: hashicorp.consul.catalog.v2beta1.HealthChecks.health_checks:type_name -> hashicorp.consul.catalog.v2beta1.HealthCheck 4, // 3: hashicorp.consul.catalog.v2beta1.HealthCheck.http:type_name -> hashicorp.consul.catalog.v2beta1.HTTPCheck 5, // 4: hashicorp.consul.catalog.v2beta1.HealthCheck.tcp:type_name -> hashicorp.consul.catalog.v2beta1.TCPCheck 6, // 5: hashicorp.consul.catalog.v2beta1.HealthCheck.udp:type_name -> hashicorp.consul.catalog.v2beta1.UDPCheck 7, // 6: hashicorp.consul.catalog.v2beta1.HealthCheck.grpc:type_name -> hashicorp.consul.catalog.v2beta1.GRPCCheck 8, // 7: hashicorp.consul.catalog.v2beta1.HealthCheck.os_service:type_name -> hashicorp.consul.catalog.v2beta1.OSServiceCheck - 13, // 8: hashicorp.consul.catalog.v2beta1.HealthCheck.interval:type_name -> google.protobuf.Duration - 13, // 9: hashicorp.consul.catalog.v2beta1.HealthCheck.timeout:type_name -> google.protobuf.Duration - 13, // 10: hashicorp.consul.catalog.v2beta1.HealthCheck.deregister_critical_after:type_name -> google.protobuf.Duration - 11, // 11: hashicorp.consul.catalog.v2beta1.HTTPCheck.header:type_name -> hashicorp.consul.catalog.v2beta1.HTTPCheck.HeaderEntry + 12, // 8: hashicorp.consul.catalog.v2beta1.HealthCheck.interval:type_name -> google.protobuf.Duration + 12, // 9: hashicorp.consul.catalog.v2beta1.HealthCheck.timeout:type_name -> google.protobuf.Duration + 12, // 10: hashicorp.consul.catalog.v2beta1.HealthCheck.deregister_critical_after:type_name -> google.protobuf.Duration + 10, // 11: hashicorp.consul.catalog.v2beta1.HTTPCheck.header:type_name -> hashicorp.consul.catalog.v2beta1.HTTPCheck.HeaderEntry 9, // 12: hashicorp.consul.catalog.v2beta1.HTTPCheck.tls:type_name -> hashicorp.consul.catalog.v2beta1.CheckTLSConfig 9, // 13: hashicorp.consul.catalog.v2beta1.GRPCCheck.tls:type_name -> hashicorp.consul.catalog.v2beta1.CheckTLSConfig - 0, // 14: hashicorp.consul.catalog.v2beta1.NodeHealthStatus.status:type_name -> hashicorp.consul.catalog.v2beta1.Health - 15, // [15:15] is the sub-list for method output_type - 15, // [15:15] is the sub-list for method input_type - 15, // [15:15] is the sub-list for extension type_name - 15, // [15:15] is the sub-list for extension extendee - 0, // [0:15] is the sub-list for field type_name + 14, // [14:14] is the sub-list for method output_type + 14, // [14:14] is the sub-list for method input_type + 14, // [14:14] is the sub-list for extension type_name + 14, // [14:14] is the sub-list for extension extendee + 0, // [0:14] is the sub-list for field type_name } func init() { file_pbcatalog_v2beta1_health_proto_init() } @@ -1116,18 +1025,6 @@ func file_pbcatalog_v2beta1_health_proto_init() { return nil } } - file_pbcatalog_v2beta1_health_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NodeHealthStatus); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } } file_pbcatalog_v2beta1_health_proto_msgTypes[2].OneofWrappers = []interface{}{ (*HealthCheck_Http)(nil), @@ -1142,7 +1039,7 @@ func file_pbcatalog_v2beta1_health_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_pbcatalog_v2beta1_health_proto_rawDesc, NumEnums: 1, - NumMessages: 11, + NumMessages: 10, NumExtensions: 0, NumServices: 0, }, diff --git a/proto-public/pbcatalog/v2beta1/health.proto b/proto-public/pbcatalog/v2beta1/health.proto index 9d3faf9c986d5..316c58d5d197f 100644 --- a/proto-public/pbcatalog/v2beta1/health.proto +++ b/proto-public/pbcatalog/v2beta1/health.proto @@ -9,7 +9,7 @@ import "google/protobuf/duration.proto"; import "pbcatalog/v2beta1/selector.proto"; import "pbresource/annotations.proto"; -// This resource will belong to a workload and will have an ownership relationship. +// This resource will belong to a workload or a node and will have an ownership relationship. message HealthStatus { option (hashicorp.consul.resource.spec) = {scope: SCOPE_NAMESPACE}; @@ -23,8 +23,6 @@ message HealthStatus { string output = 4; } -// +kubebuilder:validation:Enum=HEALTH_ANY;HEALTH_PASSING;HEALTH_WARNING;HEALTH_CRITICAL;HEALTH_MAINTENANCE -// +kubebuilder:validation:Type=string enum Health { // buf:lint:ignore ENUM_ZERO_VALUE_SUFFIX HEALTH_ANY = 0; @@ -89,17 +87,3 @@ message CheckTLSConfig { bool tls_skip_verify = 2; bool use_tls = 3; } - -// This resource will belong to a node and will have an ownership relationship. -message NodeHealthStatus { - option (hashicorp.consul.resource.spec) = {scope: SCOPE_PARTITION}; - - // Type is the type of this health check, such as http, tcp, or kubernetes-readiness - string type = 1; - // Health is the status. This maps to existing health check statuses. - Health status = 2; - // Description is the description for this status. - string description = 3; - // Output is the output from running the check that resulted in this status - string output = 4; -} diff --git a/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go index 50225676f9f15..677a1af1056d3 100644 --- a/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go @@ -193,24 +193,3 @@ func (in *CheckTLSConfig) DeepCopy() *CheckTLSConfig { func (in *CheckTLSConfig) DeepCopyInterface() interface{} { return in.DeepCopy() } - -// DeepCopyInto supports using NodeHealthStatus within kubernetes types, where deepcopy-gen is used. -func (in *NodeHealthStatus) DeepCopyInto(out *NodeHealthStatus) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeHealthStatus. Required by controller-gen. -func (in *NodeHealthStatus) DeepCopy() *NodeHealthStatus { - if in == nil { - return nil - } - out := new(NodeHealthStatus) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new NodeHealthStatus. Required by controller-gen. -func (in *NodeHealthStatus) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/proto-public/pbcatalog/v2beta1/health_json.gen.go b/proto-public/pbcatalog/v2beta1/health_json.gen.go index 0952df822e501..7c0065d922b44 100644 --- a/proto-public/pbcatalog/v2beta1/health_json.gen.go +++ b/proto-public/pbcatalog/v2beta1/health_json.gen.go @@ -104,17 +104,6 @@ func (this *CheckTLSConfig) UnmarshalJSON(b []byte) error { return HealthUnmarshaler.Unmarshal(b, this) } -// MarshalJSON is a custom marshaler for NodeHealthStatus -func (this *NodeHealthStatus) MarshalJSON() ([]byte, error) { - str, err := HealthMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for NodeHealthStatus -func (this *NodeHealthStatus) UnmarshalJSON(b []byte) error { - return HealthUnmarshaler.Unmarshal(b, this) -} - var ( HealthMarshaler = &protojson.MarshalOptions{} HealthUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} diff --git a/proto-public/pbcatalog/v2beta1/node.pb.go b/proto-public/pbcatalog/v2beta1/node.pb.go index 191debe0759d3..cf38a7be7ab33 100644 --- a/proto-public/pbcatalog/v2beta1/node.pb.go +++ b/proto-public/pbcatalog/v2beta1/node.pb.go @@ -143,7 +143,7 @@ var file_pbcatalog_v2beta1_node_proto_rawDesc = []byte{ 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, - 0x73, 0x65, 0x73, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, 0x02, 0x22, 0x3d, 0x0a, 0x0b, 0x4e, + 0x73, 0x65, 0x73, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, 0x03, 0x22, 0x3d, 0x0a, 0x0b, 0x4e, 0x6f, 0x64, 0x65, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, diff --git a/proto-public/pbcatalog/v2beta1/node.proto b/proto-public/pbcatalog/v2beta1/node.proto index baf548c1bcd70..99c54ae48b749 100644 --- a/proto-public/pbcatalog/v2beta1/node.proto +++ b/proto-public/pbcatalog/v2beta1/node.proto @@ -8,7 +8,10 @@ package hashicorp.consul.catalog.v2beta1; import "pbresource/annotations.proto"; message Node { - option (hashicorp.consul.resource.spec) = {scope: SCOPE_PARTITION}; + option (hashicorp.consul.resource.spec) = { + // TODO: This should eventually be SCOPE_PARTITION but that will require further changes to code + scope: SCOPE_NAMESPACE, + }; repeated NodeAddress addresses = 1; } diff --git a/proto-public/pbcatalog/v2beta1/resource_types.gen.go b/proto-public/pbcatalog/v2beta1/resource_types.gen.go index aed62dc6bf739..c71a38ac70cda 100644 --- a/proto-public/pbcatalog/v2beta1/resource_types.gen.go +++ b/proto-public/pbcatalog/v2beta1/resource_types.gen.go @@ -15,7 +15,6 @@ const ( HealthChecksKind = "HealthChecks" HealthStatusKind = "HealthStatus" NodeKind = "Node" - NodeHealthStatusKind = "NodeHealthStatus" ServiceKind = "Service" ServiceEndpointsKind = "ServiceEndpoints" VirtualIPsKind = "VirtualIPs" @@ -53,12 +52,6 @@ var ( Kind: NodeKind, } - NodeHealthStatusType = &pbresource.Type{ - Group: GroupName, - GroupVersion: Version, - Kind: NodeHealthStatusKind, - } - ServiceType = &pbresource.Type{ Group: GroupName, GroupVersion: Version, diff --git a/proto-public/pbmesh/v2beta1/gateway_class.pb.binary.go b/proto-public/pbmesh/v2beta1/gateway_class.pb.binary.go deleted file mode 100644 index 571b376668bea..0000000000000 --- a/proto-public/pbmesh/v2beta1/gateway_class.pb.binary.go +++ /dev/null @@ -1,28 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: pbmesh/v2beta1/gateway_class.proto - -package meshv2beta1 - -import ( - "google.golang.org/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *GatewayClass) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *GatewayClass) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ParametersReference) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ParametersReference) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto-public/pbmesh/v2beta1/gateway_class.pb.go b/proto-public/pbmesh/v2beta1/gateway_class.pb.go deleted file mode 100644 index f8b076d0699fe..0000000000000 --- a/proto-public/pbmesh/v2beta1/gateway_class.pb.go +++ /dev/null @@ -1,311 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.31.0 -// protoc (unknown) -// source: pbmesh/v2beta1/gateway_class.proto - -package meshv2beta1 - -import ( - _ "github.com/hashicorp/consul/proto-public/pbresource" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// NOTE: this should align to the GAMMA/gateway-api version, or at least be -// easily translatable. -// -// https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayClass -// -// This is a Resource type. -type GatewayClass struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // ControllerName is the name of the Kubernetes controller that manages Gateways of this class - ControllerName string `protobuf:"bytes,1,opt,name=controller_name,json=controllerName,proto3" json:"controller_name,omitempty"` - // ParametersRef refers to a resource responsible for configuring - // the behavior of the GatewayClass. - ParametersRef *ParametersReference `protobuf:"bytes,2,opt,name=parameters_ref,json=parametersRef,proto3,oneof" json:"parameters_ref,omitempty"` - // Description of GatewayClass - Description *string `protobuf:"bytes,3,opt,name=description,proto3,oneof" json:"description,omitempty"` -} - -func (x *GatewayClass) Reset() { - *x = GatewayClass{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmesh_v2beta1_gateway_class_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GatewayClass) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GatewayClass) ProtoMessage() {} - -func (x *GatewayClass) ProtoReflect() protoreflect.Message { - mi := &file_pbmesh_v2beta1_gateway_class_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GatewayClass.ProtoReflect.Descriptor instead. -func (*GatewayClass) Descriptor() ([]byte, []int) { - return file_pbmesh_v2beta1_gateway_class_proto_rawDescGZIP(), []int{0} -} - -func (x *GatewayClass) GetControllerName() string { - if x != nil { - return x.ControllerName - } - return "" -} - -func (x *GatewayClass) GetParametersRef() *ParametersReference { - if x != nil { - return x.ParametersRef - } - return nil -} - -func (x *GatewayClass) GetDescription() string { - if x != nil && x.Description != nil { - return *x.Description - } - return "" -} - -// NOTE: this should align to the GAMMA/gateway-api version, or at least be -// easily translatable. -// -// ParametersReference specifies a resource that contains Kubernetes controller-specific configuration -// for a resource -// https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.ParametersReference -type ParametersReference struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // The Kubernetes Group that the referred object belongs to - Group string `protobuf:"bytes,1,opt,name=group,proto3" json:"group,omitempty"` - // The Kubernetes Kind that the referred object is - Kind string `protobuf:"bytes,2,opt,name=kind,proto3" json:"kind,omitempty"` - // The name of the referred object - Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` - // The kubernetes namespace that the referred object is in - Namespace *string `protobuf:"bytes,4,opt,name=namespace,proto3,oneof" json:"namespace,omitempty"` -} - -func (x *ParametersReference) Reset() { - *x = ParametersReference{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmesh_v2beta1_gateway_class_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ParametersReference) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ParametersReference) ProtoMessage() {} - -func (x *ParametersReference) ProtoReflect() protoreflect.Message { - mi := &file_pbmesh_v2beta1_gateway_class_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ParametersReference.ProtoReflect.Descriptor instead. -func (*ParametersReference) Descriptor() ([]byte, []int) { - return file_pbmesh_v2beta1_gateway_class_proto_rawDescGZIP(), []int{1} -} - -func (x *ParametersReference) GetGroup() string { - if x != nil { - return x.Group - } - return "" -} - -func (x *ParametersReference) GetKind() string { - if x != nil { - return x.Kind - } - return "" -} - -func (x *ParametersReference) GetName() string { - if x != nil { - return x.Name - } - return "" -} - -func (x *ParametersReference) GetNamespace() string { - if x != nil && x.Namespace != nil { - return *x.Namespace - } - return "" -} - -var File_pbmesh_v2beta1_gateway_class_proto protoreflect.FileDescriptor - -var file_pbmesh_v2beta1_gateway_class_proto_rawDesc = []byte{ - 0x0a, 0x22, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1d, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x1a, 0x1c, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, - 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x22, 0xe9, 0x01, 0x0a, 0x0c, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6c, 0x61, - 0x73, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, - 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x6f, 0x6e, - 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x5e, 0x0a, 0x0e, 0x70, - 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x65, - 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x48, 0x00, 0x52, 0x0d, 0x70, 0x61, 0x72, 0x61, 0x6d, - 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x65, 0x66, 0x88, 0x01, 0x01, 0x12, 0x25, 0x0a, 0x0b, 0x64, - 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x48, 0x01, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x88, - 0x01, 0x01, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, 0x01, 0x42, 0x11, 0x0a, 0x0f, 0x5f, 0x70, - 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x72, 0x65, 0x66, 0x42, 0x0e, 0x0a, - 0x0c, 0x5f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x84, 0x01, - 0x0a, 0x13, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x65, 0x66, 0x65, - 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x6b, - 0x69, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, - 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x12, 0x21, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x88, 0x01, 0x01, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x42, 0x92, 0x02, 0x0a, 0x21, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, - 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x11, 0x47, 0x61, 0x74, 0x65, - 0x77, 0x61, 0x79, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, - 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, - 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x32, 0x62, - 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1d, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, - 0x73, 0x68, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x1d, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, - 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x29, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, - 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, - 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, -} - -var ( - file_pbmesh_v2beta1_gateway_class_proto_rawDescOnce sync.Once - file_pbmesh_v2beta1_gateway_class_proto_rawDescData = file_pbmesh_v2beta1_gateway_class_proto_rawDesc -) - -func file_pbmesh_v2beta1_gateway_class_proto_rawDescGZIP() []byte { - file_pbmesh_v2beta1_gateway_class_proto_rawDescOnce.Do(func() { - file_pbmesh_v2beta1_gateway_class_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v2beta1_gateway_class_proto_rawDescData) - }) - return file_pbmesh_v2beta1_gateway_class_proto_rawDescData -} - -var file_pbmesh_v2beta1_gateway_class_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_pbmesh_v2beta1_gateway_class_proto_goTypes = []interface{}{ - (*GatewayClass)(nil), // 0: hashicorp.consul.mesh.v2beta1.GatewayClass - (*ParametersReference)(nil), // 1: hashicorp.consul.mesh.v2beta1.ParametersReference -} -var file_pbmesh_v2beta1_gateway_class_proto_depIdxs = []int32{ - 1, // 0: hashicorp.consul.mesh.v2beta1.GatewayClass.parameters_ref:type_name -> hashicorp.consul.mesh.v2beta1.ParametersReference - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_pbmesh_v2beta1_gateway_class_proto_init() } -func file_pbmesh_v2beta1_gateway_class_proto_init() { - if File_pbmesh_v2beta1_gateway_class_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pbmesh_v2beta1_gateway_class_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GatewayClass); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_pbmesh_v2beta1_gateway_class_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ParametersReference); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_pbmesh_v2beta1_gateway_class_proto_msgTypes[0].OneofWrappers = []interface{}{} - file_pbmesh_v2beta1_gateway_class_proto_msgTypes[1].OneofWrappers = []interface{}{} - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pbmesh_v2beta1_gateway_class_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pbmesh_v2beta1_gateway_class_proto_goTypes, - DependencyIndexes: file_pbmesh_v2beta1_gateway_class_proto_depIdxs, - MessageInfos: file_pbmesh_v2beta1_gateway_class_proto_msgTypes, - }.Build() - File_pbmesh_v2beta1_gateway_class_proto = out.File - file_pbmesh_v2beta1_gateway_class_proto_rawDesc = nil - file_pbmesh_v2beta1_gateway_class_proto_goTypes = nil - file_pbmesh_v2beta1_gateway_class_proto_depIdxs = nil -} diff --git a/proto-public/pbmesh/v2beta1/gateway_class.proto b/proto-public/pbmesh/v2beta1/gateway_class.proto deleted file mode 100644 index 8bba03c416dd7..0000000000000 --- a/proto-public/pbmesh/v2beta1/gateway_class.proto +++ /dev/null @@ -1,49 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -syntax = "proto3"; - -package hashicorp.consul.mesh.v2beta1; - -import "pbresource/annotations.proto"; - -// NOTE: this should align to the GAMMA/gateway-api version, or at least be -// easily translatable. -// -// https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayClass -// -// This is a Resource type. -message GatewayClass { - option (hashicorp.consul.resource.spec) = {scope: SCOPE_CLUSTER}; - - // ControllerName is the name of the Kubernetes controller that manages Gateways of this class - string controller_name = 1; - - // ParametersRef refers to a resource responsible for configuring - // the behavior of the GatewayClass. - optional ParametersReference parameters_ref = 2; - - // Description of GatewayClass - optional string description = 3; -} - -// NOTE: this should align to the GAMMA/gateway-api version, or at least be -// easily translatable. -// -// ParametersReference specifies a resource that contains Kubernetes controller-specific configuration -// for a resource -// https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.ParametersReference -// -message ParametersReference { - // The Kubernetes Group that the referred object belongs to - string group = 1; - - // The Kubernetes Kind that the referred object is - string kind = 2; - - // The name of the referred object - string name = 3; - - // The kubernetes namespace that the referred object is in - optional string namespace = 4; -} diff --git a/proto-public/pbmesh/v2beta1/gateway_class_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/gateway_class_deepcopy.gen.go deleted file mode 100644 index c09a4cbe20055..0000000000000 --- a/proto-public/pbmesh/v2beta1/gateway_class_deepcopy.gen.go +++ /dev/null @@ -1,48 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package meshv2beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using GatewayClass within kubernetes types, where deepcopy-gen is used. -func (in *GatewayClass) DeepCopyInto(out *GatewayClass) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClass. Required by controller-gen. -func (in *GatewayClass) DeepCopy() *GatewayClass { - if in == nil { - return nil - } - out := new(GatewayClass) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClass. Required by controller-gen. -func (in *GatewayClass) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ParametersReference within kubernetes types, where deepcopy-gen is used. -func (in *ParametersReference) DeepCopyInto(out *ParametersReference) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ParametersReference. Required by controller-gen. -func (in *ParametersReference) DeepCopy() *ParametersReference { - if in == nil { - return nil - } - out := new(ParametersReference) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ParametersReference. Required by controller-gen. -func (in *ParametersReference) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/proto-public/pbmesh/v2beta1/gateway_class_json.gen.go b/proto-public/pbmesh/v2beta1/gateway_class_json.gen.go deleted file mode 100644 index 0b3bdea9d01a5..0000000000000 --- a/proto-public/pbmesh/v2beta1/gateway_class_json.gen.go +++ /dev/null @@ -1,33 +0,0 @@ -// Code generated by protoc-json-shim. DO NOT EDIT. -package meshv2beta1 - -import ( - protojson "google.golang.org/protobuf/encoding/protojson" -) - -// MarshalJSON is a custom marshaler for GatewayClass -func (this *GatewayClass) MarshalJSON() ([]byte, error) { - str, err := GatewayClassMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for GatewayClass -func (this *GatewayClass) UnmarshalJSON(b []byte) error { - return GatewayClassUnmarshaler.Unmarshal(b, this) -} - -// MarshalJSON is a custom marshaler for ParametersReference -func (this *ParametersReference) MarshalJSON() ([]byte, error) { - str, err := GatewayClassMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ParametersReference -func (this *ParametersReference) UnmarshalJSON(b []byte) error { - return GatewayClassUnmarshaler.Unmarshal(b, this) -} - -var ( - GatewayClassMarshaler = &protojson.MarshalOptions{} - GatewayClassUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} -) diff --git a/proto-public/pbmesh/v2beta1/gatewayclassconfig.pb.binary.go b/proto-public/pbmesh/v2beta1/gatewayclassconfig.pb.binary.go deleted file mode 100644 index 8ea39522b0640..0000000000000 --- a/proto-public/pbmesh/v2beta1/gatewayclassconfig.pb.binary.go +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: pbmesh/v2beta1/gatewayclassconfig.proto - -package meshv2beta1 - -import ( - "google.golang.org/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *GatewayClassConfig) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *GatewayClassConfig) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *CopyAnnotations) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *CopyAnnotations) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *Deployment) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *Deployment) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto-public/pbmesh/v2beta1/gatewayclassconfig.pb.go b/proto-public/pbmesh/v2beta1/gatewayclassconfig.pb.go deleted file mode 100644 index 7ab34e03e4450..0000000000000 --- a/proto-public/pbmesh/v2beta1/gatewayclassconfig.pb.go +++ /dev/null @@ -1,465 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.31.0 -// protoc (unknown) -// source: pbmesh/v2beta1/gatewayclassconfig.proto - -package meshv2beta1 - -import ( - _ "github.com/hashicorp/consul/proto-public/pbresource" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - v1 "k8s.io/api/core/v1" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// This is a Resource type. -type GatewayClassConfig struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer - ServiceType *string `protobuf:"bytes,1,opt,name=service_type,json=serviceType,proto3,oneof" json:"service_type,omitempty"` - // NodeSelector is a selector which must be true for the pod to fit on a node. - // Selector which must match a node's labels for the pod to be scheduled on that node. - // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - NodeSelector map[string]string `protobuf:"bytes,2,rep,name=node_selector,json=nodeSelector,proto3" json:"node_selector,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // Tolerations allow the scheduler to schedule nodes with matching taints. - // More Info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ - Tolerations []*v1.Toleration `protobuf:"bytes,3,rep,name=tolerations,proto3" json:"tolerations,omitempty"` - Deployment *Deployment `protobuf:"bytes,4,opt,name=deployment,proto3,oneof" json:"deployment,omitempty"` - CopyAnnotations *CopyAnnotations `protobuf:"bytes,5,opt,name=copy_annotations,json=copyAnnotations,proto3,oneof" json:"copy_annotations,omitempty"` - PodSecurityPolicy *string `protobuf:"bytes,6,opt,name=pod_security_policy,json=podSecurityPolicy,proto3,oneof" json:"pod_security_policy,omitempty"` - OpenshiftSccName *string `protobuf:"bytes,7,opt,name=openshift_scc_name,json=openshiftSccName,proto3,oneof" json:"openshift_scc_name,omitempty"` - UseHostPorts *bool `protobuf:"varint,8,opt,name=use_host_ports,json=useHostPorts,proto3,oneof" json:"use_host_ports,omitempty"` -} - -func (x *GatewayClassConfig) Reset() { - *x = GatewayClassConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *GatewayClassConfig) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*GatewayClassConfig) ProtoMessage() {} - -func (x *GatewayClassConfig) ProtoReflect() protoreflect.Message { - mi := &file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use GatewayClassConfig.ProtoReflect.Descriptor instead. -func (*GatewayClassConfig) Descriptor() ([]byte, []int) { - return file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDescGZIP(), []int{0} -} - -func (x *GatewayClassConfig) GetServiceType() string { - if x != nil && x.ServiceType != nil { - return *x.ServiceType - } - return "" -} - -func (x *GatewayClassConfig) GetNodeSelector() map[string]string { - if x != nil { - return x.NodeSelector - } - return nil -} - -func (x *GatewayClassConfig) GetTolerations() []*v1.Toleration { - if x != nil { - return x.Tolerations - } - return nil -} - -func (x *GatewayClassConfig) GetDeployment() *Deployment { - if x != nil { - return x.Deployment - } - return nil -} - -func (x *GatewayClassConfig) GetCopyAnnotations() *CopyAnnotations { - if x != nil { - return x.CopyAnnotations - } - return nil -} - -func (x *GatewayClassConfig) GetPodSecurityPolicy() string { - if x != nil && x.PodSecurityPolicy != nil { - return *x.PodSecurityPolicy - } - return "" -} - -func (x *GatewayClassConfig) GetOpenshiftSccName() string { - if x != nil && x.OpenshiftSccName != nil { - return *x.OpenshiftSccName - } - return "" -} - -func (x *GatewayClassConfig) GetUseHostPorts() bool { - if x != nil && x.UseHostPorts != nil { - return *x.UseHostPorts - } - return false -} - -type CopyAnnotations struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Service []string `protobuf:"bytes,1,rep,name=service,proto3" json:"service,omitempty"` -} - -func (x *CopyAnnotations) Reset() { - *x = CopyAnnotations{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CopyAnnotations) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CopyAnnotations) ProtoMessage() {} - -func (x *CopyAnnotations) ProtoReflect() protoreflect.Message { - mi := &file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CopyAnnotations.ProtoReflect.Descriptor instead. -func (*CopyAnnotations) Descriptor() ([]byte, []int) { - return file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDescGZIP(), []int{1} -} - -func (x *CopyAnnotations) GetService() []string { - if x != nil { - return x.Service - } - return nil -} - -type Deployment struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // +kubebuilder:default:=1 - // +kubebuilder:validation:Maximum=8 - // +kubebuilder:validation:Minimum=1 - // Number of gateway instances that should be deployed by default - DefaultInstances *uint32 `protobuf:"varint,1,opt,name=default_instances,json=defaultInstances,proto3,oneof" json:"default_instances,omitempty"` - // +kubebuilder:default:=1 - // +kubebuilder:validation:Maximum=8 - // +kubebuilder:validation:Minimum=1 - // Minimum allowed number of gateway instances - MinInstances *uint32 `protobuf:"varint,2,opt,name=min_instances,json=minInstances,proto3,oneof" json:"min_instances,omitempty"` - // +kubebuilder:default:=8 - // +kubebuilder:validation:Maximum=8 - // +kubebuilder:validation:Minimum=1 - // Max allowed number of gateway instances - MaxInstances *uint32 `protobuf:"varint,3,opt,name=max_instances,json=maxInstances,proto3,oneof" json:"max_instances,omitempty"` - // Resources defines the resource requirements for the gateway. - Resources *v1.ResourceRequirements `protobuf:"bytes,4,opt,name=resources,proto3" json:"resources,omitempty"` -} - -func (x *Deployment) Reset() { - *x = Deployment{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Deployment) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Deployment) ProtoMessage() {} - -func (x *Deployment) ProtoReflect() protoreflect.Message { - mi := &file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Deployment.ProtoReflect.Descriptor instead. -func (*Deployment) Descriptor() ([]byte, []int) { - return file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDescGZIP(), []int{2} -} - -func (x *Deployment) GetDefaultInstances() uint32 { - if x != nil && x.DefaultInstances != nil { - return *x.DefaultInstances - } - return 0 -} - -func (x *Deployment) GetMinInstances() uint32 { - if x != nil && x.MinInstances != nil { - return *x.MinInstances - } - return 0 -} - -func (x *Deployment) GetMaxInstances() uint32 { - if x != nil && x.MaxInstances != nil { - return *x.MaxInstances - } - return 0 -} - -func (x *Deployment) GetResources() *v1.ResourceRequirements { - if x != nil { - return x.Resources - } - return nil -} - -var File_pbmesh_v2beta1_gatewayclassconfig_proto protoreflect.FileDescriptor - -var file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDesc = []byte{ - 0x0a, 0x27, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1d, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, - 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x22, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, - 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x67, 0x65, 0x6e, - 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x70, 0x62, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xeb, 0x05, 0x0a, 0x12, 0x47, - 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x12, 0x26, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x88, 0x01, 0x01, 0x12, 0x68, 0x0a, 0x0d, 0x6e, 0x6f, 0x64, - 0x65, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x2e, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x6e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x12, 0x40, 0x0a, 0x0b, 0x74, 0x6f, 0x6c, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x6b, 0x38, 0x73, 0x2e, 0x69, - 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x6f, - 0x6c, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x74, 0x6f, 0x6c, 0x65, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4e, 0x0a, 0x0a, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, - 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, - 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, - 0x6d, 0x65, 0x6e, 0x74, 0x48, 0x01, 0x52, 0x0a, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, - 0x6e, 0x74, 0x88, 0x01, 0x01, 0x12, 0x5e, 0x0a, 0x10, 0x63, 0x6f, 0x70, 0x79, 0x5f, 0x61, 0x6e, - 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, - 0x43, 0x6f, 0x70, 0x79, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, - 0x02, 0x52, 0x0f, 0x63, 0x6f, 0x70, 0x79, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x88, 0x01, 0x01, 0x12, 0x33, 0x0a, 0x13, 0x70, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x63, - 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x09, 0x48, 0x03, 0x52, 0x11, 0x70, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, - 0x79, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x88, 0x01, 0x01, 0x12, 0x31, 0x0a, 0x12, 0x6f, 0x70, - 0x65, 0x6e, 0x73, 0x68, 0x69, 0x66, 0x74, 0x5f, 0x73, 0x63, 0x63, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x48, 0x04, 0x52, 0x10, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x68, - 0x69, 0x66, 0x74, 0x53, 0x63, 0x63, 0x4e, 0x61, 0x6d, 0x65, 0x88, 0x01, 0x01, 0x12, 0x29, 0x0a, - 0x0e, 0x75, 0x73, 0x65, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, - 0x08, 0x20, 0x01, 0x28, 0x08, 0x48, 0x05, 0x52, 0x0c, 0x75, 0x73, 0x65, 0x48, 0x6f, 0x73, 0x74, - 0x50, 0x6f, 0x72, 0x74, 0x73, 0x88, 0x01, 0x01, 0x1a, 0x3f, 0x0a, 0x11, 0x4e, 0x6f, 0x64, 0x65, - 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, - 0x01, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x74, 0x79, - 0x70, 0x65, 0x42, 0x0d, 0x0a, 0x0b, 0x5f, 0x64, 0x65, 0x70, 0x6c, 0x6f, 0x79, 0x6d, 0x65, 0x6e, - 0x74, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x63, 0x6f, 0x70, 0x79, 0x5f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x16, 0x0a, 0x14, 0x5f, 0x70, 0x6f, 0x64, 0x5f, 0x73, - 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x42, 0x15, - 0x0a, 0x13, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x73, 0x68, 0x69, 0x66, 0x74, 0x5f, 0x73, 0x63, 0x63, - 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x11, 0x0a, 0x0f, 0x5f, 0x75, 0x73, 0x65, 0x5f, 0x68, 0x6f, - 0x73, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x22, 0x2b, 0x0a, 0x0f, 0x43, 0x6f, 0x70, 0x79, - 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x22, 0x94, 0x02, 0x0a, 0x0a, 0x44, 0x65, 0x70, 0x6c, 0x6f, 0x79, - 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x30, 0x0a, 0x11, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, - 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x48, - 0x00, 0x52, 0x10, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, - 0x63, 0x65, 0x73, 0x88, 0x01, 0x01, 0x12, 0x28, 0x0a, 0x0d, 0x6d, 0x69, 0x6e, 0x5f, 0x69, 0x6e, - 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x01, 0x52, - 0x0c, 0x6d, 0x69, 0x6e, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x88, 0x01, 0x01, - 0x12, 0x28, 0x0a, 0x0d, 0x6d, 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, - 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x02, 0x52, 0x0c, 0x6d, 0x61, 0x78, 0x49, 0x6e, - 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x88, 0x01, 0x01, 0x12, 0x46, 0x0a, 0x09, 0x72, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, - 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, - 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x69, - 0x72, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x73, 0x42, 0x14, 0x0a, 0x12, 0x5f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x69, - 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x6d, 0x69, 0x6e, - 0x5f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x6d, - 0x61, 0x78, 0x5f, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x73, 0x42, 0x98, 0x02, 0x0a, - 0x21, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x42, 0x17, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x63, 0x6c, 0x61, 0x73, 0x73, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x43, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, - 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1d, 0x48, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, - 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x1d, 0x48, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, - 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x29, 0x48, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, - 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, - 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDescOnce sync.Once - file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDescData = file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDesc -) - -func file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDescGZIP() []byte { - file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDescOnce.Do(func() { - file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDescData) - }) - return file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDescData -} - -var file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes = make([]protoimpl.MessageInfo, 4) -var file_pbmesh_v2beta1_gatewayclassconfig_proto_goTypes = []interface{}{ - (*GatewayClassConfig)(nil), // 0: hashicorp.consul.mesh.v2beta1.GatewayClassConfig - (*CopyAnnotations)(nil), // 1: hashicorp.consul.mesh.v2beta1.CopyAnnotations - (*Deployment)(nil), // 2: hashicorp.consul.mesh.v2beta1.Deployment - nil, // 3: hashicorp.consul.mesh.v2beta1.GatewayClassConfig.NodeSelectorEntry - (*v1.Toleration)(nil), // 4: k8s.io.api.core.v1.Toleration - (*v1.ResourceRequirements)(nil), // 5: k8s.io.api.core.v1.ResourceRequirements -} -var file_pbmesh_v2beta1_gatewayclassconfig_proto_depIdxs = []int32{ - 3, // 0: hashicorp.consul.mesh.v2beta1.GatewayClassConfig.node_selector:type_name -> hashicorp.consul.mesh.v2beta1.GatewayClassConfig.NodeSelectorEntry - 4, // 1: hashicorp.consul.mesh.v2beta1.GatewayClassConfig.tolerations:type_name -> k8s.io.api.core.v1.Toleration - 2, // 2: hashicorp.consul.mesh.v2beta1.GatewayClassConfig.deployment:type_name -> hashicorp.consul.mesh.v2beta1.Deployment - 1, // 3: hashicorp.consul.mesh.v2beta1.GatewayClassConfig.copy_annotations:type_name -> hashicorp.consul.mesh.v2beta1.CopyAnnotations - 5, // 4: hashicorp.consul.mesh.v2beta1.Deployment.resources:type_name -> k8s.io.api.core.v1.ResourceRequirements - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name -} - -func init() { file_pbmesh_v2beta1_gatewayclassconfig_proto_init() } -func file_pbmesh_v2beta1_gatewayclassconfig_proto_init() { - if File_pbmesh_v2beta1_gatewayclassconfig_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GatewayClassConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CopyAnnotations); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Deployment); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[0].OneofWrappers = []interface{}{} - file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes[2].OneofWrappers = []interface{}{} - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDesc, - NumEnums: 0, - NumMessages: 4, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pbmesh_v2beta1_gatewayclassconfig_proto_goTypes, - DependencyIndexes: file_pbmesh_v2beta1_gatewayclassconfig_proto_depIdxs, - MessageInfos: file_pbmesh_v2beta1_gatewayclassconfig_proto_msgTypes, - }.Build() - File_pbmesh_v2beta1_gatewayclassconfig_proto = out.File - file_pbmesh_v2beta1_gatewayclassconfig_proto_rawDesc = nil - file_pbmesh_v2beta1_gatewayclassconfig_proto_goTypes = nil - file_pbmesh_v2beta1_gatewayclassconfig_proto_depIdxs = nil -} diff --git a/proto-public/pbmesh/v2beta1/gatewayclassconfig.proto b/proto-public/pbmesh/v2beta1/gatewayclassconfig.proto deleted file mode 100644 index 12fd961211545..0000000000000 --- a/proto-public/pbmesh/v2beta1/gatewayclassconfig.proto +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -syntax = "proto3"; - -package hashicorp.consul.mesh.v2beta1; - -import "k8s.io/api/core/v1/generated.proto"; -import "pbresource/annotations.proto"; - -// This is a Resource type. -message GatewayClassConfig { - option (hashicorp.consul.resource.spec) = {scope: SCOPE_CLUSTER}; - - // +kubebuilder:validation:Enum=ClusterIP;NodePort;LoadBalancer - optional string service_type = 1; - - // NodeSelector is a selector which must be true for the pod to fit on a node. - // Selector which must match a node's labels for the pod to be scheduled on that node. - // More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - map node_selector = 2; - - // Tolerations allow the scheduler to schedule nodes with matching taints. - // More Info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ - repeated k8s.io.api.core.v1.Toleration tolerations = 3; - optional Deployment deployment = 4; - optional CopyAnnotations copy_annotations = 5; - optional string pod_security_policy = 6; - optional string openshift_scc_name = 7; - optional bool use_host_ports = 8; -} - -message CopyAnnotations { - repeated string service = 1; -} - -message Deployment { - // +kubebuilder:default:=1 - // +kubebuilder:validation:Maximum=8 - // +kubebuilder:validation:Minimum=1 - // Number of gateway instances that should be deployed by default - optional uint32 default_instances = 1; - // +kubebuilder:default:=1 - // +kubebuilder:validation:Maximum=8 - // +kubebuilder:validation:Minimum=1 - // Minimum allowed number of gateway instances - optional uint32 min_instances = 2; - // +kubebuilder:default:=8 - // +kubebuilder:validation:Maximum=8 - // +kubebuilder:validation:Minimum=1 - // Max allowed number of gateway instances - optional uint32 max_instances = 3; - // Resources defines the resource requirements for the gateway. - k8s.io.api.core.v1.ResourceRequirements resources = 4; -} diff --git a/proto-public/pbmesh/v2beta1/gatewayclassconfig_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/gatewayclassconfig_deepcopy.gen.go deleted file mode 100644 index f0418db9f1786..0000000000000 --- a/proto-public/pbmesh/v2beta1/gatewayclassconfig_deepcopy.gen.go +++ /dev/null @@ -1,69 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package meshv2beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using GatewayClassConfig within kubernetes types, where deepcopy-gen is used. -func (in *GatewayClassConfig) DeepCopyInto(out *GatewayClassConfig) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClassConfig. Required by controller-gen. -func (in *GatewayClassConfig) DeepCopy() *GatewayClassConfig { - if in == nil { - return nil - } - out := new(GatewayClassConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new GatewayClassConfig. Required by controller-gen. -func (in *GatewayClassConfig) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using CopyAnnotations within kubernetes types, where deepcopy-gen is used. -func (in *CopyAnnotations) DeepCopyInto(out *CopyAnnotations) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CopyAnnotations. Required by controller-gen. -func (in *CopyAnnotations) DeepCopy() *CopyAnnotations { - if in == nil { - return nil - } - out := new(CopyAnnotations) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new CopyAnnotations. Required by controller-gen. -func (in *CopyAnnotations) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using Deployment within kubernetes types, where deepcopy-gen is used. -func (in *Deployment) DeepCopyInto(out *Deployment) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Deployment. Required by controller-gen. -func (in *Deployment) DeepCopy() *Deployment { - if in == nil { - return nil - } - out := new(Deployment) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new Deployment. Required by controller-gen. -func (in *Deployment) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/proto-public/pbmesh/v2beta1/gatewayclassconfig_json.gen.go b/proto-public/pbmesh/v2beta1/gatewayclassconfig_json.gen.go deleted file mode 100644 index 16f3d29aa06ba..0000000000000 --- a/proto-public/pbmesh/v2beta1/gatewayclassconfig_json.gen.go +++ /dev/null @@ -1,44 +0,0 @@ -// Code generated by protoc-json-shim. DO NOT EDIT. -package meshv2beta1 - -import ( - protojson "google.golang.org/protobuf/encoding/protojson" -) - -// MarshalJSON is a custom marshaler for GatewayClassConfig -func (this *GatewayClassConfig) MarshalJSON() ([]byte, error) { - str, err := GatewayclassconfigMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for GatewayClassConfig -func (this *GatewayClassConfig) UnmarshalJSON(b []byte) error { - return GatewayclassconfigUnmarshaler.Unmarshal(b, this) -} - -// MarshalJSON is a custom marshaler for CopyAnnotations -func (this *CopyAnnotations) MarshalJSON() ([]byte, error) { - str, err := GatewayclassconfigMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for CopyAnnotations -func (this *CopyAnnotations) UnmarshalJSON(b []byte) error { - return GatewayclassconfigUnmarshaler.Unmarshal(b, this) -} - -// MarshalJSON is a custom marshaler for Deployment -func (this *Deployment) MarshalJSON() ([]byte, error) { - str, err := GatewayclassconfigMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for Deployment -func (this *Deployment) UnmarshalJSON(b []byte) error { - return GatewayclassconfigUnmarshaler.Unmarshal(b, this) -} - -var ( - GatewayclassconfigMarshaler = &protojson.MarshalOptions{} - GatewayclassconfigUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} -) diff --git a/proto-public/pbmesh/v2beta1/mesh_configuration.pb.binary.go b/proto-public/pbmesh/v2beta1/mesh_configuration.pb.binary.go deleted file mode 100644 index d8bffc0ae8119..0000000000000 --- a/proto-public/pbmesh/v2beta1/mesh_configuration.pb.binary.go +++ /dev/null @@ -1,18 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: pbmesh/v2beta1/mesh_configuration.proto - -package meshv2beta1 - -import ( - "google.golang.org/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *MeshConfiguration) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *MeshConfiguration) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto-public/pbmesh/v2beta1/mesh_configuration.pb.go b/proto-public/pbmesh/v2beta1/mesh_configuration.pb.go deleted file mode 100644 index 40c2bca5c4eb6..0000000000000 --- a/proto-public/pbmesh/v2beta1/mesh_configuration.pb.go +++ /dev/null @@ -1,160 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.31.0 -// protoc (unknown) -// source: pbmesh/v2beta1/mesh_configuration.proto - -package meshv2beta1 - -import ( - _ "github.com/hashicorp/consul/proto-public/pbresource" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// MeshConfiguration is responsible for configuring the default behavior of Mesh Gateways. -// This is a Resource type. -type MeshConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields -} - -func (x *MeshConfiguration) Reset() { - *x = MeshConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmesh_v2beta1_mesh_configuration_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MeshConfiguration) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MeshConfiguration) ProtoMessage() {} - -func (x *MeshConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_pbmesh_v2beta1_mesh_configuration_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MeshConfiguration.ProtoReflect.Descriptor instead. -func (*MeshConfiguration) Descriptor() ([]byte, []int) { - return file_pbmesh_v2beta1_mesh_configuration_proto_rawDescGZIP(), []int{0} -} - -var File_pbmesh_v2beta1_mesh_configuration_proto protoreflect.FileDescriptor - -var file_pbmesh_v2beta1_mesh_configuration_proto_rawDesc = []byte{ - 0x0a, 0x27, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1d, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, - 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1c, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x1b, 0x0a, 0x11, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x06, 0xa2, 0x93, 0x04, - 0x02, 0x08, 0x01, 0x42, 0x97, 0x02, 0x0a, 0x21, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, - 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x16, 0x4d, 0x65, 0x73, 0x68, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, - 0x6f, 0x50, 0x01, 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, - 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, - 0x68, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, - 0x1d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, - 0x1d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, - 0x29, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x5c, 0x4d, 0x65, 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x47, - 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x20, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, - 0x4d, 0x65, 0x73, 0x68, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_pbmesh_v2beta1_mesh_configuration_proto_rawDescOnce sync.Once - file_pbmesh_v2beta1_mesh_configuration_proto_rawDescData = file_pbmesh_v2beta1_mesh_configuration_proto_rawDesc -) - -func file_pbmesh_v2beta1_mesh_configuration_proto_rawDescGZIP() []byte { - file_pbmesh_v2beta1_mesh_configuration_proto_rawDescOnce.Do(func() { - file_pbmesh_v2beta1_mesh_configuration_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v2beta1_mesh_configuration_proto_rawDescData) - }) - return file_pbmesh_v2beta1_mesh_configuration_proto_rawDescData -} - -var file_pbmesh_v2beta1_mesh_configuration_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pbmesh_v2beta1_mesh_configuration_proto_goTypes = []interface{}{ - (*MeshConfiguration)(nil), // 0: hashicorp.consul.mesh.v2beta1.MeshConfiguration -} -var file_pbmesh_v2beta1_mesh_configuration_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_pbmesh_v2beta1_mesh_configuration_proto_init() } -func file_pbmesh_v2beta1_mesh_configuration_proto_init() { - if File_pbmesh_v2beta1_mesh_configuration_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pbmesh_v2beta1_mesh_configuration_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pbmesh_v2beta1_mesh_configuration_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pbmesh_v2beta1_mesh_configuration_proto_goTypes, - DependencyIndexes: file_pbmesh_v2beta1_mesh_configuration_proto_depIdxs, - MessageInfos: file_pbmesh_v2beta1_mesh_configuration_proto_msgTypes, - }.Build() - File_pbmesh_v2beta1_mesh_configuration_proto = out.File - file_pbmesh_v2beta1_mesh_configuration_proto_rawDesc = nil - file_pbmesh_v2beta1_mesh_configuration_proto_goTypes = nil - file_pbmesh_v2beta1_mesh_configuration_proto_depIdxs = nil -} diff --git a/proto-public/pbmesh/v2beta1/mesh_configuration.proto b/proto-public/pbmesh/v2beta1/mesh_configuration.proto deleted file mode 100644 index c18548b487e9f..0000000000000 --- a/proto-public/pbmesh/v2beta1/mesh_configuration.proto +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -syntax = "proto3"; - -package hashicorp.consul.mesh.v2beta1; - -import "pbresource/annotations.proto"; - -// MeshConfiguration is responsible for configuring the default behavior of Mesh Gateways. -// This is a Resource type. -message MeshConfiguration { - option (hashicorp.consul.resource.spec) = {scope: SCOPE_CLUSTER}; -} diff --git a/proto-public/pbmesh/v2beta1/mesh_configuration_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/mesh_configuration_deepcopy.gen.go deleted file mode 100644 index 5621246ecef84..0000000000000 --- a/proto-public/pbmesh/v2beta1/mesh_configuration_deepcopy.gen.go +++ /dev/null @@ -1,27 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package meshv2beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using MeshConfiguration within kubernetes types, where deepcopy-gen is used. -func (in *MeshConfiguration) DeepCopyInto(out *MeshConfiguration) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshConfiguration. Required by controller-gen. -func (in *MeshConfiguration) DeepCopy() *MeshConfiguration { - if in == nil { - return nil - } - out := new(MeshConfiguration) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MeshConfiguration. Required by controller-gen. -func (in *MeshConfiguration) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/proto-public/pbmesh/v2beta1/mesh_configuration_json.gen.go b/proto-public/pbmesh/v2beta1/mesh_configuration_json.gen.go deleted file mode 100644 index c772e1326b38e..0000000000000 --- a/proto-public/pbmesh/v2beta1/mesh_configuration_json.gen.go +++ /dev/null @@ -1,22 +0,0 @@ -// Code generated by protoc-json-shim. DO NOT EDIT. -package meshv2beta1 - -import ( - protojson "google.golang.org/protobuf/encoding/protojson" -) - -// MarshalJSON is a custom marshaler for MeshConfiguration -func (this *MeshConfiguration) MarshalJSON() ([]byte, error) { - str, err := MeshConfigurationMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for MeshConfiguration -func (this *MeshConfiguration) UnmarshalJSON(b []byte) error { - return MeshConfigurationUnmarshaler.Unmarshal(b, this) -} - -var ( - MeshConfigurationMarshaler = &protojson.MarshalOptions{} - MeshConfigurationUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} -) diff --git a/proto-public/pbmesh/v2beta1/mesh_gateway.pb.binary.go b/proto-public/pbmesh/v2beta1/mesh_gateway.pb.binary.go deleted file mode 100644 index 7cd36afdb3c06..0000000000000 --- a/proto-public/pbmesh/v2beta1/mesh_gateway.pb.binary.go +++ /dev/null @@ -1,18 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: pbmesh/v2beta1/mesh_gateway.proto - -package meshv2beta1 - -import ( - "google.golang.org/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *MeshGateway) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *MeshGateway) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto-public/pbmesh/v2beta1/mesh_gateway.pb.go b/proto-public/pbmesh/v2beta1/mesh_gateway.pb.go deleted file mode 100644 index e61af2d2deaab..0000000000000 --- a/proto-public/pbmesh/v2beta1/mesh_gateway.pb.go +++ /dev/null @@ -1,170 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.31.0 -// protoc (unknown) -// source: pbmesh/v2beta1/mesh_gateway.proto - -package meshv2beta1 - -import ( - _ "github.com/hashicorp/consul/proto-public/pbresource" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type MeshGateway struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // GatewayClassName is the name of the GatewayClass used by the MeshGateway - GatewayClassName string `protobuf:"bytes,1,opt,name=gateway_class_name,json=gatewayClassName,proto3" json:"gateway_class_name,omitempty"` -} - -func (x *MeshGateway) Reset() { - *x = MeshGateway{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmesh_v2beta1_mesh_gateway_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *MeshGateway) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*MeshGateway) ProtoMessage() {} - -func (x *MeshGateway) ProtoReflect() protoreflect.Message { - mi := &file_pbmesh_v2beta1_mesh_gateway_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use MeshGateway.ProtoReflect.Descriptor instead. -func (*MeshGateway) Descriptor() ([]byte, []int) { - return file_pbmesh_v2beta1_mesh_gateway_proto_rawDescGZIP(), []int{0} -} - -func (x *MeshGateway) GetGatewayClassName() string { - if x != nil { - return x.GatewayClassName - } - return "" -} - -var File_pbmesh_v2beta1_mesh_gateway_proto protoreflect.FileDescriptor - -var file_pbmesh_v2beta1_mesh_gateway_proto_rawDesc = []byte{ - 0x0a, 0x21, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x2f, 0x6d, 0x65, 0x73, 0x68, 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x1d, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x1a, 0x1c, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x61, - 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x43, 0x0a, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, - 0x2c, 0x0a, 0x12, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, - 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x67, 0x61, 0x74, - 0x65, 0x77, 0x61, 0x79, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x3a, 0x06, 0xa2, - 0x93, 0x04, 0x02, 0x08, 0x02, 0x42, 0x91, 0x02, 0x0a, 0x21, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, - 0x65, 0x73, 0x68, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x10, 0x4d, 0x65, 0x73, - 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, - 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x65, 0x73, 0x68, - 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, 0x6d, 0x65, 0x73, 0x68, 0x76, 0x32, 0x62, - 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x1d, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x65, - 0x73, 0x68, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x1d, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, - 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x29, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x65, - 0x73, 0x68, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x65, 0x73, 0x68, - 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, -} - -var ( - file_pbmesh_v2beta1_mesh_gateway_proto_rawDescOnce sync.Once - file_pbmesh_v2beta1_mesh_gateway_proto_rawDescData = file_pbmesh_v2beta1_mesh_gateway_proto_rawDesc -) - -func file_pbmesh_v2beta1_mesh_gateway_proto_rawDescGZIP() []byte { - file_pbmesh_v2beta1_mesh_gateway_proto_rawDescOnce.Do(func() { - file_pbmesh_v2beta1_mesh_gateway_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmesh_v2beta1_mesh_gateway_proto_rawDescData) - }) - return file_pbmesh_v2beta1_mesh_gateway_proto_rawDescData -} - -var file_pbmesh_v2beta1_mesh_gateway_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pbmesh_v2beta1_mesh_gateway_proto_goTypes = []interface{}{ - (*MeshGateway)(nil), // 0: hashicorp.consul.mesh.v2beta1.MeshGateway -} -var file_pbmesh_v2beta1_mesh_gateway_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_pbmesh_v2beta1_mesh_gateway_proto_init() } -func file_pbmesh_v2beta1_mesh_gateway_proto_init() { - if File_pbmesh_v2beta1_mesh_gateway_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pbmesh_v2beta1_mesh_gateway_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeshGateway); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pbmesh_v2beta1_mesh_gateway_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pbmesh_v2beta1_mesh_gateway_proto_goTypes, - DependencyIndexes: file_pbmesh_v2beta1_mesh_gateway_proto_depIdxs, - MessageInfos: file_pbmesh_v2beta1_mesh_gateway_proto_msgTypes, - }.Build() - File_pbmesh_v2beta1_mesh_gateway_proto = out.File - file_pbmesh_v2beta1_mesh_gateway_proto_rawDesc = nil - file_pbmesh_v2beta1_mesh_gateway_proto_goTypes = nil - file_pbmesh_v2beta1_mesh_gateway_proto_depIdxs = nil -} diff --git a/proto-public/pbmesh/v2beta1/mesh_gateway.proto b/proto-public/pbmesh/v2beta1/mesh_gateway.proto deleted file mode 100644 index 09ed191354f73..0000000000000 --- a/proto-public/pbmesh/v2beta1/mesh_gateway.proto +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -syntax = "proto3"; - -package hashicorp.consul.mesh.v2beta1; - -import "pbresource/annotations.proto"; - -message MeshGateway { - option (hashicorp.consul.resource.spec) = {scope: SCOPE_PARTITION}; - - // GatewayClassName is the name of the GatewayClass used by the MeshGateway - string gateway_class_name = 1; -} diff --git a/proto-public/pbmesh/v2beta1/mesh_gateway_deepcopy.gen.go b/proto-public/pbmesh/v2beta1/mesh_gateway_deepcopy.gen.go deleted file mode 100644 index b14ad33a815a3..0000000000000 --- a/proto-public/pbmesh/v2beta1/mesh_gateway_deepcopy.gen.go +++ /dev/null @@ -1,27 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package meshv2beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using MeshGateway within kubernetes types, where deepcopy-gen is used. -func (in *MeshGateway) DeepCopyInto(out *MeshGateway) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshGateway. Required by controller-gen. -func (in *MeshGateway) DeepCopy() *MeshGateway { - if in == nil { - return nil - } - out := new(MeshGateway) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new MeshGateway. Required by controller-gen. -func (in *MeshGateway) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/proto-public/pbmesh/v2beta1/mesh_gateway_json.gen.go b/proto-public/pbmesh/v2beta1/mesh_gateway_json.gen.go deleted file mode 100644 index 548da69f08cdb..0000000000000 --- a/proto-public/pbmesh/v2beta1/mesh_gateway_json.gen.go +++ /dev/null @@ -1,22 +0,0 @@ -// Code generated by protoc-json-shim. DO NOT EDIT. -package meshv2beta1 - -import ( - protojson "google.golang.org/protobuf/encoding/protojson" -) - -// MarshalJSON is a custom marshaler for MeshGateway -func (this *MeshGateway) MarshalJSON() ([]byte, error) { - str, err := MeshGatewayMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for MeshGateway -func (this *MeshGateway) UnmarshalJSON(b []byte) error { - return MeshGatewayUnmarshaler.Unmarshal(b, this) -} - -var ( - MeshGatewayMarshaler = &protojson.MarshalOptions{} - MeshGatewayUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} -) diff --git a/proto-public/pbmesh/v2beta1/resource_types.gen.go b/proto-public/pbmesh/v2beta1/resource_types.gen.go index 925cc85be8e3d..68406c5d1e88d 100644 --- a/proto-public/pbmesh/v2beta1/resource_types.gen.go +++ b/proto-public/pbmesh/v2beta1/resource_types.gen.go @@ -17,11 +17,7 @@ const ( DestinationsKind = "Destinations" DestinationsConfigurationKind = "DestinationsConfiguration" GRPCRouteKind = "GRPCRoute" - GatewayClassKind = "GatewayClass" - GatewayClassConfigKind = "GatewayClassConfig" HTTPRouteKind = "HTTPRoute" - MeshConfigurationKind = "MeshConfiguration" - MeshGatewayKind = "MeshGateway" ProxyConfigurationKind = "ProxyConfiguration" ProxyStateTemplateKind = "ProxyStateTemplate" TCPRouteKind = "TCPRoute" @@ -70,36 +66,12 @@ var ( Kind: GRPCRouteKind, } - GatewayClassType = &pbresource.Type{ - Group: GroupName, - GroupVersion: Version, - Kind: GatewayClassKind, - } - - GatewayClassConfigType = &pbresource.Type{ - Group: GroupName, - GroupVersion: Version, - Kind: GatewayClassConfigKind, - } - HTTPRouteType = &pbresource.Type{ Group: GroupName, GroupVersion: Version, Kind: HTTPRouteKind, } - MeshConfigurationType = &pbresource.Type{ - Group: GroupName, - GroupVersion: Version, - Kind: MeshConfigurationKind, - } - - MeshGatewayType = &pbresource.Type{ - Group: GroupName, - GroupVersion: Version, - Kind: MeshGatewayKind, - } - ProxyConfigurationType = &pbresource.Type{ Group: GroupName, GroupVersion: Version, diff --git a/proto-public/pbmulticluster/v2beta1/computed_exported_services.pb.binary.go b/proto-public/pbmulticluster/v2beta1/computed_exported_services.pb.binary.go deleted file mode 100644 index f5b389089f42d..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/computed_exported_services.pb.binary.go +++ /dev/null @@ -1,38 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: pbmulticluster/v2beta1/computed_exported_services.proto - -package multiclusterv2beta1 - -import ( - "google.golang.org/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ComputedExportedServices) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ComputedExportedServices) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ComputedExportedService) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ComputedExportedService) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ComputedExportedServicesConsumer) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ComputedExportedServicesConsumer) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto-public/pbmulticluster/v2beta1/computed_exported_services.pb.go b/proto-public/pbmulticluster/v2beta1/computed_exported_services.pb.go deleted file mode 100644 index 312b608649bf3..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/computed_exported_services.pb.go +++ /dev/null @@ -1,373 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.31.0 -// protoc (unknown) -// source: pbmulticluster/v2beta1/computed_exported_services.proto - -package multiclusterv2beta1 - -import ( - pbresource "github.com/hashicorp/consul/proto-public/pbresource" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type ComputedExportedServices struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Consumers []*ComputedExportedService `protobuf:"bytes,1,rep,name=consumers,proto3" json:"consumers,omitempty"` -} - -func (x *ComputedExportedServices) Reset() { - *x = ComputedExportedServices{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ComputedExportedServices) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ComputedExportedServices) ProtoMessage() {} - -func (x *ComputedExportedServices) ProtoReflect() protoreflect.Message { - mi := &file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ComputedExportedServices.ProtoReflect.Descriptor instead. -func (*ComputedExportedServices) Descriptor() ([]byte, []int) { - return file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDescGZIP(), []int{0} -} - -func (x *ComputedExportedServices) GetConsumers() []*ComputedExportedService { - if x != nil { - return x.Consumers - } - return nil -} - -type ComputedExportedService struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - TargetRef *pbresource.Reference `protobuf:"bytes,1,opt,name=target_ref,json=targetRef,proto3" json:"target_ref,omitempty"` - Consumers []*ComputedExportedServicesConsumer `protobuf:"bytes,2,rep,name=consumers,proto3" json:"consumers,omitempty"` -} - -func (x *ComputedExportedService) Reset() { - *x = ComputedExportedService{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ComputedExportedService) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ComputedExportedService) ProtoMessage() {} - -func (x *ComputedExportedService) ProtoReflect() protoreflect.Message { - mi := &file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ComputedExportedService.ProtoReflect.Descriptor instead. -func (*ComputedExportedService) Descriptor() ([]byte, []int) { - return file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDescGZIP(), []int{1} -} - -func (x *ComputedExportedService) GetTargetRef() *pbresource.Reference { - if x != nil { - return x.TargetRef - } - return nil -} - -func (x *ComputedExportedService) GetConsumers() []*ComputedExportedServicesConsumer { - if x != nil { - return x.Consumers - } - return nil -} - -type ComputedExportedServicesConsumer struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // no sameness group - // - // Types that are assignable to ConsumerTenancy: - // - // *ComputedExportedServicesConsumer_Peer - // *ComputedExportedServicesConsumer_Partition - ConsumerTenancy isComputedExportedServicesConsumer_ConsumerTenancy `protobuf_oneof:"consumer_tenancy"` -} - -func (x *ComputedExportedServicesConsumer) Reset() { - *x = ComputedExportedServicesConsumer{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ComputedExportedServicesConsumer) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ComputedExportedServicesConsumer) ProtoMessage() {} - -func (x *ComputedExportedServicesConsumer) ProtoReflect() protoreflect.Message { - mi := &file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ComputedExportedServicesConsumer.ProtoReflect.Descriptor instead. -func (*ComputedExportedServicesConsumer) Descriptor() ([]byte, []int) { - return file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDescGZIP(), []int{2} -} - -func (m *ComputedExportedServicesConsumer) GetConsumerTenancy() isComputedExportedServicesConsumer_ConsumerTenancy { - if m != nil { - return m.ConsumerTenancy - } - return nil -} - -func (x *ComputedExportedServicesConsumer) GetPeer() string { - if x, ok := x.GetConsumerTenancy().(*ComputedExportedServicesConsumer_Peer); ok { - return x.Peer - } - return "" -} - -func (x *ComputedExportedServicesConsumer) GetPartition() string { - if x, ok := x.GetConsumerTenancy().(*ComputedExportedServicesConsumer_Partition); ok { - return x.Partition - } - return "" -} - -type isComputedExportedServicesConsumer_ConsumerTenancy interface { - isComputedExportedServicesConsumer_ConsumerTenancy() -} - -type ComputedExportedServicesConsumer_Peer struct { - Peer string `protobuf:"bytes,3,opt,name=peer,proto3,oneof"` -} - -type ComputedExportedServicesConsumer_Partition struct { - Partition string `protobuf:"bytes,4,opt,name=partition,proto3,oneof"` -} - -func (*ComputedExportedServicesConsumer_Peer) isComputedExportedServicesConsumer_ConsumerTenancy() {} - -func (*ComputedExportedServicesConsumer_Partition) isComputedExportedServicesConsumer_ConsumerTenancy() { -} - -var File_pbmulticluster_v2beta1_computed_exported_services_proto protoreflect.FileDescriptor - -var file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDesc = []byte{ - 0x0a, 0x37, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, - 0x64, 0x5f, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x25, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, 0x74, - 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x1a, 0x1c, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x61, 0x6e, 0x6e, - 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, - 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x80, 0x01, 0x0a, 0x18, 0x43, 0x6f, - 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x5c, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, - 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, - 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, - 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x73, 0x75, - 0x6d, 0x65, 0x72, 0x73, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, 0x02, 0x22, 0xc5, 0x01, 0x0a, - 0x17, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, - 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x43, 0x0a, 0x0a, 0x74, 0x61, 0x72, 0x67, - 0x65, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, - 0x63, 0x65, 0x52, 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x65, 0x0a, - 0x09, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x47, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, - 0x64, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x73, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x73, 0x75, - 0x6d, 0x65, 0x72, 0x73, 0x22, 0x6c, 0x0a, 0x20, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, - 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x04, 0x70, 0x65, 0x65, 0x72, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x04, 0x70, 0x65, 0x65, 0x72, 0x12, 0x1e, - 0x0a, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x09, 0x48, 0x00, 0x52, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x12, - 0x0a, 0x10, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x5f, 0x74, 0x65, 0x6e, 0x61, 0x6e, - 0x63, 0x79, 0x42, 0xd6, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, 0x74, - 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x42, 0x1d, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, - 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, - 0x01, 0x5a, 0x53, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x75, - 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x3b, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x76, - 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x25, 0x48, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x56, 0x32, 0x62, - 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, - 0x73, 0x74, 0x65, 0x72, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x31, 0x48, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, - 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5c, 0x56, 0x32, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, - 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, - 0x65, 0x72, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, -} - -var ( - file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDescOnce sync.Once - file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDescData = file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDesc -) - -func file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDescGZIP() []byte { - file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDescOnce.Do(func() { - file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDescData) - }) - return file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDescData -} - -var file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_pbmulticluster_v2beta1_computed_exported_services_proto_goTypes = []interface{}{ - (*ComputedExportedServices)(nil), // 0: hashicorp.consul.multicluster.v2beta1.ComputedExportedServices - (*ComputedExportedService)(nil), // 1: hashicorp.consul.multicluster.v2beta1.ComputedExportedService - (*ComputedExportedServicesConsumer)(nil), // 2: hashicorp.consul.multicluster.v2beta1.ComputedExportedServicesConsumer - (*pbresource.Reference)(nil), // 3: hashicorp.consul.resource.Reference -} -var file_pbmulticluster_v2beta1_computed_exported_services_proto_depIdxs = []int32{ - 1, // 0: hashicorp.consul.multicluster.v2beta1.ComputedExportedServices.consumers:type_name -> hashicorp.consul.multicluster.v2beta1.ComputedExportedService - 3, // 1: hashicorp.consul.multicluster.v2beta1.ComputedExportedService.target_ref:type_name -> hashicorp.consul.resource.Reference - 2, // 2: hashicorp.consul.multicluster.v2beta1.ComputedExportedService.consumers:type_name -> hashicorp.consul.multicluster.v2beta1.ComputedExportedServicesConsumer - 3, // [3:3] is the sub-list for method output_type - 3, // [3:3] is the sub-list for method input_type - 3, // [3:3] is the sub-list for extension type_name - 3, // [3:3] is the sub-list for extension extendee - 0, // [0:3] is the sub-list for field type_name -} - -func init() { file_pbmulticluster_v2beta1_computed_exported_services_proto_init() } -func file_pbmulticluster_v2beta1_computed_exported_services_proto_init() { - if File_pbmulticluster_v2beta1_computed_exported_services_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ComputedExportedServices); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ComputedExportedService); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ComputedExportedServicesConsumer); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes[2].OneofWrappers = []interface{}{ - (*ComputedExportedServicesConsumer_Peer)(nil), - (*ComputedExportedServicesConsumer_Partition)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDesc, - NumEnums: 0, - NumMessages: 3, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pbmulticluster_v2beta1_computed_exported_services_proto_goTypes, - DependencyIndexes: file_pbmulticluster_v2beta1_computed_exported_services_proto_depIdxs, - MessageInfos: file_pbmulticluster_v2beta1_computed_exported_services_proto_msgTypes, - }.Build() - File_pbmulticluster_v2beta1_computed_exported_services_proto = out.File - file_pbmulticluster_v2beta1_computed_exported_services_proto_rawDesc = nil - file_pbmulticluster_v2beta1_computed_exported_services_proto_goTypes = nil - file_pbmulticluster_v2beta1_computed_exported_services_proto_depIdxs = nil -} diff --git a/proto-public/pbmulticluster/v2beta1/computed_exported_services.proto b/proto-public/pbmulticluster/v2beta1/computed_exported_services.proto deleted file mode 100644 index b8a619558451c..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/computed_exported_services.proto +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -syntax = "proto3"; - -package hashicorp.consul.multicluster.v2beta1; - -import "pbresource/annotations.proto"; -import "pbresource/resource.proto"; - -message ComputedExportedServices { - option (hashicorp.consul.resource.spec) = {scope: SCOPE_PARTITION}; - - repeated ComputedExportedService consumers = 1; -} - -message ComputedExportedService { - hashicorp.consul.resource.Reference target_ref = 1; - repeated ComputedExportedServicesConsumer consumers = 2; -} - -message ComputedExportedServicesConsumer { - // no sameness group - oneof consumer_tenancy { - string peer = 3; - string partition = 4; - } -} diff --git a/proto-public/pbmulticluster/v2beta1/computed_exported_services_deepcopy.gen.go b/proto-public/pbmulticluster/v2beta1/computed_exported_services_deepcopy.gen.go deleted file mode 100644 index b50f35a20bd92..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/computed_exported_services_deepcopy.gen.go +++ /dev/null @@ -1,69 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package multiclusterv2beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using ComputedExportedServices within kubernetes types, where deepcopy-gen is used. -func (in *ComputedExportedServices) DeepCopyInto(out *ComputedExportedServices) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedExportedServices. Required by controller-gen. -func (in *ComputedExportedServices) DeepCopy() *ComputedExportedServices { - if in == nil { - return nil - } - out := new(ComputedExportedServices) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ComputedExportedServices. Required by controller-gen. -func (in *ComputedExportedServices) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ComputedExportedService within kubernetes types, where deepcopy-gen is used. -func (in *ComputedExportedService) DeepCopyInto(out *ComputedExportedService) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedExportedService. Required by controller-gen. -func (in *ComputedExportedService) DeepCopy() *ComputedExportedService { - if in == nil { - return nil - } - out := new(ComputedExportedService) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ComputedExportedService. Required by controller-gen. -func (in *ComputedExportedService) DeepCopyInterface() interface{} { - return in.DeepCopy() -} - -// DeepCopyInto supports using ComputedExportedServicesConsumer within kubernetes types, where deepcopy-gen is used. -func (in *ComputedExportedServicesConsumer) DeepCopyInto(out *ComputedExportedServicesConsumer) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ComputedExportedServicesConsumer. Required by controller-gen. -func (in *ComputedExportedServicesConsumer) DeepCopy() *ComputedExportedServicesConsumer { - if in == nil { - return nil - } - out := new(ComputedExportedServicesConsumer) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ComputedExportedServicesConsumer. Required by controller-gen. -func (in *ComputedExportedServicesConsumer) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/proto-public/pbmulticluster/v2beta1/computed_exported_services_json.gen.go b/proto-public/pbmulticluster/v2beta1/computed_exported_services_json.gen.go deleted file mode 100644 index 709a7e6ef6b20..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/computed_exported_services_json.gen.go +++ /dev/null @@ -1,44 +0,0 @@ -// Code generated by protoc-json-shim. DO NOT EDIT. -package multiclusterv2beta1 - -import ( - protojson "google.golang.org/protobuf/encoding/protojson" -) - -// MarshalJSON is a custom marshaler for ComputedExportedServices -func (this *ComputedExportedServices) MarshalJSON() ([]byte, error) { - str, err := ComputedExportedServicesMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ComputedExportedServices -func (this *ComputedExportedServices) UnmarshalJSON(b []byte) error { - return ComputedExportedServicesUnmarshaler.Unmarshal(b, this) -} - -// MarshalJSON is a custom marshaler for ComputedExportedService -func (this *ComputedExportedService) MarshalJSON() ([]byte, error) { - str, err := ComputedExportedServicesMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ComputedExportedService -func (this *ComputedExportedService) UnmarshalJSON(b []byte) error { - return ComputedExportedServicesUnmarshaler.Unmarshal(b, this) -} - -// MarshalJSON is a custom marshaler for ComputedExportedServicesConsumer -func (this *ComputedExportedServicesConsumer) MarshalJSON() ([]byte, error) { - str, err := ComputedExportedServicesMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ComputedExportedServicesConsumer -func (this *ComputedExportedServicesConsumer) UnmarshalJSON(b []byte) error { - return ComputedExportedServicesUnmarshaler.Unmarshal(b, this) -} - -var ( - ComputedExportedServicesMarshaler = &protojson.MarshalOptions{} - ComputedExportedServicesUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} -) diff --git a/proto-public/pbmulticluster/v2beta1/exported_services.pb.binary.go b/proto-public/pbmulticluster/v2beta1/exported_services.pb.binary.go deleted file mode 100644 index 1530294804123..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/exported_services.pb.binary.go +++ /dev/null @@ -1,18 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: pbmulticluster/v2beta1/exported_services.proto - -package multiclusterv2beta1 - -import ( - "google.golang.org/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ExportedServices) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ExportedServices) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto-public/pbmulticluster/v2beta1/exported_services.pb.go b/proto-public/pbmulticluster/v2beta1/exported_services.pb.go deleted file mode 100644 index d326c9c3f735c..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/exported_services.pb.go +++ /dev/null @@ -1,193 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.31.0 -// protoc (unknown) -// source: pbmulticluster/v2beta1/exported_services.proto - -package multiclusterv2beta1 - -import ( - _ "github.com/hashicorp/consul/proto-public/pbresource" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type ExportedServices struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Services []string `protobuf:"bytes,1,rep,name=services,proto3" json:"services,omitempty"` - Consumers []*ExportedServicesConsumer `protobuf:"bytes,2,rep,name=consumers,proto3" json:"consumers,omitempty"` -} - -func (x *ExportedServices) Reset() { - *x = ExportedServices{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmulticluster_v2beta1_exported_services_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ExportedServices) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ExportedServices) ProtoMessage() {} - -func (x *ExportedServices) ProtoReflect() protoreflect.Message { - mi := &file_pbmulticluster_v2beta1_exported_services_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ExportedServices.ProtoReflect.Descriptor instead. -func (*ExportedServices) Descriptor() ([]byte, []int) { - return file_pbmulticluster_v2beta1_exported_services_proto_rawDescGZIP(), []int{0} -} - -func (x *ExportedServices) GetServices() []string { - if x != nil { - return x.Services - } - return nil -} - -func (x *ExportedServices) GetConsumers() []*ExportedServicesConsumer { - if x != nil { - return x.Consumers - } - return nil -} - -var File_pbmulticluster_v2beta1_exported_services_proto protoreflect.FileDescriptor - -var file_pbmulticluster_v2beta1_exported_services_proto_rawDesc = []byte{ - 0x0a, 0x2e, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, - 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x25, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, - 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x37, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, - 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, - 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1c, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x61, 0x6e, 0x6e, - 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x95, - 0x01, 0x0a, 0x10, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, - 0x5d, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, - 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x72, - 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x73, 0x75, - 0x6d, 0x65, 0x72, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x73, 0x3a, 0x06, - 0xa2, 0x93, 0x04, 0x02, 0x08, 0x03, 0x42, 0xce, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, - 0x65, 0x74, 0x61, 0x31, 0x42, 0x15, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x53, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, - 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, 0x6d, - 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x76, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x75, 0x6c, 0x74, - 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x75, 0x6c, 0x74, - 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x3a, 0x3a, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x3a, 0x3a, - 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_pbmulticluster_v2beta1_exported_services_proto_rawDescOnce sync.Once - file_pbmulticluster_v2beta1_exported_services_proto_rawDescData = file_pbmulticluster_v2beta1_exported_services_proto_rawDesc -) - -func file_pbmulticluster_v2beta1_exported_services_proto_rawDescGZIP() []byte { - file_pbmulticluster_v2beta1_exported_services_proto_rawDescOnce.Do(func() { - file_pbmulticluster_v2beta1_exported_services_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmulticluster_v2beta1_exported_services_proto_rawDescData) - }) - return file_pbmulticluster_v2beta1_exported_services_proto_rawDescData -} - -var file_pbmulticluster_v2beta1_exported_services_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pbmulticluster_v2beta1_exported_services_proto_goTypes = []interface{}{ - (*ExportedServices)(nil), // 0: hashicorp.consul.multicluster.v2beta1.ExportedServices - (*ExportedServicesConsumer)(nil), // 1: hashicorp.consul.multicluster.v2beta1.ExportedServicesConsumer -} -var file_pbmulticluster_v2beta1_exported_services_proto_depIdxs = []int32{ - 1, // 0: hashicorp.consul.multicluster.v2beta1.ExportedServices.consumers:type_name -> hashicorp.consul.multicluster.v2beta1.ExportedServicesConsumer - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_pbmulticluster_v2beta1_exported_services_proto_init() } -func file_pbmulticluster_v2beta1_exported_services_proto_init() { - if File_pbmulticluster_v2beta1_exported_services_proto != nil { - return - } - file_pbmulticluster_v2beta1_exported_services_consumer_proto_init() - if !protoimpl.UnsafeEnabled { - file_pbmulticluster_v2beta1_exported_services_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExportedServices); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pbmulticluster_v2beta1_exported_services_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pbmulticluster_v2beta1_exported_services_proto_goTypes, - DependencyIndexes: file_pbmulticluster_v2beta1_exported_services_proto_depIdxs, - MessageInfos: file_pbmulticluster_v2beta1_exported_services_proto_msgTypes, - }.Build() - File_pbmulticluster_v2beta1_exported_services_proto = out.File - file_pbmulticluster_v2beta1_exported_services_proto_rawDesc = nil - file_pbmulticluster_v2beta1_exported_services_proto_goTypes = nil - file_pbmulticluster_v2beta1_exported_services_proto_depIdxs = nil -} diff --git a/proto-public/pbmulticluster/v2beta1/exported_services.proto b/proto-public/pbmulticluster/v2beta1/exported_services.proto deleted file mode 100644 index 76cd98ad7a46f..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/exported_services.proto +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -syntax = "proto3"; - -package hashicorp.consul.multicluster.v2beta1; - -import "pbmulticluster/v2beta1/exported_services_consumer.proto"; -import "pbresource/annotations.proto"; - -message ExportedServices { - option (hashicorp.consul.resource.spec) = {scope: SCOPE_NAMESPACE}; - - repeated string services = 1; - repeated ExportedServicesConsumer consumers = 2; -} diff --git a/proto-public/pbmulticluster/v2beta1/exported_services_consumer.pb.binary.go b/proto-public/pbmulticluster/v2beta1/exported_services_consumer.pb.binary.go deleted file mode 100644 index 5f8eecd75158b..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/exported_services_consumer.pb.binary.go +++ /dev/null @@ -1,18 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: pbmulticluster/v2beta1/exported_services_consumer.proto - -package multiclusterv2beta1 - -import ( - "google.golang.org/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ExportedServicesConsumer) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ExportedServicesConsumer) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto-public/pbmulticluster/v2beta1/exported_services_consumer.pb.go b/proto-public/pbmulticluster/v2beta1/exported_services_consumer.pb.go deleted file mode 100644 index dcdd561b2dca4..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/exported_services_consumer.pb.go +++ /dev/null @@ -1,230 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.31.0 -// protoc (unknown) -// source: pbmulticluster/v2beta1/exported_services_consumer.proto - -package multiclusterv2beta1 - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type ExportedServicesConsumer struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to ConsumerTenancy: - // - // *ExportedServicesConsumer_Peer - // *ExportedServicesConsumer_Partition - // *ExportedServicesConsumer_SamenessGroup - ConsumerTenancy isExportedServicesConsumer_ConsumerTenancy `protobuf_oneof:"consumer_tenancy"` -} - -func (x *ExportedServicesConsumer) Reset() { - *x = ExportedServicesConsumer{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmulticluster_v2beta1_exported_services_consumer_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ExportedServicesConsumer) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ExportedServicesConsumer) ProtoMessage() {} - -func (x *ExportedServicesConsumer) ProtoReflect() protoreflect.Message { - mi := &file_pbmulticluster_v2beta1_exported_services_consumer_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ExportedServicesConsumer.ProtoReflect.Descriptor instead. -func (*ExportedServicesConsumer) Descriptor() ([]byte, []int) { - return file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDescGZIP(), []int{0} -} - -func (m *ExportedServicesConsumer) GetConsumerTenancy() isExportedServicesConsumer_ConsumerTenancy { - if m != nil { - return m.ConsumerTenancy - } - return nil -} - -func (x *ExportedServicesConsumer) GetPeer() string { - if x, ok := x.GetConsumerTenancy().(*ExportedServicesConsumer_Peer); ok { - return x.Peer - } - return "" -} - -func (x *ExportedServicesConsumer) GetPartition() string { - if x, ok := x.GetConsumerTenancy().(*ExportedServicesConsumer_Partition); ok { - return x.Partition - } - return "" -} - -func (x *ExportedServicesConsumer) GetSamenessGroup() string { - if x, ok := x.GetConsumerTenancy().(*ExportedServicesConsumer_SamenessGroup); ok { - return x.SamenessGroup - } - return "" -} - -type isExportedServicesConsumer_ConsumerTenancy interface { - isExportedServicesConsumer_ConsumerTenancy() -} - -type ExportedServicesConsumer_Peer struct { - Peer string `protobuf:"bytes,1,opt,name=peer,proto3,oneof"` -} - -type ExportedServicesConsumer_Partition struct { - Partition string `protobuf:"bytes,2,opt,name=partition,proto3,oneof"` -} - -type ExportedServicesConsumer_SamenessGroup struct { - SamenessGroup string `protobuf:"bytes,3,opt,name=sameness_group,json=samenessGroup,proto3,oneof"` -} - -func (*ExportedServicesConsumer_Peer) isExportedServicesConsumer_ConsumerTenancy() {} - -func (*ExportedServicesConsumer_Partition) isExportedServicesConsumer_ConsumerTenancy() {} - -func (*ExportedServicesConsumer_SamenessGroup) isExportedServicesConsumer_ConsumerTenancy() {} - -var File_pbmulticluster_v2beta1_exported_services_consumer_proto protoreflect.FileDescriptor - -var file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDesc = []byte{ - 0x0a, 0x37, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, - 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x75, - 0x6d, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x25, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, 0x74, - 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x22, 0x8d, 0x01, 0x0a, 0x18, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x12, 0x14, 0x0a, - 0x04, 0x70, 0x65, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x04, 0x70, - 0x65, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x27, 0x0a, 0x0e, 0x73, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x5f, - 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0d, 0x73, - 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x42, 0x12, 0x0a, 0x10, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x5f, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, - 0x42, 0xd6, 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, - 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x1d, - 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, - 0x53, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, - 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x3b, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x76, 0x32, 0x62, - 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x75, - 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, - 0x65, 0x72, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x75, - 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, - 0x28, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x3a, 0x3a, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, -} - -var ( - file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDescOnce sync.Once - file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDescData = file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDesc -) - -func file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDescGZIP() []byte { - file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDescOnce.Do(func() { - file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDescData) - }) - return file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDescData -} - -var file_pbmulticluster_v2beta1_exported_services_consumer_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pbmulticluster_v2beta1_exported_services_consumer_proto_goTypes = []interface{}{ - (*ExportedServicesConsumer)(nil), // 0: hashicorp.consul.multicluster.v2beta1.ExportedServicesConsumer -} -var file_pbmulticluster_v2beta1_exported_services_consumer_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_pbmulticluster_v2beta1_exported_services_consumer_proto_init() } -func file_pbmulticluster_v2beta1_exported_services_consumer_proto_init() { - if File_pbmulticluster_v2beta1_exported_services_consumer_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pbmulticluster_v2beta1_exported_services_consumer_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExportedServicesConsumer); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_pbmulticluster_v2beta1_exported_services_consumer_proto_msgTypes[0].OneofWrappers = []interface{}{ - (*ExportedServicesConsumer_Peer)(nil), - (*ExportedServicesConsumer_Partition)(nil), - (*ExportedServicesConsumer_SamenessGroup)(nil), - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pbmulticluster_v2beta1_exported_services_consumer_proto_goTypes, - DependencyIndexes: file_pbmulticluster_v2beta1_exported_services_consumer_proto_depIdxs, - MessageInfos: file_pbmulticluster_v2beta1_exported_services_consumer_proto_msgTypes, - }.Build() - File_pbmulticluster_v2beta1_exported_services_consumer_proto = out.File - file_pbmulticluster_v2beta1_exported_services_consumer_proto_rawDesc = nil - file_pbmulticluster_v2beta1_exported_services_consumer_proto_goTypes = nil - file_pbmulticluster_v2beta1_exported_services_consumer_proto_depIdxs = nil -} diff --git a/proto-public/pbmulticluster/v2beta1/exported_services_consumer.proto b/proto-public/pbmulticluster/v2beta1/exported_services_consumer.proto deleted file mode 100644 index 1a110099dcf59..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/exported_services_consumer.proto +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -syntax = "proto3"; - -package hashicorp.consul.multicluster.v2beta1; - -message ExportedServicesConsumer { - oneof consumer_tenancy { - string peer = 1; - string partition = 2; - string sameness_group = 3; - } -} diff --git a/proto-public/pbmulticluster/v2beta1/exported_services_consumer_deepcopy.gen.go b/proto-public/pbmulticluster/v2beta1/exported_services_consumer_deepcopy.gen.go deleted file mode 100644 index 847fe0ec3e31d..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/exported_services_consumer_deepcopy.gen.go +++ /dev/null @@ -1,27 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package multiclusterv2beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using ExportedServicesConsumer within kubernetes types, where deepcopy-gen is used. -func (in *ExportedServicesConsumer) DeepCopyInto(out *ExportedServicesConsumer) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExportedServicesConsumer. Required by controller-gen. -func (in *ExportedServicesConsumer) DeepCopy() *ExportedServicesConsumer { - if in == nil { - return nil - } - out := new(ExportedServicesConsumer) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ExportedServicesConsumer. Required by controller-gen. -func (in *ExportedServicesConsumer) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/proto-public/pbmulticluster/v2beta1/exported_services_consumer_json.gen.go b/proto-public/pbmulticluster/v2beta1/exported_services_consumer_json.gen.go deleted file mode 100644 index 3f43f69932a19..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/exported_services_consumer_json.gen.go +++ /dev/null @@ -1,22 +0,0 @@ -// Code generated by protoc-json-shim. DO NOT EDIT. -package multiclusterv2beta1 - -import ( - protojson "google.golang.org/protobuf/encoding/protojson" -) - -// MarshalJSON is a custom marshaler for ExportedServicesConsumer -func (this *ExportedServicesConsumer) MarshalJSON() ([]byte, error) { - str, err := ExportedServicesConsumerMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ExportedServicesConsumer -func (this *ExportedServicesConsumer) UnmarshalJSON(b []byte) error { - return ExportedServicesConsumerUnmarshaler.Unmarshal(b, this) -} - -var ( - ExportedServicesConsumerMarshaler = &protojson.MarshalOptions{} - ExportedServicesConsumerUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} -) diff --git a/proto-public/pbmulticluster/v2beta1/exported_services_deepcopy.gen.go b/proto-public/pbmulticluster/v2beta1/exported_services_deepcopy.gen.go deleted file mode 100644 index f5897233ef8b6..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/exported_services_deepcopy.gen.go +++ /dev/null @@ -1,27 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package multiclusterv2beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using ExportedServices within kubernetes types, where deepcopy-gen is used. -func (in *ExportedServices) DeepCopyInto(out *ExportedServices) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExportedServices. Required by controller-gen. -func (in *ExportedServices) DeepCopy() *ExportedServices { - if in == nil { - return nil - } - out := new(ExportedServices) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ExportedServices. Required by controller-gen. -func (in *ExportedServices) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/proto-public/pbmulticluster/v2beta1/exported_services_json.gen.go b/proto-public/pbmulticluster/v2beta1/exported_services_json.gen.go deleted file mode 100644 index 40a7cdc38b9b4..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/exported_services_json.gen.go +++ /dev/null @@ -1,22 +0,0 @@ -// Code generated by protoc-json-shim. DO NOT EDIT. -package multiclusterv2beta1 - -import ( - protojson "google.golang.org/protobuf/encoding/protojson" -) - -// MarshalJSON is a custom marshaler for ExportedServices -func (this *ExportedServices) MarshalJSON() ([]byte, error) { - str, err := ExportedServicesMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for ExportedServices -func (this *ExportedServices) UnmarshalJSON(b []byte) error { - return ExportedServicesUnmarshaler.Unmarshal(b, this) -} - -var ( - ExportedServicesMarshaler = &protojson.MarshalOptions{} - ExportedServicesUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} -) diff --git a/proto-public/pbmulticluster/v2beta1/namespace_exported_services.pb.binary.go b/proto-public/pbmulticluster/v2beta1/namespace_exported_services.pb.binary.go deleted file mode 100644 index eb000381077b7..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/namespace_exported_services.pb.binary.go +++ /dev/null @@ -1,18 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: pbmulticluster/v2beta1/namespace_exported_services.proto - -package multiclusterv2beta1 - -import ( - "google.golang.org/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *NamespaceExportedServices) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *NamespaceExportedServices) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto-public/pbmulticluster/v2beta1/namespace_exported_services.pb.go b/proto-public/pbmulticluster/v2beta1/namespace_exported_services.pb.go deleted file mode 100644 index 1199e193b022e..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/namespace_exported_services.pb.go +++ /dev/null @@ -1,185 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.31.0 -// protoc (unknown) -// source: pbmulticluster/v2beta1/namespace_exported_services.proto - -package multiclusterv2beta1 - -import ( - _ "github.com/hashicorp/consul/proto-public/pbresource" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type NamespaceExportedServices struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Consumers []*ExportedServicesConsumer `protobuf:"bytes,1,rep,name=consumers,proto3" json:"consumers,omitempty"` -} - -func (x *NamespaceExportedServices) Reset() { - *x = NamespaceExportedServices{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmulticluster_v2beta1_namespace_exported_services_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *NamespaceExportedServices) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*NamespaceExportedServices) ProtoMessage() {} - -func (x *NamespaceExportedServices) ProtoReflect() protoreflect.Message { - mi := &file_pbmulticluster_v2beta1_namespace_exported_services_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use NamespaceExportedServices.ProtoReflect.Descriptor instead. -func (*NamespaceExportedServices) Descriptor() ([]byte, []int) { - return file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDescGZIP(), []int{0} -} - -func (x *NamespaceExportedServices) GetConsumers() []*ExportedServicesConsumer { - if x != nil { - return x.Consumers - } - return nil -} - -var File_pbmulticluster_v2beta1_namespace_exported_services_proto protoreflect.FileDescriptor - -var file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDesc = []byte{ - 0x0a, 0x38, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x5f, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x25, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, - 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x1a, 0x37, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, - 0x72, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, - 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6d, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x70, 0x62, 0x72, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x82, 0x01, 0x0a, 0x19, 0x4e, 0x61, 0x6d, - 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x5d, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, - 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, - 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6d, 0x65, 0x72, 0x73, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, 0x03, 0x42, 0xd7, 0x02, - 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, - 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x1e, 0x4e, 0x61, 0x6d, - 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x53, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, - 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, 0x6d, - 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x76, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x75, 0x6c, 0x74, - 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x75, 0x6c, 0x74, - 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x3a, 0x3a, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x3a, 0x3a, - 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDescOnce sync.Once - file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDescData = file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDesc -) - -func file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDescGZIP() []byte { - file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDescOnce.Do(func() { - file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDescData) - }) - return file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDescData -} - -var file_pbmulticluster_v2beta1_namespace_exported_services_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pbmulticluster_v2beta1_namespace_exported_services_proto_goTypes = []interface{}{ - (*NamespaceExportedServices)(nil), // 0: hashicorp.consul.multicluster.v2beta1.NamespaceExportedServices - (*ExportedServicesConsumer)(nil), // 1: hashicorp.consul.multicluster.v2beta1.ExportedServicesConsumer -} -var file_pbmulticluster_v2beta1_namespace_exported_services_proto_depIdxs = []int32{ - 1, // 0: hashicorp.consul.multicluster.v2beta1.NamespaceExportedServices.consumers:type_name -> hashicorp.consul.multicluster.v2beta1.ExportedServicesConsumer - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_pbmulticluster_v2beta1_namespace_exported_services_proto_init() } -func file_pbmulticluster_v2beta1_namespace_exported_services_proto_init() { - if File_pbmulticluster_v2beta1_namespace_exported_services_proto != nil { - return - } - file_pbmulticluster_v2beta1_exported_services_consumer_proto_init() - if !protoimpl.UnsafeEnabled { - file_pbmulticluster_v2beta1_namespace_exported_services_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NamespaceExportedServices); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pbmulticluster_v2beta1_namespace_exported_services_proto_goTypes, - DependencyIndexes: file_pbmulticluster_v2beta1_namespace_exported_services_proto_depIdxs, - MessageInfos: file_pbmulticluster_v2beta1_namespace_exported_services_proto_msgTypes, - }.Build() - File_pbmulticluster_v2beta1_namespace_exported_services_proto = out.File - file_pbmulticluster_v2beta1_namespace_exported_services_proto_rawDesc = nil - file_pbmulticluster_v2beta1_namespace_exported_services_proto_goTypes = nil - file_pbmulticluster_v2beta1_namespace_exported_services_proto_depIdxs = nil -} diff --git a/proto-public/pbmulticluster/v2beta1/namespace_exported_services.proto b/proto-public/pbmulticluster/v2beta1/namespace_exported_services.proto deleted file mode 100644 index 074d44d36063e..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/namespace_exported_services.proto +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -syntax = "proto3"; - -package hashicorp.consul.multicluster.v2beta1; - -import "pbmulticluster/v2beta1/exported_services_consumer.proto"; -import "pbresource/annotations.proto"; - -message NamespaceExportedServices { - option (hashicorp.consul.resource.spec) = {scope: SCOPE_NAMESPACE}; - - repeated ExportedServicesConsumer consumers = 1; -} diff --git a/proto-public/pbmulticluster/v2beta1/namespace_exported_services_deepcopy.gen.go b/proto-public/pbmulticluster/v2beta1/namespace_exported_services_deepcopy.gen.go deleted file mode 100644 index 9d061a755bdae..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/namespace_exported_services_deepcopy.gen.go +++ /dev/null @@ -1,27 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package multiclusterv2beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using NamespaceExportedServices within kubernetes types, where deepcopy-gen is used. -func (in *NamespaceExportedServices) DeepCopyInto(out *NamespaceExportedServices) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceExportedServices. Required by controller-gen. -func (in *NamespaceExportedServices) DeepCopy() *NamespaceExportedServices { - if in == nil { - return nil - } - out := new(NamespaceExportedServices) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new NamespaceExportedServices. Required by controller-gen. -func (in *NamespaceExportedServices) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/proto-public/pbmulticluster/v2beta1/namespace_exported_services_json.gen.go b/proto-public/pbmulticluster/v2beta1/namespace_exported_services_json.gen.go deleted file mode 100644 index 5d4ee1e42c7a9..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/namespace_exported_services_json.gen.go +++ /dev/null @@ -1,22 +0,0 @@ -// Code generated by protoc-json-shim. DO NOT EDIT. -package multiclusterv2beta1 - -import ( - protojson "google.golang.org/protobuf/encoding/protojson" -) - -// MarshalJSON is a custom marshaler for NamespaceExportedServices -func (this *NamespaceExportedServices) MarshalJSON() ([]byte, error) { - str, err := NamespaceExportedServicesMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for NamespaceExportedServices -func (this *NamespaceExportedServices) UnmarshalJSON(b []byte) error { - return NamespaceExportedServicesUnmarshaler.Unmarshal(b, this) -} - -var ( - NamespaceExportedServicesMarshaler = &protojson.MarshalOptions{} - NamespaceExportedServicesUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} -) diff --git a/proto-public/pbmulticluster/v2beta1/partition_exported_services.pb.binary.go b/proto-public/pbmulticluster/v2beta1/partition_exported_services.pb.binary.go deleted file mode 100644 index 5518b8a004053..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/partition_exported_services.pb.binary.go +++ /dev/null @@ -1,18 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: pbmulticluster/v2beta1/partition_exported_services.proto - -package multiclusterv2beta1 - -import ( - "google.golang.org/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *PartitionExportedServices) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *PartitionExportedServices) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/proto-public/pbmulticluster/v2beta1/partition_exported_services.pb.go b/proto-public/pbmulticluster/v2beta1/partition_exported_services.pb.go deleted file mode 100644 index 5417ff57ff0a0..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/partition_exported_services.pb.go +++ /dev/null @@ -1,185 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.31.0 -// protoc (unknown) -// source: pbmulticluster/v2beta1/partition_exported_services.proto - -package multiclusterv2beta1 - -import ( - _ "github.com/hashicorp/consul/proto-public/pbresource" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type PartitionExportedServices struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Consumers []*ExportedServicesConsumer `protobuf:"bytes,1,rep,name=consumers,proto3" json:"consumers,omitempty"` -} - -func (x *PartitionExportedServices) Reset() { - *x = PartitionExportedServices{} - if protoimpl.UnsafeEnabled { - mi := &file_pbmulticluster_v2beta1_partition_exported_services_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *PartitionExportedServices) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*PartitionExportedServices) ProtoMessage() {} - -func (x *PartitionExportedServices) ProtoReflect() protoreflect.Message { - mi := &file_pbmulticluster_v2beta1_partition_exported_services_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use PartitionExportedServices.ProtoReflect.Descriptor instead. -func (*PartitionExportedServices) Descriptor() ([]byte, []int) { - return file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDescGZIP(), []int{0} -} - -func (x *PartitionExportedServices) GetConsumers() []*ExportedServicesConsumer { - if x != nil { - return x.Consumers - } - return nil -} - -var File_pbmulticluster_v2beta1_partition_exported_services_proto protoreflect.FileDescriptor - -var file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDesc = []byte{ - 0x0a, 0x38, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, - 0x6f, 0x6e, 0x5f, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x25, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, - 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x1a, 0x37, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, - 0x72, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, - 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6d, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x70, 0x62, 0x72, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x82, 0x01, 0x0a, 0x19, 0x50, 0x61, 0x72, - 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x5d, 0x0a, 0x09, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, - 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, - 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x72, 0x52, 0x09, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6d, 0x65, 0x72, 0x73, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, 0x02, 0x42, 0xd7, 0x02, - 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, - 0x74, 0x65, 0x72, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x1e, 0x50, 0x61, 0x72, - 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x65, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x53, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x63, - 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, 0x6d, - 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x76, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x4d, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x4d, 0x75, 0x6c, 0x74, - 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x4d, 0x75, 0x6c, 0x74, - 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x3a, 0x3a, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x3a, 0x3a, - 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDescOnce sync.Once - file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDescData = file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDesc -) - -func file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDescGZIP() []byte { - file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDescOnce.Do(func() { - file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDescData) - }) - return file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDescData -} - -var file_pbmulticluster_v2beta1_partition_exported_services_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pbmulticluster_v2beta1_partition_exported_services_proto_goTypes = []interface{}{ - (*PartitionExportedServices)(nil), // 0: hashicorp.consul.multicluster.v2beta1.PartitionExportedServices - (*ExportedServicesConsumer)(nil), // 1: hashicorp.consul.multicluster.v2beta1.ExportedServicesConsumer -} -var file_pbmulticluster_v2beta1_partition_exported_services_proto_depIdxs = []int32{ - 1, // 0: hashicorp.consul.multicluster.v2beta1.PartitionExportedServices.consumers:type_name -> hashicorp.consul.multicluster.v2beta1.ExportedServicesConsumer - 1, // [1:1] is the sub-list for method output_type - 1, // [1:1] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_pbmulticluster_v2beta1_partition_exported_services_proto_init() } -func file_pbmulticluster_v2beta1_partition_exported_services_proto_init() { - if File_pbmulticluster_v2beta1_partition_exported_services_proto != nil { - return - } - file_pbmulticluster_v2beta1_exported_services_consumer_proto_init() - if !protoimpl.UnsafeEnabled { - file_pbmulticluster_v2beta1_partition_exported_services_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PartitionExportedServices); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pbmulticluster_v2beta1_partition_exported_services_proto_goTypes, - DependencyIndexes: file_pbmulticluster_v2beta1_partition_exported_services_proto_depIdxs, - MessageInfos: file_pbmulticluster_v2beta1_partition_exported_services_proto_msgTypes, - }.Build() - File_pbmulticluster_v2beta1_partition_exported_services_proto = out.File - file_pbmulticluster_v2beta1_partition_exported_services_proto_rawDesc = nil - file_pbmulticluster_v2beta1_partition_exported_services_proto_goTypes = nil - file_pbmulticluster_v2beta1_partition_exported_services_proto_depIdxs = nil -} diff --git a/proto-public/pbmulticluster/v2beta1/partition_exported_services.proto b/proto-public/pbmulticluster/v2beta1/partition_exported_services.proto deleted file mode 100644 index b3cf249a0c90f..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/partition_exported_services.proto +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -syntax = "proto3"; - -package hashicorp.consul.multicluster.v2beta1; - -import "pbmulticluster/v2beta1/exported_services_consumer.proto"; -import "pbresource/annotations.proto"; - -message PartitionExportedServices { - option (hashicorp.consul.resource.spec) = {scope: SCOPE_PARTITION}; - - repeated ExportedServicesConsumer consumers = 1; -} diff --git a/proto-public/pbmulticluster/v2beta1/partition_exported_services_deepcopy.gen.go b/proto-public/pbmulticluster/v2beta1/partition_exported_services_deepcopy.gen.go deleted file mode 100644 index 9f048e16d2008..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/partition_exported_services_deepcopy.gen.go +++ /dev/null @@ -1,27 +0,0 @@ -// Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package multiclusterv2beta1 - -import ( - proto "google.golang.org/protobuf/proto" -) - -// DeepCopyInto supports using PartitionExportedServices within kubernetes types, where deepcopy-gen is used. -func (in *PartitionExportedServices) DeepCopyInto(out *PartitionExportedServices) { - proto.Reset(out) - proto.Merge(out, proto.Clone(in)) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PartitionExportedServices. Required by controller-gen. -func (in *PartitionExportedServices) DeepCopy() *PartitionExportedServices { - if in == nil { - return nil - } - out := new(PartitionExportedServices) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PartitionExportedServices. Required by controller-gen. -func (in *PartitionExportedServices) DeepCopyInterface() interface{} { - return in.DeepCopy() -} diff --git a/proto-public/pbmulticluster/v2beta1/partition_exported_services_json.gen.go b/proto-public/pbmulticluster/v2beta1/partition_exported_services_json.gen.go deleted file mode 100644 index e9dfafd702740..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/partition_exported_services_json.gen.go +++ /dev/null @@ -1,22 +0,0 @@ -// Code generated by protoc-json-shim. DO NOT EDIT. -package multiclusterv2beta1 - -import ( - protojson "google.golang.org/protobuf/encoding/protojson" -) - -// MarshalJSON is a custom marshaler for PartitionExportedServices -func (this *PartitionExportedServices) MarshalJSON() ([]byte, error) { - str, err := PartitionExportedServicesMarshaler.Marshal(this) - return []byte(str), err -} - -// UnmarshalJSON is a custom unmarshaler for PartitionExportedServices -func (this *PartitionExportedServices) UnmarshalJSON(b []byte) error { - return PartitionExportedServicesUnmarshaler.Unmarshal(b, this) -} - -var ( - PartitionExportedServicesMarshaler = &protojson.MarshalOptions{} - PartitionExportedServicesUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} -) diff --git a/proto-public/pbmulticluster/v2beta1/resource_types.gen.go b/proto-public/pbmulticluster/v2beta1/resource_types.gen.go deleted file mode 100644 index 910811b98f931..0000000000000 --- a/proto-public/pbmulticluster/v2beta1/resource_types.gen.go +++ /dev/null @@ -1,43 +0,0 @@ -// Code generated by protoc-gen-resource-types. DO NOT EDIT. - -package multiclusterv2beta1 - -import ( - "github.com/hashicorp/consul/proto-public/pbresource" -) - -const ( - GroupName = "multicluster" - Version = "v2beta1" - - ComputedExportedServicesKind = "ComputedExportedServices" - ExportedServicesKind = "ExportedServices" - NamespaceExportedServicesKind = "NamespaceExportedServices" - PartitionExportedServicesKind = "PartitionExportedServices" -) - -var ( - ComputedExportedServicesType = &pbresource.Type{ - Group: GroupName, - GroupVersion: Version, - Kind: ComputedExportedServicesKind, - } - - ExportedServicesType = &pbresource.Type{ - Group: GroupName, - GroupVersion: Version, - Kind: ExportedServicesKind, - } - - NamespaceExportedServicesType = &pbresource.Type{ - Group: GroupName, - GroupVersion: Version, - Kind: NamespaceExportedServicesKind, - } - - PartitionExportedServicesType = &pbresource.Type{ - Group: GroupName, - GroupVersion: Version, - Kind: PartitionExportedServicesKind, - } -) diff --git a/proto-public/pbresource/resource.pb.go b/proto-public/pbresource/resource.pb.go index 1bb6e269b010a..0a88a4eea444e 100644 --- a/proto-public/pbresource/resource.pb.go +++ b/proto-public/pbresource/resource.pb.go @@ -399,7 +399,6 @@ type Resource struct { // can treat its timestamp component as the resource's modification time. Generation string `protobuf:"bytes,4,opt,name=generation,proto3" json:"generation,omitempty"` // Metadata contains key/value pairs of arbitrary metadata about the resource. - // "deletionTimestamp" and "finalizers" keys are reserved for internal use. Metadata map[string]string `protobuf:"bytes,5,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Status is used by controllers to communicate the result of attempting to // reconcile and apply the resource (e.g. surface semantic validation errors) diff --git a/proto-public/pbresource/resource.proto b/proto-public/pbresource/resource.proto index 814e039a443ec..9e65647587b76 100644 --- a/proto-public/pbresource/resource.proto +++ b/proto-public/pbresource/resource.proto @@ -99,7 +99,6 @@ message Resource { string generation = 4; // Metadata contains key/value pairs of arbitrary metadata about the resource. - // "deletionTimestamp" and "finalizers" keys are reserved for internal use. map metadata = 5; // Status is used by controllers to communicate the result of attempting to diff --git a/proto-public/pbtenancy/v2beta1/namespace.pb.binary.go b/proto-public/pbtenancy/v1alpha1/namespace.pb.binary.go similarity index 84% rename from proto-public/pbtenancy/v2beta1/namespace.pb.binary.go rename to proto-public/pbtenancy/v1alpha1/namespace.pb.binary.go index 1884a0943b0da..f6097062d32dc 100644 --- a/proto-public/pbtenancy/v2beta1/namespace.pb.binary.go +++ b/proto-public/pbtenancy/v1alpha1/namespace.pb.binary.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: pbtenancy/v2beta1/namespace.proto +// source: pbtenancy/v1alpha1/namespace.proto -package tenancyv2beta1 +package tenancyv1alpha1 import ( "google.golang.org/protobuf/proto" diff --git a/proto-public/pbtenancy/v1alpha1/namespace.pb.go b/proto-public/pbtenancy/v1alpha1/namespace.pb.go new file mode 100644 index 0000000000000..4fb9e32260fe2 --- /dev/null +++ b/proto-public/pbtenancy/v1alpha1/namespace.pb.go @@ -0,0 +1,172 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.31.0 +// protoc (unknown) +// source: pbtenancy/v1alpha1/namespace.proto + +package tenancyv1alpha1 + +import ( + _ "github.com/hashicorp/consul/proto-public/pbresource" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// The name of the Namespace is in the outer Resource.ID.Name. +// It must be unique within a partition and must be a +// DNS hostname. There are also other reserved names that may not be used. +type Namespace struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Description is where the user puts any information they want + // about the namespace. It is not used internally. + Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"` +} + +func (x *Namespace) Reset() { + *x = Namespace{} + if protoimpl.UnsafeEnabled { + mi := &file_pbtenancy_v1alpha1_namespace_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Namespace) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Namespace) ProtoMessage() {} + +func (x *Namespace) ProtoReflect() protoreflect.Message { + mi := &file_pbtenancy_v1alpha1_namespace_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Namespace.ProtoReflect.Descriptor instead. +func (*Namespace) Descriptor() ([]byte, []int) { + return file_pbtenancy_v1alpha1_namespace_proto_rawDescGZIP(), []int{0} +} + +func (x *Namespace) GetDescription() string { + if x != nil { + return x.Description + } + return "" +} + +var File_pbtenancy_v1alpha1_namespace_proto protoreflect.FileDescriptor + +var file_pbtenancy_v1alpha1_namespace_proto_rawDesc = []byte{ + 0x0a, 0x22, 0x70, 0x62, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x2f, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x2f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x21, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1c, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x35, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, 0x02, 0x42, 0xab, 0x02, 0x0a, + 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x0e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, + 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x4b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, + 0x69, 0x63, 0x2f, 0x70, 0x62, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x54, 0xaa, 0x02, 0x21, 0x48, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x54, + 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, + 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x5c, 0x54, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, + 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x54, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x5c, 0x56, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, + 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x54, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, + 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, +} + +var ( + file_pbtenancy_v1alpha1_namespace_proto_rawDescOnce sync.Once + file_pbtenancy_v1alpha1_namespace_proto_rawDescData = file_pbtenancy_v1alpha1_namespace_proto_rawDesc +) + +func file_pbtenancy_v1alpha1_namespace_proto_rawDescGZIP() []byte { + file_pbtenancy_v1alpha1_namespace_proto_rawDescOnce.Do(func() { + file_pbtenancy_v1alpha1_namespace_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbtenancy_v1alpha1_namespace_proto_rawDescData) + }) + return file_pbtenancy_v1alpha1_namespace_proto_rawDescData +} + +var file_pbtenancy_v1alpha1_namespace_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_pbtenancy_v1alpha1_namespace_proto_goTypes = []interface{}{ + (*Namespace)(nil), // 0: hashicorp.consul.tenancy.v1alpha1.Namespace +} +var file_pbtenancy_v1alpha1_namespace_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_pbtenancy_v1alpha1_namespace_proto_init() } +func file_pbtenancy_v1alpha1_namespace_proto_init() { + if File_pbtenancy_v1alpha1_namespace_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_pbtenancy_v1alpha1_namespace_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Namespace); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pbtenancy_v1alpha1_namespace_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pbtenancy_v1alpha1_namespace_proto_goTypes, + DependencyIndexes: file_pbtenancy_v1alpha1_namespace_proto_depIdxs, + MessageInfos: file_pbtenancy_v1alpha1_namespace_proto_msgTypes, + }.Build() + File_pbtenancy_v1alpha1_namespace_proto = out.File + file_pbtenancy_v1alpha1_namespace_proto_rawDesc = nil + file_pbtenancy_v1alpha1_namespace_proto_goTypes = nil + file_pbtenancy_v1alpha1_namespace_proto_depIdxs = nil +} diff --git a/proto-public/pbtenancy/v2beta1/namespace.proto b/proto-public/pbtenancy/v1alpha1/namespace.proto similarity index 91% rename from proto-public/pbtenancy/v2beta1/namespace.proto rename to proto-public/pbtenancy/v1alpha1/namespace.proto index 6d4a739f6e21f..e90b10c1e573c 100644 --- a/proto-public/pbtenancy/v2beta1/namespace.proto +++ b/proto-public/pbtenancy/v1alpha1/namespace.proto @@ -1,6 +1,6 @@ syntax = "proto3"; -package hashicorp.consul.tenancy.v2beta1; +package hashicorp.consul.tenancy.v1alpha1; import "pbresource/annotations.proto"; diff --git a/proto-public/pbtenancy/v2beta1/namespace_deepcopy.gen.go b/proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go similarity index 97% rename from proto-public/pbtenancy/v2beta1/namespace_deepcopy.gen.go rename to proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go index 2384004c869f3..97af531ab3330 100644 --- a/proto-public/pbtenancy/v2beta1/namespace_deepcopy.gen.go +++ b/proto-public/pbtenancy/v1alpha1/namespace_deepcopy.gen.go @@ -1,5 +1,5 @@ // Code generated by protoc-gen-deepcopy. DO NOT EDIT. -package tenancyv2beta1 +package tenancyv1alpha1 import ( proto "google.golang.org/protobuf/proto" diff --git a/proto-public/pbtenancy/v2beta1/namespace_json.gen.go b/proto-public/pbtenancy/v1alpha1/namespace_json.gen.go similarity index 96% rename from proto-public/pbtenancy/v2beta1/namespace_json.gen.go rename to proto-public/pbtenancy/v1alpha1/namespace_json.gen.go index 4ad7901c16c3c..9df4de9df7199 100644 --- a/proto-public/pbtenancy/v2beta1/namespace_json.gen.go +++ b/proto-public/pbtenancy/v1alpha1/namespace_json.gen.go @@ -1,5 +1,5 @@ // Code generated by protoc-json-shim. DO NOT EDIT. -package tenancyv2beta1 +package tenancyv1alpha1 import ( protojson "google.golang.org/protobuf/encoding/protojson" diff --git a/proto-public/pbtenancy/v2beta1/resource_types.gen.go b/proto-public/pbtenancy/v1alpha1/resource_types.gen.go similarity index 87% rename from proto-public/pbtenancy/v2beta1/resource_types.gen.go rename to proto-public/pbtenancy/v1alpha1/resource_types.gen.go index b0c3040408234..f1b6f70cf1038 100644 --- a/proto-public/pbtenancy/v2beta1/resource_types.gen.go +++ b/proto-public/pbtenancy/v1alpha1/resource_types.gen.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-resource-types. DO NOT EDIT. -package tenancyv2beta1 +package tenancyv1alpha1 import ( "github.com/hashicorp/consul/proto-public/pbresource" @@ -8,7 +8,7 @@ import ( const ( GroupName = "tenancy" - Version = "v2beta1" + Version = "v1alpha1" NamespaceKind = "Namespace" ) diff --git a/proto-public/pbtenancy/v2beta1/namespace.pb.go b/proto-public/pbtenancy/v2beta1/namespace.pb.go deleted file mode 100644 index 4ef901783d72f..0000000000000 --- a/proto-public/pbtenancy/v2beta1/namespace.pb.go +++ /dev/null @@ -1,171 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.31.0 -// protoc (unknown) -// source: pbtenancy/v2beta1/namespace.proto - -package tenancyv2beta1 - -import ( - _ "github.com/hashicorp/consul/proto-public/pbresource" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// The name of the Namespace is in the outer Resource.ID.Name. -// It must be unique within a partition and must be a -// DNS hostname. There are also other reserved names that may not be used. -type Namespace struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Description is where the user puts any information they want - // about the namespace. It is not used internally. - Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"` -} - -func (x *Namespace) Reset() { - *x = Namespace{} - if protoimpl.UnsafeEnabled { - mi := &file_pbtenancy_v2beta1_namespace_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Namespace) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Namespace) ProtoMessage() {} - -func (x *Namespace) ProtoReflect() protoreflect.Message { - mi := &file_pbtenancy_v2beta1_namespace_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Namespace.ProtoReflect.Descriptor instead. -func (*Namespace) Descriptor() ([]byte, []int) { - return file_pbtenancy_v2beta1_namespace_proto_rawDescGZIP(), []int{0} -} - -func (x *Namespace) GetDescription() string { - if x != nil { - return x.Description - } - return "" -} - -var File_pbtenancy_v2beta1_namespace_proto protoreflect.FileDescriptor - -var file_pbtenancy_v2beta1_namespace_proto_rawDesc = []byte{ - 0x0a, 0x21, 0x70, 0x62, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x2f, 0x76, 0x32, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x2f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x20, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x2e, 0x76, 0x32, - 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1c, 0x70, 0x62, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x22, 0x35, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, 0x02, 0x42, 0xa4, 0x02, 0x0a, 0x24, 0x63, - 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x2e, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x2e, 0x76, 0x32, 0x62, 0x65, - 0x74, 0x61, 0x31, 0x42, 0x0e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x50, 0x72, - 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x49, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, - 0x70, 0x62, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x3b, 0x74, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0xa2, 0x02, 0x03, 0x48, 0x43, 0x54, 0xaa, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x54, 0x65, 0x6e, 0x61, 0x6e, 0x63, - 0x79, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x54, 0x65, 0x6e, - 0x61, 0x6e, 0x63, 0x79, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x2c, 0x48, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, - 0x54, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, - 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x23, 0x48, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, - 0x3a, 0x54, 0x65, 0x6e, 0x61, 0x6e, 0x63, 0x79, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, - 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_pbtenancy_v2beta1_namespace_proto_rawDescOnce sync.Once - file_pbtenancy_v2beta1_namespace_proto_rawDescData = file_pbtenancy_v2beta1_namespace_proto_rawDesc -) - -func file_pbtenancy_v2beta1_namespace_proto_rawDescGZIP() []byte { - file_pbtenancy_v2beta1_namespace_proto_rawDescOnce.Do(func() { - file_pbtenancy_v2beta1_namespace_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbtenancy_v2beta1_namespace_proto_rawDescData) - }) - return file_pbtenancy_v2beta1_namespace_proto_rawDescData -} - -var file_pbtenancy_v2beta1_namespace_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_pbtenancy_v2beta1_namespace_proto_goTypes = []interface{}{ - (*Namespace)(nil), // 0: hashicorp.consul.tenancy.v2beta1.Namespace -} -var file_pbtenancy_v2beta1_namespace_proto_depIdxs = []int32{ - 0, // [0:0] is the sub-list for method output_type - 0, // [0:0] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_pbtenancy_v2beta1_namespace_proto_init() } -func file_pbtenancy_v2beta1_namespace_proto_init() { - if File_pbtenancy_v2beta1_namespace_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pbtenancy_v2beta1_namespace_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Namespace); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pbtenancy_v2beta1_namespace_proto_rawDesc, - NumEnums: 0, - NumMessages: 1, - NumExtensions: 0, - NumServices: 0, - }, - GoTypes: file_pbtenancy_v2beta1_namespace_proto_goTypes, - DependencyIndexes: file_pbtenancy_v2beta1_namespace_proto_depIdxs, - MessageInfos: file_pbtenancy_v2beta1_namespace_proto_msgTypes, - }.Build() - File_pbtenancy_v2beta1_namespace_proto = out.File - file_pbtenancy_v2beta1_namespace_proto_rawDesc = nil - file_pbtenancy_v2beta1_namespace_proto_goTypes = nil - file_pbtenancy_v2beta1_namespace_proto_depIdxs = nil -} diff --git a/sdk/iptables/iptables.go b/sdk/iptables/iptables.go index ad81946551216..32f089a6c9a82 100644 --- a/sdk/iptables/iptables.go +++ b/sdk/iptables/iptables.go @@ -78,11 +78,8 @@ type Provider interface { // ApplyRules executes rules that have been added via AddRule. // This operation is currently not atomic, and if there's an error applying rules, // you may be left in a state where partial rules were applied. - // ApplyRules should not be called twice on the same instance in order to avoid - // duplicate rule application. ApplyRules() error - // Rules returns the list of rules that have been added (including those not yet - // applied). + // Rules returns the list of rules that have been added but not applied yet. Rules() []string } diff --git a/sdk/testutil/io.go b/sdk/testutil/io.go index 38722cc981593..7b446339728b4 100644 --- a/sdk/testutil/io.go +++ b/sdk/testutil/io.go @@ -16,7 +16,7 @@ var saveSnapshot = strings.ToLower(os.Getenv("TEST_SAVE_SNAPSHOT")) == "true" // If the directory cannot be created t.Fatal is called. // The directory will be removed when the test ends. Set TEST_NOCLEANUP env var // to prevent the directory from being removed. -func TempDir(t TestingTB, name string) string { +func TempDir(t testing.TB, name string) string { if t == nil { panic("argument t must be non-nil") } diff --git a/sdk/testutil/retry/doc.go b/sdk/testutil/retry/doc.go deleted file mode 100644 index 4afaac062bb22..0000000000000 --- a/sdk/testutil/retry/doc.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -// Package retry provides support for repeating operations in tests. -// -// A sample retry operation looks like this: -// -// func TestX(t *testing.T) { -// retry.Run(t, func(r *retry.R) { -// if err := foo(); err != nil { -// r.Errorf("foo: %s", err) -// return -// } -// }) -// } -// -// Run uses the DefaultFailer, which is a Timer with a Timeout of 7s, -// and a Wait of 25ms. To customize, use RunWith. -// -// WARNING: unlike *testing.T, *retry.R#Fatal and FailNow *do not* -// fail the test function entirely, only the current run the retry func -package retry diff --git a/sdk/testutil/retry/interface.go b/sdk/testutil/retry/interface.go deleted file mode 100644 index 78d2d948ffe18..0000000000000 --- a/sdk/testutil/retry/interface.go +++ /dev/null @@ -1,35 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package retry - -import ( - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -var nilInf TestingTB = nil - -// Assertion that our TestingTB can be passed to -var _ require.TestingT = nilInf -var _ assert.TestingT = nilInf - -// TestingTB is an interface that describes the implementation of the testing object. -// Using an interface that describes testing.TB instead of the actual implementation -// makes testutil usable in a wider variety of contexts (e.g. use with ginkgo : https://godoc.org/github.com/onsi/ginkgo#GinkgoT) -type TestingTB interface { - Cleanup(func()) - Error(args ...any) - Errorf(format string, args ...any) - Fail() - FailNow() - Failed() bool - Fatal(args ...any) - Fatalf(format string, args ...any) - Helper() - Log(args ...any) - Logf(format string, args ...any) - Name() string - Setenv(key, value string) - TempDir() string -} diff --git a/sdk/testutil/retry/output.go b/sdk/testutil/retry/output.go deleted file mode 100644 index 6d4006f42d028..0000000000000 --- a/sdk/testutil/retry/output.go +++ /dev/null @@ -1,42 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package retry - -import ( - "bytes" - "fmt" - "runtime" - "strings" -) - -func dedup(a []string) string { - if len(a) == 0 { - return "" - } - seen := map[string]struct{}{} - var b bytes.Buffer - for _, s := range a { - if _, ok := seen[s]; ok { - continue - } - seen[s] = struct{}{} - b.WriteString(s) - b.WriteRune('\n') - } - return b.String() -} - -func decorate(s string) string { - _, file, line, ok := runtime.Caller(3) - if ok { - n := strings.LastIndex(file, "/") - if n >= 0 { - file = file[n+1:] - } - } else { - file = "???" - line = 1 - } - return fmt.Sprintf("%s:%d: %s", file, line, s) -} diff --git a/sdk/testutil/retry/retry.go b/sdk/testutil/retry/retry.go index a8a8ac5d6fe4e..af468460d592a 100644 --- a/sdk/testutil/retry/retry.go +++ b/sdk/testutil/retry/retry.go @@ -1,232 +1,263 @@ // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 +// Package retry provides support for repeating operations in tests. +// +// A sample retry operation looks like this: +// +// func TestX(t *testing.T) { +// retry.Run(t, func(r *retry.R) { +// if err := foo(); err != nil { +// r.Errorf("foo: %s", err) +// return +// } +// }) +// } +// +// Run uses the DefaultFailer, which is a Timer with a Timeout of 7s, +// and a Wait of 25ms. To customize, use RunWith. +// +// WARNING: unlike *testing.T, *retry.R#Fatal and FailNow *do not* +// fail the test function entirely, only the current run the retry func package retry import ( + "bytes" "fmt" - "os" + "runtime" + "strings" + "time" ) -var _ TestingTB = &R{} +// Failer is an interface compatible with testing.T. +type Failer interface { + Helper() -type R struct { - wrapped TestingTB - retryer Retryer - - done bool - fullOutput bool - immediateCleanup bool + // Log is called for the final test output + Log(args ...interface{}) - attempts []*attempt + // FailNow is called when the retrying is abandoned. + FailNow() } -func (r *R) Cleanup(clean func()) { - if r.immediateCleanup { - a := r.getCurrentAttempt() - a.cleanups = append(a.cleanups, clean) - } else { - r.wrapped.Cleanup(clean) - } -} +// R provides context for the retryer. +// +// Logs from Logf, (Error|Fatal)(f) are gathered in an internal buffer +// and printed only if the retryer fails. Printed logs are deduped and +// prefixed with source code line numbers +type R struct { + // fail is set by FailNow and (Fatal|Error)(f). It indicates the pass + // did not succeed, and should be retried + fail bool + // done is set by Stop. It indicates the entire run was a failure, + // and triggers t.FailNow() + done bool + output []string -func (r *R) Error(args ...any) { - r.Log(args...) - r.Fail() + cleanups []func() } -func (r *R) Errorf(format string, args ...any) { - r.Logf(format, args...) - r.Fail() +func (r *R) Logf(format string, args ...interface{}) { + r.log(fmt.Sprintf(format, args...)) } -func (r *R) Fail() { - r.getCurrentAttempt().failed = true +func (r *R) Log(args ...interface{}) { + r.log(fmt.Sprintln(args...)) } -func (r *R) FailNow() { - r.Fail() - panic(attemptFailed{}) -} +func (r *R) Helper() {} -func (r *R) Failed() bool { - return r.getCurrentAttempt().failed +// Cleanup register a function to be run to cleanup resources that +// were allocated during the retry attempt. These functions are executed +// after a retry attempt. If they panic, it will not stop further retry +// attempts but will be cause for the overall test failure. +func (r *R) Cleanup(fn func()) { + r.cleanups = append(r.cleanups, fn) } -func (r *R) Fatal(args ...any) { - r.Log(args...) - r.FailNow() -} +func (r *R) runCleanup() { -func (r *R) Fatalf(format string, args ...any) { - r.Logf(format, args...) - r.FailNow() + // Make sure that if a cleanup function panics, + // we still run the remaining cleanup functions. + defer func() { + err := recover() + if err != nil { + r.Stop(fmt.Errorf("error when performing test cleanup: %v", err)) + } + if len(r.cleanups) > 0 { + r.runCleanup() + } + }() + + for len(r.cleanups) > 0 { + var cleanup func() + if len(r.cleanups) > 0 { + last := len(r.cleanups) - 1 + cleanup = r.cleanups[last] + r.cleanups = r.cleanups[:last] + } + if cleanup != nil { + cleanup() + } + } } -func (r *R) Helper() { - // *testing.T will just record which functions are helpers by their addresses and - // it doesn't much matter where where we record that they are helpers - r.wrapped.Helper() +// runFailed is a sentinel value to indicate that the func itself +// didn't panic, rather that `FailNow` was called. +type runFailed struct{} + +// FailNow stops run execution. It is roughly equivalent to: +// +// r.Error("") +// return +// +// inside the function being run. +func (r *R) FailNow() { + r.fail = true + panic(runFailed{}) } -func (r *R) Log(args ...any) { - r.log(fmt.Sprintln(args...)) +// Fatal is equivalent to r.Logf(args) followed by r.FailNow(), i.e. the run +// function should be exited. Retries on the next run are allowed. Fatal is +// equivalent to +// +// r.Error(args) +// return +// +// inside the function being run. +func (r *R) Fatal(args ...interface{}) { + r.log(fmt.Sprint(args...)) + r.FailNow() } -func (r *R) Logf(format string, args ...any) { +// Fatalf is like Fatal but allows a format string +func (r *R) Fatalf(format string, args ...interface{}) { r.log(fmt.Sprintf(format, args...)) + r.FailNow() } -// Name will return the name of the underlying TestingT. -func (r *R) Name() string { - return r.wrapped.Name() +// Error indicates the current run encountered an error and should be retried. +// It *does not* stop execution of the rest of the run function. +func (r *R) Error(args ...interface{}) { + r.log(fmt.Sprint(args...)) + r.fail = true } -// Setenv will save the current value of the specified env var, set it to the -// specified value and then restore it to the original value in a cleanup function -// once the retry attempt has finished. -func (r *R) Setenv(key, value string) { - prevValue, ok := os.LookupEnv(key) - - if err := os.Setenv(key, value); err != nil { - r.wrapped.Fatalf("cannot set environment variable: %v", err) - } - - if ok { - r.Cleanup(func() { - os.Setenv(key, prevValue) - }) - } else { - r.Cleanup(func() { - os.Unsetenv(key) - }) - } -} - -// TempDir will use the wrapped TestingT to create a temporary directory -// that will be cleaned up when ALL RETRYING has finished. -func (r *R) TempDir() string { - return r.wrapped.TempDir() +// Errorf is like Error but allows a format string +func (r *R) Errorf(format string, args ...interface{}) { + r.log(fmt.Sprintf(format, args...)) + r.fail = true } -// Check will call r.Fatal(err) if err is not nil +// If err is non-nil, equivalent to r.Fatal(err.Error()) followed by +// r.FailNow(). Otherwise a no-op. func (r *R) Check(err error) { if err != nil { - r.Fatal(err) + r.log(err.Error()) + r.FailNow() } } +func (r *R) log(s string) { + r.output = append(r.output, decorate(s)) +} + +// Stop retrying, and fail the test, logging the specified error. +// Does not stop execution, so return should be called after. func (r *R) Stop(err error) { r.log(err.Error()) r.done = true } -func (r *R) failCurrentAttempt() { - r.getCurrentAttempt().failed = true +func decorate(s string) string { + _, file, line, ok := runtime.Caller(3) + if ok { + n := strings.LastIndex(file, "/") + if n >= 0 { + file = file[n+1:] + } + } else { + file = "???" + line = 1 + } + return fmt.Sprintf("%s:%d: %s", file, line, s) } -func (r *R) log(s string) { - a := r.getCurrentAttempt() - a.output = append(a.output, decorate(s)) +func Run(t Failer, f func(r *R)) { + t.Helper() + run(DefaultFailer(), t, f) } -func (r *R) getCurrentAttempt() *attempt { - if len(r.attempts) == 0 { - panic("no retry attempts have been started yet") - } - - return r.attempts[len(r.attempts)-1] +func RunWith(r Retryer, t Failer, f func(r *R)) { + t.Helper() + run(r, t, f) } -// cleanupAttempt will perform all the register cleanup operations recorded -// during execution of the single round of the test function. -func (r *R) cleanupAttempt(a *attempt) { - // Make sure that if a cleanup function panics, - // we still run the remaining cleanup functions. - defer func() { - err := recover() - if err != nil { - r.Stop(fmt.Errorf("error when performing test cleanup: %v", err)) - } - if len(a.cleanups) > 0 { - r.cleanupAttempt(a) - } - }() - - for len(a.cleanups) > 0 { - var cleanup func() - if len(a.cleanups) > 0 { - last := len(a.cleanups) - 1 - cleanup = a.cleanups[last] - a.cleanups = a.cleanups[:last] - } - if cleanup != nil { - cleanup() +func dedup(a []string) string { + if len(a) == 0 { + return "" + } + seen := map[string]struct{}{} + var b bytes.Buffer + for _, s := range a { + if _, ok := seen[s]; ok { + continue } + seen[s] = struct{}{} + b.WriteString(s) + b.WriteRune('\n') } + return b.String() } -// runAttempt will execute one round of the test function and handle cleanups and panic recovery -// of a failed attempt that should not stop retrying. -func (r *R) runAttempt(f func(r *R)) { - r.Helper() - - a := &attempt{} - r.attempts = append(r.attempts, a) +func run(r Retryer, t Failer, f func(r *R)) { + t.Helper() + rr := &R{} - defer r.cleanupAttempt(a) - defer func() { - if p := recover(); p != nil && p != (attemptFailed{}) { - panic(p) + fail := func() { + t.Helper() + out := dedup(rr.output) + if out != "" { + t.Log(out) } - }() - f(r) -} - -func (r *R) run(f func(r *R)) { - r.Helper() + t.FailNow() + } - for r.retryer.Continue() { - r.runAttempt(f) + for r.Continue() { + // run f(rr), but if recover yields a runFailed value, we know + // FailNow was called. + func() { + defer rr.runCleanup() + defer func() { + if p := recover(); p != nil && p != (runFailed{}) { + panic(p) + } + }() + f(rr) + }() switch { - case r.done: - r.recordRetryFailure() + case rr.done: + fail() return - case !r.Failed(): - // the current attempt did not fail so we can go ahead and return + case !rr.fail: return } + rr.fail = false } - - // We cannot retry any more and no attempt has succeeded yet. - r.recordRetryFailure() + fail() } -func (r *R) recordRetryFailure() { - r.Helper() - output := r.getCurrentAttempt().output - if r.fullOutput { - var combined []string - for _, attempt := range r.attempts { - combined = append(combined, attempt.output...) - } - output = combined - } - - out := dedup(output) - if out != "" { - r.wrapped.Log(out) - } - r.wrapped.FailNow() +// DefaultFailer provides default retry.Run() behavior for unit tests, namely +// 7s timeout with a wait of 25ms +func DefaultFailer() *Timer { + return &Timer{Timeout: 7 * time.Second, Wait: 25 * time.Millisecond} } -type attempt struct { - failed bool - output []string - cleanups []func() +// Retryer provides an interface for repeating operations +// until they succeed or an exit condition is met. +type Retryer interface { + // Continue returns true if the operation should be repeated, otherwise it + // returns false to indicate retrying should stop. + Continue() bool } - -// attemptFailed is a sentinel value to indicate that the func itself -// didn't panic, rather that `FailNow` was called. -type attemptFailed struct{} diff --git a/sdk/testutil/retry/retry_test.go b/sdk/testutil/retry/retry_test.go index ecc8e5608232e..77bc2d4d9f96b 100644 --- a/sdk/testutil/retry/retry_test.go +++ b/sdk/testutil/retry/retry_test.go @@ -62,7 +62,7 @@ func TestBasics(t *testing.T) { t.Run("Fatal returns from func, but does not fail test", func(t *testing.T) { i := 0 gotHere := false - ft := &fakeT{T: t} + ft := &fakeT{} Run(ft, func(r *R) { i++ t.Logf("i: %d; r: %#v", i, r) @@ -97,7 +97,7 @@ func TestBasics(t *testing.T) { func TestRunWith(t *testing.T) { t.Run("calls FailNow after exceeding retries", func(t *testing.T) { - ft := &fakeT{T: t} + ft := &fakeT{} iter := 0 RunWith(&Counter{Count: 3, Wait: time.Millisecond}, ft, func(r *R) { iter++ @@ -109,7 +109,7 @@ func TestRunWith(t *testing.T) { }) t.Run("Stop ends the retrying", func(t *testing.T) { - ft := &fakeT{T: t} + ft := &fakeT{} iter := 0 RunWith(&Counter{Count: 5, Wait: time.Millisecond}, ft, func(r *R) { iter++ @@ -128,54 +128,38 @@ func TestRunWith(t *testing.T) { }) } -func TestCleanup_Passthrough(t *testing.T) { - -} - func TestCleanup(t *testing.T) { - t.Run("basic", func(t *testing.T) { - ft := &fakeT{T: t} + ft := &fakeT{} cleanupsExecuted := 0 - - Run( - ft, - func(r *R) { - r.Cleanup(func() { - cleanupsExecuted += 1 - }) - }, - WithImmediateCleanup(), - WithRetryer(&Counter{Count: 2, Wait: time.Millisecond}), - ) + RunWith(&Counter{Count: 2, Wait: time.Millisecond}, ft, func(r *R) { + r.Cleanup(func() { + cleanupsExecuted += 1 + }) + }) require.Equal(t, 0, ft.fails) require.Equal(t, 1, cleanupsExecuted) }) t.Run("cleanup-panic-recovery", func(t *testing.T) { - ft := &fakeT{T: t} + ft := &fakeT{} cleanupsExecuted := 0 - Run( - ft, - func(r *R) { - r.Cleanup(func() { - cleanupsExecuted += 1 - }) + RunWith(&Counter{Count: 2, Wait: time.Millisecond}, ft, func(r *R) { + r.Cleanup(func() { + cleanupsExecuted += 1 + }) - r.Cleanup(func() { - cleanupsExecuted += 1 - panic(fmt.Errorf("fake test error")) - }) + r.Cleanup(func() { + cleanupsExecuted += 1 + panic(fmt.Errorf("fake test error")) + }) - r.Cleanup(func() { - cleanupsExecuted += 1 - }) + r.Cleanup(func() { + cleanupsExecuted += 1 + }) - // test is successful but should fail due to the cleanup panicing - }, - WithRetryer(&Counter{Count: 2, Wait: time.Millisecond}), - WithImmediateCleanup(), - ) + // test is successful but should fail due to the cleanup panicing + }) require.Equal(t, 3, cleanupsExecuted) require.Equal(t, 1, ft.fails) @@ -183,71 +167,33 @@ func TestCleanup(t *testing.T) { }) t.Run("cleanup-per-retry", func(t *testing.T) { - ft := &fakeT{T: t} + ft := &fakeT{} iter := 0 cleanupsExecuted := 0 - Run( - ft, - func(r *R) { - if cleanupsExecuted != iter { - r.Stop(fmt.Errorf("cleanups not executed between retries")) - return - } - iter += 1 + RunWith(&Counter{Count: 3, Wait: time.Millisecond}, ft, func(r *R) { + if cleanupsExecuted != iter { + r.Stop(fmt.Errorf("cleanups not executed between retries")) + return + } + iter += 1 - r.Cleanup(func() { - cleanupsExecuted += 1 - }) + r.Cleanup(func() { + cleanupsExecuted += 1 + }) - r.FailNow() - }, - WithRetryer(&Counter{Count: 3, Wait: time.Millisecond}), - WithImmediateCleanup(), - ) + r.FailNow() + }) require.Equal(t, 3, cleanupsExecuted) // ensure that r.Stop hadn't been called. If it was then we would // have log output require.Len(t, ft.out, 0) }) - - t.Run("passthrough-to-t", func(t *testing.T) { - cleanupsExecuted := 0 - - require.True(t, t.Run("internal", func(t *testing.T) { - iter := 0 - Run( - t, - func(r *R) { - iter++ - - r.Cleanup(func() { - cleanupsExecuted += 1 - }) - - // fail all but the last one to ensure the right number of cleanups - // are eventually executed - if iter < 3 { - r.FailNow() - } - }, - WithRetryer(&Counter{Count: 3, Wait: time.Millisecond}), - ) - - // at this point nothing should be cleaned up - require.Equal(t, 0, cleanupsExecuted) - })) - - // now since the subtest finished the test cleanup funcs - // should have been executed. - require.Equal(t, 3, cleanupsExecuted) - }) } type fakeT struct { fails int out []string - *testing.T } func (f *fakeT) Helper() {} @@ -260,4 +206,4 @@ func (f *fakeT) FailNow() { f.fails++ } -var _ TestingTB = &fakeT{} +var _ Failer = &fakeT{} diff --git a/sdk/testutil/retry/retryer.go b/sdk/testutil/retry/retryer.go deleted file mode 100644 index 45f41988f21e9..0000000000000 --- a/sdk/testutil/retry/retryer.go +++ /dev/null @@ -1,36 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package retry - -import "time" - -// Retryer provides an interface for repeating operations -// until they succeed or an exit condition is met. -type Retryer interface { - // Continue returns true if the operation should be repeated, otherwise it - // returns false to indicate retrying should stop. - Continue() bool -} - -// DefaultRetryer provides default retry.Run() behavior for unit tests, namely -// 7s timeout with a wait of 25ms -func DefaultRetryer() Retryer { - return &Timer{Timeout: 7 * time.Second, Wait: 25 * time.Millisecond} -} - -// ThirtySeconds repeats an operation for thirty seconds and waits 500ms in between. -// Best for known slower operations like waiting on eventually consistent state. -func ThirtySeconds() *Timer { - return &Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond} -} - -// TwoSeconds repeats an operation for two seconds and waits 25ms in between. -func TwoSeconds() *Timer { - return &Timer{Timeout: 2 * time.Second, Wait: 25 * time.Millisecond} -} - -// ThreeTimes repeats an operation three times and waits 25ms in between. -func ThreeTimes() *Counter { - return &Counter{Count: 3, Wait: 25 * time.Millisecond} -} diff --git a/sdk/testutil/retry/run.go b/sdk/testutil/retry/run.go deleted file mode 100644 index 51dad9f4e4d32..0000000000000 --- a/sdk/testutil/retry/run.go +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package retry - -type Option func(r *R) - -func WithRetryer(retryer Retryer) Option { - return func(r *R) { - r.retryer = retryer - } -} - -func WithFullOutput() Option { - return func(r *R) { - r.fullOutput = true - } -} - -// WithImmediateCleanup will cause all cleanup operations added -// by calling the Cleanup method on *R to be performed after -// the retry attempt completes (regardless of pass/fail status) -// Use this only if all resources created during the retry loop should -// not persist after the retry has finished. -func WithImmediateCleanup() Option { - return func(r *R) { - r.immediateCleanup = true - } -} - -func Run(t TestingTB, f func(r *R), opts ...Option) { - t.Helper() - r := &R{ - wrapped: t, - retryer: DefaultRetryer(), - } - - for _, opt := range opts { - opt(r) - } - - r.run(f) -} - -func RunWith(r Retryer, t TestingTB, f func(r *R)) { - t.Helper() - Run(t, f, WithRetryer(r)) -} diff --git a/sdk/testutil/retry/timer.go b/sdk/testutil/retry/timer.go index 6c65d38ba0e6f..be4f5e92f4072 100644 --- a/sdk/testutil/retry/timer.go +++ b/sdk/testutil/retry/timer.go @@ -5,6 +5,22 @@ package retry import "time" +// ThirtySeconds repeats an operation for thirty seconds and waits 500ms in between. +// Best for known slower operations like waiting on eventually consistent state. +func ThirtySeconds() *Timer { + return &Timer{Timeout: 30 * time.Second, Wait: 500 * time.Millisecond} +} + +// TwoSeconds repeats an operation for two seconds and waits 25ms in between. +func TwoSeconds() *Timer { + return &Timer{Timeout: 2 * time.Second, Wait: 25 * time.Millisecond} +} + +// ThreeTimes repeats an operation three times and waits 25ms in between. +func ThreeTimes() *Counter { + return &Counter{Count: 3, Wait: 25 * time.Millisecond} +} + // Timer repeats an operation for a given amount // of time and waits between subsequent operations. type Timer struct { diff --git a/sdk/testutil/types.go b/sdk/testutil/types.go index 33cc3002997d6..e5721d3c9647d 100644 --- a/sdk/testutil/types.go +++ b/sdk/testutil/types.go @@ -3,33 +3,14 @@ package testutil -import ( - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" -) - -var nilInf TestingTB = nil - -// Assertion that our TestingTB can be passed to -var _ require.TestingT = nilInf -var _ assert.TestingT = nilInf - // TestingTB is an interface that describes the implementation of the testing object. // Using an interface that describes testing.TB instead of the actual implementation // makes testutil usable in a wider variety of contexts (e.g. use with ginkgo : https://godoc.org/github.com/onsi/ginkgo#GinkgoT) type TestingTB interface { Cleanup(func()) - Error(args ...any) - Errorf(format string, args ...any) - Fail() - FailNow() Failed() bool - Fatal(args ...any) - Fatalf(format string, args ...any) - Helper() - Log(args ...any) - Logf(format string, args ...any) + Logf(format string, args ...interface{}) Name() string - Setenv(key, value string) - TempDir() string + Fatalf(fmt string, args ...interface{}) + Helper() } diff --git a/test-integ/Makefile b/test-integ/Makefile index d3d3e38719423..0fd35d4eda7ec 100644 --- a/test-integ/Makefile +++ b/test-integ/Makefile @@ -1,7 +1,7 @@ SHELL := /bin/bash .PHONY: noop -noop: help +noop: ##@ Build diff --git a/test-integ/README.md b/test-integ/README.md index 8955d0556dbf3..4ed0b927598af 100644 --- a/test-integ/README.md +++ b/test-integ/README.md @@ -6,7 +6,7 @@ These should use the [testing/deployer framework](../testing/deployer) to bring up some local testing infrastructure and fixtures to run test assertions against. Where reasonably possible, try to bring up infrastructure interesting enough to -be able to run many related sorts of tests against it, rather than waiting for +be able to run many related sorts of test against it, rather than waiting for many similar clusters to be provisioned and torn down. This will help ensure that the integration tests do not consume CPU cycles needlessly. diff --git a/test-integ/catalogv2/explicit_destinations_l7_test.go b/test-integ/catalogv2/explicit_destinations_l7_test.go index 927a8ec7dd093..9be6ce93f0181 100644 --- a/test-integ/catalogv2/explicit_destinations_l7_test.go +++ b/test-integ/catalogv2/explicit_destinations_l7_test.go @@ -20,29 +20,7 @@ import ( ) func TestSplitterFeaturesL7ExplicitDestinations(t *testing.T) { - tenancies := []*pbresource.Tenancy{ - { - Partition: "default", - Namespace: "default", - }, - } - if utils.IsEnterprise() { - tenancies = append(tenancies, &pbresource.Tenancy{ - Partition: "part1", - Namespace: "default", - }) - tenancies = append(tenancies, &pbresource.Tenancy{ - Partition: "part1", - Namespace: "nsa", - }) - tenancies = append(tenancies, &pbresource.Tenancy{ - Partition: "default", - Namespace: "nsa", - }) - } - cfg := testSplitterFeaturesL7ExplicitDestinationsCreator{ - tenancies: tenancies, - }.NewConfig(t) + cfg := testSplitterFeaturesL7ExplicitDestinationsCreator{}.NewConfig(t) sp := sprawltest.Launch(t, cfg) @@ -59,13 +37,11 @@ func TestSplitterFeaturesL7ExplicitDestinations(t *testing.T) { t.Log(topology.RenderRelationships(ships)) - for _, tenancy := range tenancies { - // Make sure things are in v2. - libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-client", tenancy, 1) - libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-server-v1", tenancy, 1) - libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-server-v2", tenancy, 1) - libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-server", tenancy, 0) - } + // Make sure things are in v2. + libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-client", nil, 1) + libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-server-v1", nil, 1) + libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-server-v2", nil, 1) + libassert.CatalogV2ServiceHasEndpointCount(t, clientV2, "static-server", nil, 0) // Check relationships for _, ship := range ships { @@ -111,9 +87,7 @@ func TestSplitterFeaturesL7ExplicitDestinations(t *testing.T) { } } -type testSplitterFeaturesL7ExplicitDestinationsCreator struct { - tenancies []*pbresource.Tenancy -} +type testSplitterFeaturesL7ExplicitDestinationsCreator struct{} func (c testSplitterFeaturesL7ExplicitDestinationsCreator) NewConfig(t *testing.T) *topology.Config { const clusterName = "dc1" @@ -132,8 +106,11 @@ func (c testSplitterFeaturesL7ExplicitDestinationsCreator) NewConfig(t *testing. return fmt.Sprintf("%s-box%d", clusterName, lastNode) } - for _, ten := range c.tenancies { - c.topologyConfigAddNodes(t, cluster, nodeName, ten) + c.topologyConfigAddNodes(t, cluster, nodeName, "default", "default") + if cluster.Enterprise { + c.topologyConfigAddNodes(t, cluster, nodeName, "part1", "default") + c.topologyConfigAddNodes(t, cluster, nodeName, "part1", "nsa") + c.topologyConfigAddNodes(t, cluster, nodeName, "default", "nsa") } return &topology.Config{ @@ -152,33 +129,34 @@ func (c testSplitterFeaturesL7ExplicitDestinationsCreator) topologyConfigAddNode t *testing.T, cluster *topology.Cluster, nodeName func() string, - currentTenancy *pbresource.Tenancy, + partition, + namespace string, ) { clusterName := cluster.Name - newID := func(name string, tenancy *pbresource.Tenancy) topology.ID { + newID := func(name string) topology.ID { return topology.ID{ - Partition: tenancy.Partition, - Namespace: tenancy.Namespace, + Partition: partition, + Namespace: namespace, Name: name, } } tenancy := &pbresource.Tenancy{ - Partition: currentTenancy.Partition, - Namespace: currentTenancy.Namespace, + Partition: partition, + Namespace: namespace, PeerName: "local", } v1ServerNode := &topology.Node{ Kind: topology.NodeKindDataplane, Version: topology.NodeVersionV2, - Partition: currentTenancy.Partition, + Partition: partition, Name: nodeName(), Workloads: []*topology.Workload{ topoutil.NewBlankspaceWorkloadWithDefaults( clusterName, - newID("static-server-v1", tenancy), + newID("static-server-v1"), topology.NodeVersionV2, func(wrk *topology.Workload) { wrk.Meta = map[string]string{ @@ -192,12 +170,12 @@ func (c testSplitterFeaturesL7ExplicitDestinationsCreator) topologyConfigAddNode v2ServerNode := &topology.Node{ Kind: topology.NodeKindDataplane, Version: topology.NodeVersionV2, - Partition: currentTenancy.Partition, + Partition: partition, Name: nodeName(), Workloads: []*topology.Workload{ topoutil.NewBlankspaceWorkloadWithDefaults( clusterName, - newID("static-server-v2", tenancy), + newID("static-server-v2"), topology.NodeVersionV2, func(wrk *topology.Workload) { wrk.Meta = map[string]string{ @@ -211,59 +189,45 @@ func (c testSplitterFeaturesL7ExplicitDestinationsCreator) topologyConfigAddNode clientNode := &topology.Node{ Kind: topology.NodeKindDataplane, Version: topology.NodeVersionV2, - Partition: currentTenancy.Partition, + Partition: partition, Name: nodeName(), Workloads: []*topology.Workload{ topoutil.NewBlankspaceWorkloadWithDefaults( clusterName, - newID("static-client", tenancy), + newID("static-client"), topology.NodeVersionV2, func(wrk *topology.Workload) { - for i, tenancy := range c.tenancies { - wrk.Destinations = append(wrk.Destinations, &topology.Destination{ - - ID: newID("static-server", tenancy), + wrk.Destinations = []*topology.Destination{ + { + ID: newID("static-server"), PortName: "http", LocalAddress: "0.0.0.0", // needed for an assertion - LocalPort: 5000 + (i * 4), + LocalPort: 5000, + }, + { + ID: newID("static-server"), + PortName: "http2", + LocalAddress: "0.0.0.0", // needed for an assertion + LocalPort: 5001, + }, + { + ID: newID("static-server"), + PortName: "grpc", + LocalAddress: "0.0.0.0", // needed for an assertion + LocalPort: 5002, + }, + { + ID: newID("static-server"), + PortName: "tcp", + LocalAddress: "0.0.0.0", // needed for an assertion + LocalPort: 5003, }, - &topology.Destination{ - - ID: newID("static-server", tenancy), - PortName: "http2", - LocalAddress: "0.0.0.0", // needed for an assertion - LocalPort: 5001 + (i * 4), - }, - &topology.Destination{ - - ID: newID("static-server", tenancy), - PortName: "grpc", - LocalAddress: "0.0.0.0", // needed for an assertion - LocalPort: 5002 + (i * 4), - }, - &topology.Destination{ - - ID: newID("static-server", tenancy), - PortName: "tcp", - LocalAddress: "0.0.0.0", // needed for an assertion - LocalPort: 5003 + (i * 4), - }, - ) } }, ), }, } - var sources []*pbauth.Source - for _, ten := range c.tenancies { - sources = append(sources, &pbauth.Source{ - IdentityName: "static-client", - Namespace: ten.Namespace, - Partition: ten.Partition, - }) - } - v1TrafficPerms := sprawltest.MustSetResourceData(t, &pbresource.Resource{ Id: &pbresource.ID{ Type: pbauth.TrafficPermissionsType, @@ -276,10 +240,12 @@ func (c testSplitterFeaturesL7ExplicitDestinationsCreator) topologyConfigAddNode }, Action: pbauth.Action_ACTION_ALLOW, Permissions: []*pbauth.Permission{{ - Sources: sources, + Sources: []*pbauth.Source{{ + IdentityName: "static-client", + Namespace: namespace, + }}, }}, }) - v2TrafficPerms := sprawltest.MustSetResourceData(t, &pbresource.Resource{ Id: &pbresource.ID{ Type: pbauth.TrafficPermissionsType, @@ -292,7 +258,10 @@ func (c testSplitterFeaturesL7ExplicitDestinationsCreator) topologyConfigAddNode }, Action: pbauth.Action_ACTION_ALLOW, Permissions: []*pbauth.Permission{{ - Sources: sources, + Sources: []*pbauth.Source{{ + IdentityName: "static-client", + Namespace: namespace, + }}, }}, }) @@ -381,7 +350,6 @@ func (c testSplitterFeaturesL7ExplicitDestinationsCreator) topologyConfigAddNode }, }}, }) - grpcServerRoute := sprawltest.MustSetResourceData(t, &pbresource.Resource{ Id: &pbresource.ID{ Type: pbmesh.GRPCRouteType, @@ -422,7 +390,6 @@ func (c testSplitterFeaturesL7ExplicitDestinationsCreator) topologyConfigAddNode }, }}, }) - tcpServerRoute := sprawltest.MustSetResourceData(t, &pbresource.Resource{ Id: &pbresource.ID{ Type: pbmesh.TCPRouteType, @@ -475,7 +442,7 @@ func (c testSplitterFeaturesL7ExplicitDestinationsCreator) topologyConfigAddNode v1TrafficPerms, v2TrafficPerms, httpServerRoute, - grpcServerRoute, tcpServerRoute, + grpcServerRoute, ) } diff --git a/test-integ/connect/snapshot_test.go b/test-integ/connect/snapshot_test.go index 5a7a4a342c250..1e8d5f18c2d78 100644 --- a/test-integ/connect/snapshot_test.go +++ b/test-integ/connect/snapshot_test.go @@ -6,17 +6,17 @@ package connect import ( "testing" - "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/test-integ/topoutil" "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" "github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest" "github.com/hashicorp/consul/testing/deployer/topology" + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/test-integ/topoutil" ) // Test_Snapshot_Restore_Agentless verifies consul agent can continue -// to push envoy config after restoring from a snapshot. +// to push envoy confgi after restoring from a snapshot. // // - This test is to detect server agent frozen after restoring from a snapshot // (https://github.com/hashicorp/consul/pull/18636) @@ -164,7 +164,7 @@ func Test_Snapshot_Restore_Agentless(t *testing.T) { asserter.HTTPStatus(t, staticServer, staticServer.Port, 200) t.Log("Take a snapshot of the cluster and restore ...") - err := sp.SnapshotSaveAndRestore("dc1") + err := sp.SnapshotSave("dc1") require.NoError(t, err) // Shutdown existing static-server diff --git a/test-integ/go.mod b/test-integ/go.mod index 740a1f033736e..19ef1173388d4 100644 --- a/test-integ/go.mod +++ b/test-integ/go.mod @@ -43,13 +43,11 @@ require ( github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/fatih/color v1.14.1 // indirect github.com/go-jose/go-jose/v3 v3.0.0 // indirect - github.com/go-logr/logr v1.2.4 // indirect github.com/go-test/deep v1.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/go-cmp v0.5.9 // indirect - github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/hashicorp/consul v1.16.1 // indirect github.com/hashicorp/consul-server-connection-manager v0.1.4 // indirect @@ -69,7 +67,6 @@ require ( github.com/hashicorp/memberlist v0.5.0 // indirect github.com/hashicorp/serf v0.10.1 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect - github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.16.7 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect @@ -83,8 +80,6 @@ require ( github.com/moby/patternmatcher v0.5.0 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/term v0.5.0 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect github.com/morikuni/aec v1.0.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0-rc4 // indirect @@ -110,15 +105,7 @@ require ( golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 // indirect google.golang.org/protobuf v1.31.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.26.2 // indirect - k8s.io/apimachinery v0.26.2 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) replace ( diff --git a/test-integ/go.sum b/test-integ/go.sum index 19c23d6b3be56..898d5bb8226ee 100644 --- a/test-integ/go.sum +++ b/test-integ/go.sum @@ -77,9 +77,6 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= @@ -102,8 +99,6 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/consul-server-connection-manager v0.1.4 h1:wrcSRV6WGXFBNpNbN6XsdoGgBOyso7ZbN5VaWPEX1jY= @@ -160,8 +155,6 @@ github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm github.com/itchyny/timefmt-go v0.1.5/go.mod h1:nEP7L+2YmAbT2kZ2HfSs1d8Xtw9LY8D2stDBckWakZ8= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= @@ -220,12 +213,9 @@ github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWK github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -283,7 +273,6 @@ github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPx github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= @@ -403,29 +392,11 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= -k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= -k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= -k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= -k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= diff --git a/test-integ/tenancy/client.go b/test-integ/tenancy/client.go deleted file mode 100644 index a3152b7625874..0000000000000 --- a/test-integ/tenancy/client.go +++ /dev/null @@ -1,154 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package tenancy - -import ( - "context" - "fmt" - "time" - - "github.com/stretchr/testify/require" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/metadata" - "google.golang.org/grpc/status" - - "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/consul/sdk/testutil" - "github.com/hashicorp/consul/sdk/testutil/retry" -) - -// This duplicates a subset of internal/resource/resourcetest/client.go so -// we're not importing consul internals integration tests. -// -// TODO: Move to a general package if used more widely. - -type ClientOption func(*Client) - -func WithACLToken(token string) ClientOption { - return func(c *Client) { - c.token = token - } -} - -// Client decorates a resource service client with helper functions to assist -// with integration testing. -type Client struct { - pbresource.ResourceServiceClient - - timeout time.Duration - wait time.Duration - token string -} - -func NewClient(client pbresource.ResourceServiceClient, opts ...ClientOption) *Client { - c := &Client{ - ResourceServiceClient: client, - timeout: 7 * time.Second, - wait: 50 * time.Millisecond, - } - - for _, opt := range opts { - opt(c) - } - - return c -} - -func NewClientWithACLToken(client pbresource.ResourceServiceClient, token string) *Client { - return NewClient(client, WithACLToken(token)) -} - -func (client *Client) SetRetryerConfig(timeout time.Duration, wait time.Duration) { - client.timeout = timeout - client.wait = wait -} - -func (client *Client) retry(t testutil.TestingTB, fn func(r *retry.R)) { - t.Helper() - retryer := &retry.Timer{Timeout: client.timeout, Wait: client.wait} - retry.RunWith(retryer, t, fn) -} - -func (client *Client) Context(t testutil.TestingTB) context.Context { - ctx := testutil.TestContext(t) - - if client.token != "" { - md := metadata.New(map[string]string{ - "x-consul-token": client.token, - }) - ctx = metadata.NewOutgoingContext(ctx, md) - } - - return ctx -} - -func (client *Client) RequireResourceNotFound(t testutil.TestingTB, id *pbresource.ID) { - t.Helper() - - rsp, err := client.Read(client.Context(t), &pbresource.ReadRequest{Id: id}) - require.Error(t, err) - require.Equal(t, codes.NotFound, status.Code(err)) - require.Nil(t, rsp) -} - -func (client *Client) RequireResourceExists(t testutil.TestingTB, id *pbresource.ID) *pbresource.Resource { - t.Helper() - - rsp, err := client.Read(client.Context(t), &pbresource.ReadRequest{Id: id}) - require.NoError(t, err, "error reading %s with type %s", id.Name, ToGVK(id.Type)) - require.NotNil(t, rsp) - return rsp.Resource -} - -func ToGVK(resourceType *pbresource.Type) string { - return fmt.Sprintf("%s.%s.%s", resourceType.Group, resourceType.GroupVersion, resourceType.Kind) -} - -func (client *Client) WaitForResourceExists(t testutil.TestingTB, id *pbresource.ID) *pbresource.Resource { - t.Helper() - - var res *pbresource.Resource - client.retry(t, func(r *retry.R) { - res = client.RequireResourceExists(r, id) - }) - - return res -} - -func (client *Client) WaitForDeletion(t testutil.TestingTB, id *pbresource.ID) { - t.Helper() - - client.retry(t, func(r *retry.R) { - client.RequireResourceNotFound(r, id) - }) -} - -// MustDelete will delete a resource by its id, retrying if necessary and fail the test -// if it cannot delete it within the timeout. The clients request delay settings are -// taken into account with this operation. -func (client *Client) MustDelete(t testutil.TestingTB, id *pbresource.ID) { - t.Helper() - client.retryDelete(t, id) -} - -func (client *Client) retryDelete(t testutil.TestingTB, id *pbresource.ID) { - t.Helper() - ctx := client.Context(t) - - client.retry(t, func(r *retry.R) { - _, err := client.Delete(ctx, &pbresource.DeleteRequest{Id: id}) - if status.Code(err) == codes.NotFound { - return - } - - // codes.Aborted indicates a CAS failure and that the delete request should - // be retried. Anything else should be considered an unrecoverable error. - if err != nil && status.Code(err) != codes.Aborted { - r.Stop(fmt.Errorf("failed to delete the resource: %w", err)) - return - } - - require.NoError(r, err) - }) -} diff --git a/test-integ/tenancy/common.go b/test-integ/tenancy/common.go deleted file mode 100644 index 4fea2c472b5a3..0000000000000 --- a/test-integ/tenancy/common.go +++ /dev/null @@ -1,84 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package tenancy - -import ( - "context" - "fmt" - "testing" - - "github.com/stretchr/testify/require" - - pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" - "github.com/hashicorp/consul/test-integ/topoutil" - "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" - "github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest" - "github.com/hashicorp/consul/testing/deployer/topology" -) - -const ( - DefaultNamespaceName = "default" - DefaultPartitionName = "default" -) - -func newConfig(t *testing.T) *topology.Config { - const clusterName = "cluster1" - servers := topoutil.NewTopologyServerSet(clusterName+"-server", 3, []string{clusterName}, nil) - - cluster := &topology.Cluster{ - Enterprise: utils.IsEnterprise(), - Name: clusterName, - Nodes: servers, - EnableV2: true, - EnableV2Tenancy: true, - } - - return &topology.Config{ - Images: utils.TargetImages(), - Networks: []*topology.Network{{Name: clusterName}}, - Clusters: []*topology.Cluster{cluster}, - } -} - -func createNamespaces(t *testing.T, resourceServiceClient *Client, numNamespaces int, ap string) []*pbresource.Resource { - namespaces := []*pbresource.Resource{} - for i := 0; i < numNamespaces; i++ { - namespace := &pbresource.Resource{ - Id: &pbresource.ID{ - Name: fmt.Sprintf("namespace-%d", i), - Type: pbtenancy.NamespaceType, - Tenancy: &pbresource.Tenancy{Partition: ap}, - }, - } - rsp, err := resourceServiceClient.Write(context.Background(), &pbresource.WriteRequest{Resource: namespace}) - require.NoError(t, err) - namespace = resourceServiceClient.WaitForResourceExists(t, rsp.Resource.Id) - namespaces = append(namespaces, namespace) - } - return namespaces -} - -func createServices(t *testing.T, resourceServiceClient *Client, numServices int, ap string, ns string) []*pbresource.Resource { - services := []*pbresource.Resource{} - for i := 0; i < numServices; i++ { - service := &pbresource.Resource{ - Id: &pbresource.ID{ - Name: fmt.Sprintf("service-%d", i), - Type: pbcatalog.ServiceType, - Tenancy: &pbresource.Tenancy{Partition: ap, Namespace: ns}, - }, - } - service = sprawltest.MustSetResourceData(t, service, &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{}, - Ports: []*pbcatalog.ServicePort{}, - }) - rsp, err := resourceServiceClient.Write(context.Background(), &pbresource.WriteRequest{Resource: service}) - require.NoError(t, err) - service = resourceServiceClient.WaitForResourceExists(t, rsp.Resource.Id) - services = append(services, service) - } - return services -} diff --git a/test-integ/tenancy/namespace_ce_test.go b/test-integ/tenancy/namespace_ce_test.go deleted file mode 100644 index 5f82436c9c852..0000000000000 --- a/test-integ/tenancy/namespace_ce_test.go +++ /dev/null @@ -1,84 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -//go:build !consulent - -package tenancy - -import ( - "testing" - - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/proto-public/pbresource" - pbtenancy "github.com/hashicorp/consul/proto-public/pbtenancy/v2beta1" - "github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest" -) - -// TestNamespaceLifecycle sets up the following: -// -// - 1 cluster -// - 3 servers in that cluster -// - v2 resources and v2 tenancy are activated -// -// When this test is executed it tests the full lifecycle for a -// small number of namespaces: -// - creation of namespaces in the default partition -// - populating resources under namespaces -// - finally deleting everything -func TestNamespaceLifecycle(t *testing.T) { - t.Parallel() - - cfg := newConfig(t) - sp := sprawltest.Launch(t, cfg) - cluster := sp.Topology().Clusters["cluster1"] - client := NewClient(sp.ResourceServiceClientForCluster(cluster.Name)) - - // 3 namespaces - // @ 3 services per namespace - // ============================== - // 9 resources total - tenants := []*pbresource.Resource{} - numNamespaces := 3 - numServices := 3 - - // Default namespace is expected to exist - // when we boostrap a cluster - client.RequireResourceExists(t, &pbresource.ID{ - Name: DefaultNamespaceName, - Type: pbtenancy.NamespaceType, - Tenancy: &pbresource.Tenancy{Partition: DefaultPartitionName}, - }) - - // Namespaces are created in default partition - namespaces := createNamespaces(t, client, numNamespaces, DefaultPartitionName) - - for _, namespace := range namespaces { - services := createServices(t, client, numServices, DefaultPartitionName, namespace.Id.Name) - tenants = append(tenants, services...) - } - - // Verify test setup - require.Equal(t, len(tenants), numNamespaces*numServices) - - // List namespaces - listRsp, err := client.List(client.Context(t), &pbresource.ListRequest{ - Type: pbtenancy.NamespaceType, - Tenancy: &pbresource.Tenancy{}, - NamePrefix: "namespace-", - }) - require.NoError(t, err) - require.Equal(t, len(namespaces), len(listRsp.Resources)) - - // Delete all namespaces - for _, namespace := range namespaces { - _, err := client.Delete(client.Context(t), &pbresource.DeleteRequest{Id: namespace.Id}) - require.NoError(t, err) - client.WaitForDeletion(t, namespace.Id) - } - - // Make sure no namespace tenants left behind - for _, tenant := range tenants { - client.RequireResourceNotFound(t, tenant.Id) - } -} diff --git a/test-integ/topoutil/asserter.go b/test-integ/topoutil/asserter.go index 091ba2379705a..1cc7243dc3cad 100644 --- a/test-integ/topoutil/asserter.go +++ b/test-integ/topoutil/asserter.go @@ -14,7 +14,6 @@ import ( "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/proto-public/pbresource" - "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert" "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" @@ -53,13 +52,13 @@ func NewAsserter(sp SprawlLite) *Asserter { } } -func (a *Asserter) mustGetHTTPClient(t testutil.TestingTB, cluster string) *http.Client { +func (a *Asserter) mustGetHTTPClient(t *testing.T, cluster string) *http.Client { client, err := a.httpClientFor(cluster) require.NoError(t, err) return client } -func (a *Asserter) mustGetAPIClient(t testutil.TestingTB, cluster string) *api.Client { +func (a *Asserter) mustGetAPIClient(t *testing.T, cluster string) *api.Client { clu := a.sp.Topology().Clusters[cluster] cl, err := a.sp.APIClientForCluster(clu.Name, "") require.NoError(t, err) @@ -209,7 +208,7 @@ type testingT interface { // // We treat 400, 503, and 504s as retryable errors func (a *Asserter) fortioFetch2Destination( - t testutil.TestingTB, + t testingT, client *http.Client, addr string, dest *topology.Destination, diff --git a/test-integ/upgrade/usage_profiles/sd_wan_segments_test.go b/test-integ/upgrade/usage_profiles/sd_wan_segments_test.go deleted file mode 100644 index 98a0873c17343..0000000000000 --- a/test-integ/upgrade/usage_profiles/sd_wan_segments_test.go +++ /dev/null @@ -1,70 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -package usage_profiles - -import ( - "testing" - "time" - - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" - "github.com/hashicorp/consul/testing/deployer/sprawl" - "github.com/hashicorp/consul/testing/deployer/sprawl/sprawltest" - "github.com/hashicorp/consul/testing/deployer/topology" -) - -const ( - // The long term support version - ltsVersion = "1.15.7" -) - -// Test_Upgrade_ServiceDiscovery_Wan_Segment test upgrade from a source version -// to a specified long term support version -// Clusters: multi-segment and multi-cluster (TODO) -// Workload: service discovery (no mesh) (TODO) -func Test_Upgrade_ServiceDiscovery_Wan_Segment(t *testing.T) { - utils.LatestVersion = "1.10.8" - utils.TargetVersion = ltsVersion - - dc1, err := createTopology("dc1") - require.NoError(t, err) - t.Log("Created topology:", dc1.Name, "enterprise:", utils.IsEnterprise()) - - toplogyConfig := &topology.Config{ - Networks: []*topology.Network{ - {Name: "dc1"}, - }, - } - toplogyConfig.Clusters = append(toplogyConfig.Clusters, dc1) - sp := sprawltest.Launch(t, toplogyConfig) - - cfg := sp.Config() - require.NoError(t, sp.Upgrade(cfg, "dc1", sprawl.UpgradeTypeStandard, utils.TargetImages(), nil)) - t.Log("Finished standard upgrade ...") - - time.Sleep(30 * time.Second) -} - -func createTopology(name string) (*topology.Cluster, error) { - clu := &topology.Cluster{ - Name: name, - Images: utils.LatestImages(), - Nodes: []*topology.Node{ - { - Kind: topology.NodeKindServer, - Name: "dc1-server1", - Addresses: []*topology.Address{ - {Network: "dc1"}, - }, - }, - { - Kind: topology.NodeKindClient, - Name: "dc1-client1", - }, - }, - Enterprise: utils.IsEnterprise(), - } - return clu, nil -} diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod index 357a588ee0eab..034722c074db7 100644 --- a/test/integration/consul-container/go.mod +++ b/test/integration/consul-container/go.mod @@ -55,18 +55,15 @@ require ( github.com/containerd/containerd v1.7.3 // indirect github.com/cpuguy83/dockercfg v0.3.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/deckarep/golang-set/v2 v2.3.1 // indirect github.com/docker/distribution v2.8.2+incompatible // indirect github.com/docker/go-units v0.5.0 // indirect github.com/envoyproxy/go-control-plane v0.11.1 // indirect github.com/envoyproxy/protoc-gen-validate v1.0.1 // indirect github.com/fatih/color v1.14.1 // indirect - github.com/go-logr/logr v1.2.4 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/go-cmp v0.5.9 // indirect - github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.3.0 // indirect github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69 // indirect github.com/hashicorp/consul-server-connection-manager v0.1.4 // indirect @@ -85,7 +82,6 @@ require ( github.com/hashicorp/raft-autopilot v0.1.6 // indirect github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect - github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.16.7 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect @@ -99,8 +95,6 @@ require ( github.com/moby/patternmatcher v0.5.0 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/term v0.5.0 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect github.com/morikuni/aec v1.0.0 // indirect github.com/oklog/ulid/v2 v2.1.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect @@ -130,15 +124,7 @@ require ( google.golang.org/genproto/googleapis/api v0.0.0-20230706204954-ccb25ca9f130 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230803162519-f966b187b2e5 // indirect google.golang.org/protobuf v1.31.0 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.26.2 // indirect - k8s.io/apimachinery v0.26.2 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) replace ( diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum index 04fcd47386927..9443bb1e74324 100644 --- a/test/integration/consul-container/go.sum +++ b/test/integration/consul-container/go.sum @@ -116,8 +116,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/deckarep/golang-set/v2 v2.3.1 h1:vjmkvJt/IV27WXPyYQpAh4bRyWJc5Y435D17XQ9QU5A= -github.com/deckarep/golang-set/v2 v2.3.1/go.mod h1:VAky9rY/yGXJOLEDv3OMci+7wtDpOF4IN+y82NBOac4= github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v24.0.5+incompatible h1:WmgcE4fxyI6EEXxBRxsHnZXrO1pQ3smi0k/jho4HLeY= @@ -154,9 +152,6 @@ github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -208,7 +203,6 @@ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= @@ -306,8 +300,6 @@ github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHW github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= @@ -371,12 +363,9 @@ github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWK github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -439,7 +428,6 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= @@ -815,16 +803,12 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -836,19 +820,6 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= -k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= -k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= -k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= diff --git a/test/integration/consul-container/libs/assert/grpc.go b/test/integration/consul-container/libs/assert/grpc.go index 101d1c14109ef..a41ef65af620e 100644 --- a/test/integration/consul-container/libs/assert/grpc.go +++ b/test/integration/consul-container/libs/assert/grpc.go @@ -26,7 +26,7 @@ func GRPCPing(t *testing.T, addr string) { var msg *fgrpc.PingMessage retries := 0 retry.RunWith(&retry.Timer{Timeout: time.Minute, Wait: 25 * time.Millisecond}, t, func(r *retry.R) { - r.Logf("making grpc call to %s", addr) + t.Logf("making grpc call to %s", addr) retries += 1 msg, err = pingCl.Ping(context.Background(), &fgrpc.PingMessage{ // use addr as payload so we have something variable to check against diff --git a/test/integration/consul-container/libs/assert/service.go b/test/integration/consul-container/libs/assert/service.go index 726731dcc0edb..7434a1d5e36fc 100644 --- a/test/integration/consul-container/libs/assert/service.go +++ b/test/integration/consul-container/libs/assert/service.go @@ -221,7 +221,7 @@ func doHTTPServiceEchoesWithClient( } retry.RunWith(failer(), t, func(r *retry.R) { - r.Logf("making call to %s", url) + t.Logf("making call to %s", url) reader := strings.NewReader(phrase) req, err := http.NewRequest("POST", url, reader) @@ -242,7 +242,7 @@ func doHTTPServiceEchoesWithClient( defer res.Body.Close() statusCode := res.StatusCode - r.Logf("...got response code %d", statusCode) + t.Logf("...got response code %d", statusCode) require.Equal(r, 200, statusCode) body, err := io.ReadAll(res.Body) @@ -342,7 +342,7 @@ func WaitForFortioNameWithClient(t *testing.T, r retry.Retryer, urlbase string, // It retries with timeout defaultHTTPTimeout and wait defaultHTTPWait. // // client must be a custom http.Client -func FortioNameWithClient(t retry.TestingTB, urlbase string, name string, reqHost string, client *http.Client) (string, error) { +func FortioNameWithClient(t retry.Failer, urlbase string, name string, reqHost string, client *http.Client) (string, error) { t.Helper() var fortioNameRE = regexp.MustCompile("\nFORTIO_NAME=(.+)\n") var body []byte diff --git a/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go b/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go index ea2e874162c48..cf00105345fa4 100644 --- a/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go +++ b/test/integration/consul-container/test/envoy_extensions/ext_authz_test.go @@ -15,7 +15,6 @@ import ( "github.com/testcontainers/testcontainers-go" "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" libassert "github.com/hashicorp/consul/test/integration/consul-container/libs/assert" libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster" @@ -88,8 +87,8 @@ func TestExtAuthzLocal(t *testing.T) { // Make requests to the static-server. We expect that all requests are rejected with 403 Forbidden // unless they are to the /allow path. baseURL := fmt.Sprintf("http://localhost:%d", port) - retryRequest(t, baseURL, http.StatusForbidden) - retryRequest(t, baseURL+"/allow", http.StatusOK) + doRequest(t, baseURL, http.StatusForbidden) + doRequest(t, baseURL+"/allow", http.StatusOK) } func createServices(t *testing.T, cluster *libcluster.Cluster) libservice.Service { @@ -162,16 +161,10 @@ func createLocalAuthzService(t *testing.T, cluster *libcluster.Cluster) { } } -func retryRequest(t *testing.T, url string, expStatus int) { - t.Helper() +func doRequest(t *testing.T, url string, expStatus int) { retry.RunWith(&retry.Timer{Timeout: 5 * time.Second, Wait: time.Second}, t, func(r *retry.R) { - doRequest(r, url, expStatus) + resp, err := cleanhttp.DefaultClient().Get(url) + require.NoError(r, err) + require.Equal(r, expStatus, resp.StatusCode) }) } - -func doRequest(t testutil.TestingTB, url string, expStatus int) { - t.Helper() - resp, err := cleanhttp.DefaultClient().Get(url) - require.NoError(t, err) - require.Equal(t, expStatus, resp.StatusCode) -} diff --git a/test/integration/consul-container/test/envoy_extensions/otel_access_logging_test.go b/test/integration/consul-container/test/envoy_extensions/otel_access_logging_test.go index e684bdbcc832e..87bb7b4d6165f 100644 --- a/test/integration/consul-container/test/envoy_extensions/otel_access_logging_test.go +++ b/test/integration/consul-container/test/envoy_extensions/otel_access_logging_test.go @@ -40,6 +40,8 @@ import ( // - Make sure a call to the client sidecar local bind port results in Envoy access logs being sent to the // otel-collector. func TestOTELAccessLogging(t *testing.T) { + t.Parallel() + cluster, _, _ := topology.NewCluster(t, &topology.ClusterConfig{ NumServers: 1, NumClients: 1, @@ -85,9 +87,8 @@ func TestOTELAccessLogging(t *testing.T) { // Make requests from the static-client to the static-server and look for the access logs // to show up in the `otel-collector` container logs. - retry.Run(t, func(r *retry.R) { - doRequest(r, fmt.Sprintf("http://localhost:%d", port), http.StatusOK) - + retry.RunWith(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Second}, t, func(r *retry.R) { + doRequest(t, fmt.Sprintf("http://localhost:%d", port), http.StatusOK) reader, err := launchInfo.Container.Logs(context.Background()) require.NoError(r, err) log, err := io.ReadAll(reader) @@ -95,10 +96,7 @@ func TestOTELAccessLogging(t *testing.T) { require.Contains(r, string(log), `log_name: Str(otel-integration-test)`) require.Contains(r, string(log), `cluster_name: Str(static-server)`) require.Contains(r, string(log), `node_name: Str(static-server-sidecar-proxy)`) - }, - retry.WithFullOutput(), - retry.WithRetryer(&retry.Timer{Timeout: 60 * time.Second, Wait: time.Second}), - ) + }) } func createLocalOTELService(t *testing.T, cluster *libcluster.Cluster) *libcluster.LaunchInfo { diff --git a/test/integration/consul-container/test/gateways/terminating_gateway_test.go b/test/integration/consul-container/test/gateways/terminating_gateway_test.go index 3ac130a546cd0..ef8f95ab82920 100644 --- a/test/integration/consul-container/test/gateways/terminating_gateway_test.go +++ b/test/integration/consul-container/test/gateways/terminating_gateway_test.go @@ -173,12 +173,12 @@ func assertHTTPRequestToServiceAddress(t *testing.T, client *libservice.ConnectC upstreamURL := fmt.Sprintf("http://localhost:%d/debug?env=dump", port) retry.RunWith(requestRetryTimer, t, func(r *retry.R) { out, err := client.Exec(context.Background(), []string{"curl", "-s", upstreamURL}) - r.Logf("curl request to upstream service address: url=%s\nerr = %v\nout = %s", upstreamURL, err, out) + t.Logf("curl request to upstream service address: url=%s\nerr = %v\nout = %s", upstreamURL, err, out) if expSuccess { require.NoError(r, err) require.Contains(r, out, fmt.Sprintf("FORTIO_NAME=%s", serviceName)) - r.Logf("successfuly messaged %s", serviceName) + t.Logf("successfuly messaged %s", serviceName) } else { require.Error(r, err) require.Contains(r, err.Error(), "exit code 52") diff --git a/test/integration/consul-container/test/ratelimit/ratelimit_test.go b/test/integration/consul-container/test/ratelimit/ratelimit_test.go index e0b85a17d1860..89293da7f8ee6 100644 --- a/test/integration/consul-container/test/ratelimit/ratelimit_test.go +++ b/test/integration/consul-container/test/ratelimit/ratelimit_test.go @@ -11,7 +11,6 @@ import ( "time" "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/stretchr/testify/require" @@ -283,7 +282,7 @@ func setupClusterAndClient(t *testing.T, config *libtopology.ClusterConfig, isSe return cluster, client } -func checkForMetric(t testutil.TestingTB, cluster *libcluster.Cluster, operationName string, expectedLimitType string, expectedMode string, expectMetric bool) { +func checkForMetric(t require.TestingT, cluster *libcluster.Cluster, operationName string, expectedLimitType string, expectedMode string, expectMetric bool) { // validate metrics server, err := cluster.GetClient(nil, true) require.NoError(t, err) @@ -321,7 +320,7 @@ func checkForMetric(t testutil.TestingTB, cluster *libcluster.Cluster, operation } } -func checkLogsForMessage(t testutil.TestingTB, logs []string, msg string, operationName string, logType string, logShouldExist bool) { +func checkLogsForMessage(t require.TestingT, logs []string, msg string, operationName string, logType string, logShouldExist bool) { if logShouldExist { found := false for _, log := range logs { diff --git a/test/integration/consul-container/test/tproxy/tproxy_test.go b/test/integration/consul-container/test/tproxy/tproxy_test.go index 1f962aeba277d..15eae0c210906 100644 --- a/test/integration/consul-container/test/tproxy/tproxy_test.go +++ b/test/integration/consul-container/test/tproxy/tproxy_test.go @@ -136,7 +136,7 @@ func assertHTTPRequestToVirtualAddress(t *testing.T, clientService libservice.Se `, virtualHostname), }, ) - r.Logf("curl request to upstream virtual address\nerr = %v\nout = %s", err, out) + t.Logf("curl request to upstream virtual address\nerr = %v\nout = %s", err, out) require.NoError(r, err) require.Regexp(r, `Virtual IP: 240.0.0.\d+`, out) require.Contains(r, out, fmt.Sprintf("FORTIO_NAME=%s", serverName)) @@ -155,7 +155,7 @@ func assertHTTPRequestToServiceAddress(t *testing.T, client, server libcluster.A upstreamURL := fmt.Sprintf("http://%s:8080/debug?env=dump", server.GetIP()) retry.RunWith(requestRetryTimer, t, func(r *retry.R) { out, err := client.Exec(context.Background(), []string{"curl", "-s", upstreamURL}) - r.Logf("curl request to upstream service address: url=%s\nerr = %v\nout = %s", upstreamURL, err, out) + t.Logf("curl request to upstream service address: url=%s\nerr = %v\nout = %s", upstreamURL, err, out) if expSuccess { require.NoError(r, err) diff --git a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go index c29e4b499f868..ae8ed0401a8ff 100644 --- a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go +++ b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go @@ -18,7 +18,7 @@ import ( "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" ) -var minCatalogResourceVersion = version.Must(version.NewVersion("v1.18.0")) +var minCatalogResourceVersion = version.Must(version.NewVersion("v1.17.0")) const ( versionUndetermined = ` diff --git a/testing/deployer/go.mod b/testing/deployer/go.mod index a78df479dd3d5..e79223effb607 100644 --- a/testing/deployer/go.mod +++ b/testing/deployer/go.mod @@ -6,14 +6,13 @@ require ( github.com/avast/retry-go v3.0.0+incompatible github.com/google/go-cmp v0.5.9 github.com/hashicorp/consul-server-connection-manager v0.1.4 - github.com/hashicorp/consul/api v1.26.1 - github.com/hashicorp/consul/proto-public v0.5.1 + github.com/hashicorp/consul/api v1.24.0 + github.com/hashicorp/consul/proto-public v0.1.0 github.com/hashicorp/consul/sdk v0.15.0 github.com/hashicorp/go-cleanhttp v0.5.2 github.com/hashicorp/go-hclog v1.5.0 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-rootcerts v1.0.2 - github.com/hashicorp/go-version v1.2.1 github.com/hashicorp/hcl/v2 v2.16.2 github.com/mitchellh/copystructure v1.2.0 github.com/rboyer/safeio v0.2.2 @@ -21,7 +20,7 @@ require ( golang.org/x/crypto v0.14.0 golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 google.golang.org/grpc v1.56.3 - google.golang.org/protobuf v1.30.0 + google.golang.org/protobuf v1.31.0 ) require ( @@ -33,17 +32,14 @@ require ( github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/fatih/color v1.14.1 // indirect - github.com/go-logr/logr v1.2.4 // indirect - github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gofuzz v1.2.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect github.com/hashicorp/go-netaddrs v0.1.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect + github.com/hashicorp/go-version v1.2.1 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/serf v0.10.1 // indirect - github.com/json-iterator/go v1.1.12 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.17 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect @@ -51,8 +47,6 @@ require ( github.com/mitchellh/go-wordwrap v1.0.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_golang v1.11.1 // indirect @@ -64,15 +58,7 @@ require ( golang.org/x/sys v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.26.2 // indirect - k8s.io/apimachinery v0.26.2 // indirect - k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect ) replace ( diff --git a/testing/deployer/go.sum b/testing/deployer/go.sum index c0814ddaebd86..abb76fa0a7f39 100644 --- a/testing/deployer/go.sum +++ b/testing/deployer/go.sum @@ -44,14 +44,9 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -75,8 +70,6 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= -github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/hashicorp/consul-server-connection-manager v0.1.4 h1:wrcSRV6WGXFBNpNbN6XsdoGgBOyso7ZbN5VaWPEX1jY= github.com/hashicorp/consul-server-connection-manager v0.1.4/go.mod h1:LMqHkALoLP0HUQKOG21xXYr0YPUayIQIHNTlmxG100E= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -126,12 +119,8 @@ github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCV github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= @@ -174,12 +163,9 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -225,7 +211,6 @@ github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= @@ -236,21 +221,16 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/zclconf/go-cty v1.12.1 h1:PcupnljUm9EIvbgSHQnHhUr3fO6oFmkOrvs2BAFNXXY= github.com/zclconf/go-cty v1.12.1/go.mod h1:s9IfD1LK5ccNMSWCVFCE2rJfHiZgi7JijgeWIMfhLvA= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -258,9 +238,7 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= @@ -270,7 +248,6 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -290,7 +267,6 @@ golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -312,13 +288,8 @@ golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 h1:KpwkzHKEF7B9Zxg18WzOa7djJ+Ha5DzthMyZYQfEn2A= google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= @@ -332,34 +303,16 @@ google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzi google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.26.2 h1:dM3cinp3PGB6asOySalOZxEG4CZ0IAdJsrYZXE/ovGQ= -k8s.io/api v0.26.2/go.mod h1:1kjMQsFE+QHPfskEcVNgL3+Hp88B80uj0QtSOlj8itU= -k8s.io/apimachinery v0.26.2 h1:da1u3D5wfR5u2RpLhE/ZtZS2P7QvDgLZTi9wrNZl/tQ= -k8s.io/apimachinery v0.26.2/go.mod h1:ats7nN1LExKHvJ9TmwootT00Yz05MuYqPXEXaVeOy5I= -k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= -k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk= -k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= diff --git a/testing/deployer/sprawl/acl.go b/testing/deployer/sprawl/acl.go index 92f4701840d94..99179ac58664d 100644 --- a/testing/deployer/sprawl/acl.go +++ b/testing/deployer/sprawl/acl.go @@ -146,56 +146,6 @@ func (s *Sprawl) createAnonymousPolicy(cluster *topology.Cluster) error { return nil } -// assignAgentJoinPolicyToAnonymousToken is used only for version prior to agent token -func (s *Sprawl) assignAgentJoinPolicyToAnonymousToken(cluster *topology.Cluster) error { - var ( - client = s.clients[cluster.Name] - ) - - acl := client.ACL() - anonymousTok, _, err := acl.TokenRead(anonymousTokenAccessorID, &api.QueryOptions{}) - if err != nil { - return nil - } - - rule := ` -service_prefix "" { - policy = "read" -} - -agent_prefix "" { - policy = "read" -} - -node_prefix "" { - policy = "write" -} -` - policy, _, err := acl.PolicyCreate( - &api.ACLPolicy{ - Name: "client-join-policy", - Rules: rule, - }, - &api.WriteOptions{}, - ) - - if err != nil { - return err - } - - anonymousTok.Policies = append(anonymousTok.Policies, - &api.ACLLink{ - Name: policy.Name, - }, - ) - _, _, err = acl.TokenUpdate(anonymousTok, &api.WriteOptions{}) - if err != nil { - return nil - } - - return nil -} - func (s *Sprawl) createAgentTokens(cluster *topology.Cluster) error { var ( client = s.clients[cluster.Name] @@ -208,20 +158,18 @@ func (s *Sprawl) createAgentTokens(cluster *topology.Cluster) error { continue } - if node.Images.GreaterThanVersion(topology.MinVersionAgentTokenPartition) { - if tok := s.secrets.ReadAgentToken(cluster.Name, node.ID()); tok == "" { - token, err := CreateOrUpdateToken(client, tokenForNode(node, cluster.Enterprise)) - if err != nil { - return fmt.Errorf("node %s: %w", node.Name, err) - } + if tok := s.secrets.ReadAgentToken(cluster.Name, node.ID()); tok == "" { + token, err := CreateOrUpdateToken(client, tokenForNode(node, cluster.Enterprise)) + if err != nil { + return err + } - logger.Debug("created agent token", - "node", node.ID(), - "token", token.SecretID, - ) + logger.Debug("created agent token", + "node", node.ID(), + "token", token.SecretID, + ) - s.secrets.SaveAgentToken(cluster.Name, node.ID(), token.SecretID) - } + s.secrets.SaveAgentToken(cluster.Name, node.ID(), token.SecretID) } } diff --git a/testing/deployer/sprawl/boot.go b/testing/deployer/sprawl/boot.go index 38407d50ae806..b8b123482e259 100644 --- a/testing/deployer/sprawl/boot.go +++ b/testing/deployer/sprawl/boot.go @@ -266,7 +266,7 @@ func (s *Sprawl) initConsulServers() error { s.waitForLocalWrites(cluster, mgmtToken) // Create tenancies so that the ACL tokens and clients have somewhere to go. - if cluster.Enterprise && node.Images.GreaterThanVersion(topology.MinVersionAgentTokenPartition) { + if cluster.Enterprise { if err := s.initTenancies(cluster); err != nil { return fmt.Errorf("initTenancies[%s]: %w", cluster.Name, err) } @@ -287,19 +287,12 @@ func (s *Sprawl) initConsulServers() error { return fmt.Errorf("createAnonymousToken[%s]: %w", cluster.Name, err) } - if node.Images.GreaterThanVersion(topology.MinVersionAgentTokenPartition) { - // Create tokens for all of the agents to use for anti-entropy. - // - // NOTE: this will cause the servers to roll to pick up the change to - // the acl{tokens{agent=XXX}}} section. - if err := s.createAgentTokens(cluster); err != nil { - return fmt.Errorf("createAgentTokens[%s]: %w", cluster.Name, err) - } - } else { - // Assign agent join policy to the anonymous token - if err := s.assignAgentJoinPolicyToAnonymousToken(cluster); err != nil { - return fmt.Errorf("assignAgentJoinPolicyToAnonymousToken[%s]: %w", cluster.Name, err) - } + // Create tokens for all of the agents to use for anti-entropy. + // + // NOTE: this will cause the servers to roll to pick up the change to + // the acl{tokens{agent=XXX}}} section. + if err := s.createAgentTokens(cluster); err != nil { + return fmt.Errorf("createAgentTokens[%s]: %w", cluster.Name, err) } } @@ -494,8 +487,7 @@ func (s *Sprawl) waitForLocalWrites(cluster *topology.Cluster, token string) { break } - serverNodes := cluster.ServerNodes() - if cluster.Enterprise && serverNodes[0].Images.GreaterThanVersion(topology.MinVersionAgentTokenPartition) { + if cluster.Enterprise { start = time.Now() for attempts := 0; ; attempts++ { if err := tryAP(); err != nil { @@ -551,7 +543,7 @@ func (s *Sprawl) waitForClientAntiEntropyOnce(cluster *topology.Cluster) error { nid := node.CatalogID() got, ok := current[nid] - if ok && (len(got.TaggedAddresses) > 0 || got.Address != "") { + if ok && len(got.TaggedAddresses) > 0 { // this is a field that is not updated just due to serf reconcile continue } diff --git a/testing/deployer/sprawl/catalog.go b/testing/deployer/sprawl/catalog.go index bde3c9a266760..59a42fd895eac 100644 --- a/testing/deployer/sprawl/catalog.go +++ b/testing/deployer/sprawl/catalog.go @@ -343,7 +343,16 @@ func (s *Sprawl) registerCatalogNode( node *topology.Node, ) error { if node.IsV2() { - return s.registerCatalogNodeV2(cluster, node) + + // TODO(rb): nodes are optional in v2 and won't be used in k8s by + // default. There are some scoping issues with the Node Type in 1.17 so + // disable it for now. + // + // To re-enable you also need to link it to the Workload by setting the + // NodeName field. + // + // return s.registerCatalogNodeV2(cluster, node) + return nil } return s.registerCatalogNodeV1(cluster, node) } @@ -373,6 +382,7 @@ func (s *Sprawl) registerCatalogNodeV2( Name: node.PodName(), Tenancy: &pbresource.Tenancy{ Partition: node.Partition, + Namespace: "default", // temporary requirement }, }, Metadata: map[string]string{ @@ -713,7 +723,8 @@ func workloadInstanceToResources( Metadata: wrk.Meta, }, Data: &pbcatalog.Workload{ - NodeName: node.PodName(), + // TODO(rb): disabling this until node scoping makes sense again + // NodeName: node.PodName(), Identity: wrk.WorkloadIdentity, Ports: wlPorts, Addresses: []*pbcatalog.WorkloadAddress{ diff --git a/testing/deployer/sprawl/internal/tfgen/agent.go b/testing/deployer/sprawl/internal/tfgen/agent.go index db68a60b61e20..36071624bf203 100644 --- a/testing/deployer/sprawl/internal/tfgen/agent.go +++ b/testing/deployer/sprawl/internal/tfgen/agent.go @@ -13,7 +13,7 @@ import ( "github.com/hashicorp/consul/testing/deployer/topology" ) -func (g *Generator) generateAgentHCL(node *topology.Node, enableV2, enableV2Tenancy bool) string { +func (g *Generator) generateAgentHCL(node *topology.Node, enableV2 bool) string { if !node.IsAgent() { panic("generateAgentHCL only applies to agents") } @@ -35,15 +35,8 @@ func (g *Generator) generateAgentHCL(node *topology.Node, enableV2, enableV2Tena b.add("enable_debug", true) b.add("use_streaming_backend", true) - var experiments []string if enableV2 { - experiments = append(experiments, "resource-apis") - } - if enableV2Tenancy { - experiments = append(experiments, "v2tenancy") - } - if len(experiments) > 0 { - b.addSlice("experiments", experiments) + b.addSlice("experiments", []string{"resource-apis"}) } // speed up leaves @@ -60,12 +53,10 @@ func (g *Generator) generateAgentHCL(node *topology.Node, enableV2, enableV2Tena b.add("retry_interval", "1s") // } - if node.Images.GreaterThanVersion(topology.MinVersionPeering) { - if node.IsServer() { - b.addBlock("peering", func() { - b.add("enabled", true) - }) - } + if node.IsServer() { + b.addBlock("peering", func() { + b.add("enabled", true) + }) } b.addBlock("ui_config", func() { @@ -87,45 +78,41 @@ func (g *Generator) generateAgentHCL(node *topology.Node, enableV2, enableV2Tena certKey = root + "/" + node.TLSCertPrefix + "-key.pem" ) - if node.Images.GreaterThanVersion(topology.MinVersionTLS) { - b.addBlock("tls", func() { - b.addBlock("internal_rpc", func() { + b.addBlock("tls", func() { + b.addBlock("internal_rpc", func() { + b.add("ca_file", caFile) + b.add("cert_file", certFile) + b.add("key_file", certKey) + b.add("verify_incoming", true) + b.add("verify_server_hostname", true) + b.add("verify_outgoing", true) + }) + // if cfg.EncryptionTLSAPI { + // b.addBlock("https", func() { + // b.add("ca_file", caFile) + // b.add("cert_file", certFile) + // b.add("key_file", certKey) + // // b.add("verify_incoming", true) + // }) + // } + if node.IsServer() { + b.addBlock("grpc", func() { b.add("ca_file", caFile) b.add("cert_file", certFile) b.add("key_file", certKey) - b.add("verify_incoming", true) - b.add("verify_server_hostname", true) - b.add("verify_outgoing", true) + // b.add("verify_incoming", true) }) - // if cfg.EncryptionTLSAPI { - // b.addBlock("https", func() { - // b.add("ca_file", caFile) - // b.add("cert_file", certFile) - // b.add("key_file", certKey) - // // b.add("verify_incoming", true) - // }) - // } - if node.IsServer() { - b.addBlock("grpc", func() { - b.add("ca_file", caFile) - b.add("cert_file", certFile) - b.add("key_file", certKey) - // b.add("verify_incoming", true) - }) - } - }) - } + } + }) } b.addBlock("ports", func() { - if node.Images.GreaterThanVersion(topology.MinVersionPeering) { - if node.IsServer() { - b.add("grpc_tls", 8503) - b.add("grpc", -1) - } else { - b.add("grpc", 8502) - b.add("grpc_tls", -1) - } + if node.IsServer() { + b.add("grpc_tls", 8503) + b.add("grpc", -1) + } else { + b.add("grpc", 8502) + b.add("grpc_tls", -1) } b.add("http", 8500) b.add("dns", 8600) @@ -138,22 +125,13 @@ func (g *Generator) generateAgentHCL(node *topology.Node, enableV2, enableV2Tena b.add("default_policy", "deny") b.add("down_policy", "extend-cache") b.add("enable_token_persistence", true) - - if node.Images.GreaterThanVersion(topology.MinVersionAgentTokenPartition) { - b.addBlock("tokens", func() { - if node.IsServer() { - b.add("initial_management", g.sec.ReadGeneric(node.Cluster, secrets.BootstrapToken)) - } - b.add("agent_recovery", g.sec.ReadGeneric(node.Cluster, secrets.AgentRecovery)) - b.add("agent", g.sec.ReadAgentToken(node.Cluster, node.ID())) - }) - } else { - b.addBlock("tokens", func() { - if node.IsServer() { - b.add("master", g.sec.ReadGeneric(node.Cluster, secrets.BootstrapToken)) - } - }) - } + b.addBlock("tokens", func() { + if node.IsServer() { + b.add("initial_management", g.sec.ReadGeneric(node.Cluster, secrets.BootstrapToken)) + } + b.add("agent_recovery", g.sec.ReadGeneric(node.Cluster, secrets.AgentRecovery)) + b.add("agent", g.sec.ReadAgentToken(node.Cluster, node.ID())) + }) }) if node.IsServer() { @@ -210,7 +188,7 @@ func (g *Generator) generateAgentHCL(node *topology.Node, enableV2, enableV2Tena }) } } else { - if cluster.Enterprise && node.Images.GreaterThanVersion(topology.MinVersionAgentTokenPartition) { + if cluster.Enterprise { b.add("partition", node.Partition) } } diff --git a/testing/deployer/sprawl/internal/tfgen/nodes.go b/testing/deployer/sprawl/internal/tfgen/nodes.go index 8ef8f10199e9e..59cca5f711354 100644 --- a/testing/deployer/sprawl/internal/tfgen/nodes.go +++ b/testing/deployer/sprawl/internal/tfgen/nodes.go @@ -67,7 +67,7 @@ func (g *Generator) generateNodeContainers( }{ terraformPod: pod, ImageResource: DockerImageResourceName(node.Images.Consul), - HCL: g.generateAgentHCL(node, cluster.EnableV2 && node.IsServer(), cluster.EnableV2Tenancy && node.IsServer()), + HCL: g.generateAgentHCL(node, cluster.EnableV2 && node.IsServer()), EnterpriseLicense: g.license, })) } diff --git a/testing/deployer/sprawl/sprawl.go b/testing/deployer/sprawl/sprawl.go index bb57e4b8c8a7e..e06c949564d4d 100644 --- a/testing/deployer/sprawl/sprawl.go +++ b/testing/deployer/sprawl/sprawl.go @@ -17,14 +17,13 @@ import ( "time" retry "github.com/avast/retry-go" - "github.com/mitchellh/copystructure" - "google.golang.org/grpc" - + "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" + "github.com/mitchellh/copystructure" + "google.golang.org/grpc" - "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/proto-public/pbresource" "github.com/hashicorp/consul/testing/deployer/sprawl/internal/runner" "github.com/hashicorp/consul/testing/deployer/sprawl/internal/secrets" "github.com/hashicorp/consul/testing/deployer/sprawl/internal/tfgen" @@ -299,18 +298,6 @@ func (s *Sprawl) standardUpgrade(cluster *topology.Cluster, return fmt.Errorf("error upgrading node %s: %w", node.Name, err) } } - - // upgrade client agents one at a time - for _, node := range cluster.Nodes { - if node.Kind != topology.NodeKindClient { - s.logger.Info("Skip non-client node", "node", node.Name) - continue - } - if err := upgradeFn(node.ID()); err != nil { - return fmt.Errorf("error upgrading node %s: %w", node.Name, err) - } - } - return nil } @@ -418,8 +405,8 @@ func (s *Sprawl) RelaunchWithPhase( return nil } -// SnapshotSaveAndRestore saves a snapshot of a cluster and then restores the snapshot -func (s *Sprawl) SnapshotSaveAndRestore(clusterName string) error { +// SnapshotSave saves a snapshot of a cluster and restore with the snapshot +func (s *Sprawl) SnapshotSave(clusterName string) error { cluster, ok := s.topology.Clusters[clusterName] if !ok { return fmt.Errorf("no such cluster: %s", clusterName) diff --git a/testing/deployer/topology/compile.go b/testing/deployer/topology/compile.go index 2f1761e15b274..7698de7465c2f 100644 --- a/testing/deployer/topology/compile.go +++ b/testing/deployer/topology/compile.go @@ -273,7 +273,7 @@ func compile(logger hclog.Logger, raw *Config, prev *Topology) (*Topology, error n.Index = nextIndex nextIndex++ - n.Images = c.Images.OverrideWith(n.Images.ChooseConsul(c.Enterprise)).ChooseNode(n.Kind) + n.Images = c.Images.OverrideWith(n.Images).ChooseNode(n.Kind) n.Cluster = c.Name n.Datacenter = c.Datacenter diff --git a/testing/deployer/topology/default_versions.go b/testing/deployer/topology/default_versions.go index ed1f583a52af6..d4743b8626043 100644 --- a/testing/deployer/topology/default_versions.go +++ b/testing/deployer/topology/default_versions.go @@ -6,7 +6,7 @@ package topology const ( - DefaultConsulCEImage = "hashicorp/consul:1.17.0" + DefaultConsulImage = "hashicorp/consul:1.17.0" DefaultConsulEnterpriseImage = "hashicorp/consul-enterprise:1.17.0-ent" DefaultEnvoyImage = "envoyproxy/envoy:v1.27.2" DefaultDataplaneImage = "hashicorp/consul-dataplane:1.3.0" diff --git a/testing/deployer/topology/images.go b/testing/deployer/topology/images.go index 5692e6bd78b63..b8e1ebce6aded 100644 --- a/testing/deployer/topology/images.go +++ b/testing/deployer/topology/images.go @@ -5,27 +5,11 @@ package topology import ( "strings" - - goversion "github.com/hashicorp/go-version" -) - -var ( - MinVersionAgentTokenPartition = goversion.Must(goversion.NewVersion("v1.11.0")) - MinVersionPeering = goversion.Must(goversion.NewVersion("v1.13.0")) - MinVersionTLS = goversion.Must(goversion.NewVersion("v1.12.0")) ) type Images struct { - // Consul is the image used for creating the container, - // Use ChooseConsul() to control which image (ConsulCE or ConsulEnterprise) assign to Consul - Consul string `json:",omitempty"` - // ConsulCE sets the CE image - ConsulCE string `json:",omitempty"` - // consulVersion is the version part of Consul image, - // e.g., if Consul image is hashicorp/consul-enterprise:1.15.0-ent, - // consulVersion is 1.15.0-ent - consulVersion string - // ConsulEnterprise sets the ent image + Consul string `json:",omitempty"` + ConsulCE string `json:",omitempty"` ConsulEnterprise string `json:",omitempty"` Envoy string Dataplane string @@ -96,7 +80,6 @@ func (i Images) ChooseNode(kind NodeKind) Images { return i } -// ChooseConsul controls which image assigns to Consul func (i Images) ChooseConsul(enterprise bool) Images { if enterprise { i.Consul = i.ConsulEnterprise @@ -105,21 +88,9 @@ func (i Images) ChooseConsul(enterprise bool) Images { } i.ConsulEnterprise = "" i.ConsulCE = "" - - // extract the version part of Consul - i.consulVersion = i.Consul[strings.Index(i.Consul, ":")+1:] return i } -// GreaterThanVersion compares the image version to a specified version -func (i Images) GreaterThanVersion(version *goversion.Version) bool { - if i.consulVersion == "local" { - return true - } - iVer := goversion.Must(goversion.NewVersion(i.consulVersion)) - return iVer.GreaterThanOrEqual(version) -} - func (i Images) OverrideWith(i2 Images) Images { if i2.Consul != "" { i.Consul = i2.Consul @@ -146,7 +117,7 @@ func (i Images) OverrideWith(i2 Images) Images { func DefaultImages() Images { return Images{ Consul: "", - ConsulCE: DefaultConsulCEImage, + ConsulCE: DefaultConsulImage, ConsulEnterprise: DefaultConsulEnterpriseImage, Envoy: DefaultEnvoyImage, Dataplane: DefaultDataplaneImage, diff --git a/testing/deployer/topology/topology.go b/testing/deployer/topology/topology.go index 46befdb128ecb..77fa38ae8febe 100644 --- a/testing/deployer/topology/topology.go +++ b/testing/deployer/topology/topology.go @@ -286,10 +286,6 @@ type Cluster struct { // EnableV2 activates V2 on the servers. If any node in the cluster needs // V2 this will be turned on automatically. EnableV2 bool `json:",omitempty"` - - // EnableV2Tenancy activates V2 tenancy on the servers. If not enabled, - // V2 resources are bridged to V1 tenancy counterparts. - EnableV2Tenancy bool `json:",omitempty"` } func (c *Cluster) inheritFromExisting(existing *Cluster) { diff --git a/testing/deployer/update-latest-versions.sh b/testing/deployer/update-latest-versions.sh index 10a7e1bfffeb6..7c2eef790a1a8 100755 --- a/testing/deployer/update-latest-versions.sh +++ b/testing/deployer/update-latest-versions.sh @@ -8,7 +8,7 @@ cd "$(dirname "$0")" ### # This script will update the default image names to the latest released versions of -# Consul CE, Consul Enterprise, and Consul Dataplane. +# Consul, Consul Enterprise, and Consul Dataplane. # # For Envoy, it will interrogate the latest version of Consul for it's maximum supported # Envoy version and use that. @@ -50,7 +50,7 @@ cat > topology/default_versions.go <` - Name to bind on match. Can use `${var}` interpolation. This flag is required. -- `-bind-type=` - Type of binding to perform (`"service"`, `"node"`, `"templated-policy"`, `"policy"` or `"role"`). +- `-bind-type=` - Type of binding to perform (`"service"` or `"role"`). - `-description=` - A description of the binding rule. @@ -90,35 +90,3 @@ BindType: role BindName: vault Selector: serviceaccount.namespace==default and serviceaccount.name==vault ``` - -Create a new binding rule that binds to a policy: - -```shell-session -$ consul acl binding-rule create -method 'nomad' \ - -description 'gets policy for nomad job' \ - -bind-type 'policy' \ - -bind-name 'nomad-${nomad.jobname}' \ - -selector 'nomad.jobname==billing-app' -ID: e21ae868-7b13-a230-0235-f8e83510642c -AuthMethod: nomad -Description: gets policy for nomad job -BindType: policy -BindName: nomad-billing-app -Selector: nomad.jobname==billing-app -``` - -Create a new binding rule that binds to a templated policy: - -```shell-session -$ consul acl binding-rule create -method 'remote-jwks' \ - -description 'gets templated policy for dns tokens' \ - -bind-type 'templated-policy' \ - -bind-name 'builtin/dns' \ - -selector 'serviceaccount.namespace==default' -ID: eaca9aa4-8913-c8ef-ba39-bfae64f66d99 -AuthMethod: remote-jwks -Description: gets templated policy for dns tokens -BindType: templated-policy -BindName: builtin/dns -Selector: serviceaccount.namespace==default -``` \ No newline at end of file diff --git a/website/content/commands/acl/binding-rule/update.mdx b/website/content/commands/acl/binding-rule/update.mdx index e33b7e026da5c..24f690129433e 100644 --- a/website/content/commands/acl/binding-rule/update.mdx +++ b/website/content/commands/acl/binding-rule/update.mdx @@ -33,7 +33,7 @@ Usage: `consul acl binding-rule update [options] [args]` - `-bind-name=` - Name to bind on match. Can use `${var}` interpolation. This flag is required. -- `-bind-type=` - Type of binding to perform (`"service"`, `"node"`, `"templated-policy"`, `"policy"` or `"role"`). +- `-bind-type=` - Type of binding to perform (`"service"` or `"role"`). - `-description=` - A description of the binding rule. diff --git a/website/content/commands/troubleshoot/index.mdx b/website/content/commands/troubleshoot/index.mdx index 74d9d9cec32ad..0c992aab15c92 100644 --- a/website/content/commands/troubleshoot/index.mdx +++ b/website/content/commands/troubleshoot/index.mdx @@ -22,7 +22,6 @@ Subcommands: proxy Troubleshoots service mesh issues from the current Envoy instance upstreams Gets upstream Envoy identifiers and IPs configured for the proxy - ports Prints open and closed ports on the Consul server. ``` For more information, examples, and usage about a subcommand, click on the name @@ -30,4 +29,3 @@ of the subcommand in the sidebar or one of the links below: - [proxy](/consul/commands/troubleshoot/proxy) - [upstreams](/consul/commands/troubleshoot/upstreams) -- [ports](/consul/commands/troubleshoot/ports) diff --git a/website/content/commands/troubleshoot/ports.mdx b/website/content/commands/troubleshoot/ports.mdx deleted file mode 100644 index 5a4d5faf50821..0000000000000 --- a/website/content/commands/troubleshoot/ports.mdx +++ /dev/null @@ -1,47 +0,0 @@ ---- -layout: commands -page_title: 'Commands: Troubleshoot Ports' -description: >- - The `consul troubleshoot ports` Helps troubleshoot TCP ports by printing if they are open or closed. ---- - -# Consul Troubleshoot Upstreams - -Command: `consul troubleshoot ports` - -The `troubleshoot ports` prints TCP port statuses to help you troubleshoot port connectivity. - -## Usage - -Usage: `consul troubleshoot ports [options]` - -#### Command Options - -- `-host=` - Host name to troubleshoot TCP ports for. You can also set the `CONSUL_HTTP_ADDR` environment variable instead of using the `-host` flag. -- `-ports=` - Specifies a comma-separated list of custom ports to check. - -## Examples - -The following example checks the default ports Consul server uses for TCP connectivity. Note that the `CONSUL_HTTP_ADDR` environment variable is set to `localhost`. As a result, the `-host` flag is not required. -Refer to [Required Ports](/consul/docs/install/ports) for additional information. - -```shell-session -$ export CONSUL_HTTP_ADDR=localhost -$ consul troubleshoot ports -TCP: Port 8501 on localhost is open. -TCP: Port 8502 on localhost is open. -TCP: Port 8503 on localhost is open. -TCP: Port 8302 on localhost is open. -TCP: Port 8300 on localhost is open. -TCP: Port 8600 on localhost is open. -TCP: Port 8301 on localhost is open. -TCP: Port 8500 on localhost is open. -``` - -The following example checks TCP ports status on the `hashicorp.com` host. - -```shell-session -$ consul troubleshoot ports -host hashicorp.com -ports 80,8077 -TCP: Port 80 on hashicorp.com is open. -TCP: Port 8077 on hashicorp.com is closed, unreachable, or the connection timed out. -``` diff --git a/website/content/docs/connect/gateways/api-gateway/configuration/routetimeoutfilter.mdx b/website/content/docs/connect/gateways/api-gateway/configuration/routetimeoutfilter.mdx index 3f0a5e6def6a0..4effb11e13191 100644 --- a/website/content/docs/connect/gateways/api-gateway/configuration/routetimeoutfilter.mdx +++ b/website/content/docs/connect/gateways/api-gateway/configuration/routetimeoutfilter.mdx @@ -97,18 +97,18 @@ Map that contains the details about the gateway policy. The `apiVersion`, `kind` ### `spec.idleTimeout -Specifies the total amount of time permitted for the request stream to be idle. Must specify a parseable number and a unit, for example "5s". +Specifies the total amount of time permitted for the request stream to be idle. Format the string as `""`, for example `"5s"`. Consul uses the `metav1.Duration` package to parse the value. Refer to the [Go documentation](https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration) for additional information about defining parseable values. #### Values - Default: "" -- Data type: string +- Data type: String ### `spec.requestTimeout` -Specifies the total amount of time in nanoseconds, including retry attempts, Consul permits for the entire downstream request to be processed. Must specify a parseable number and a unit, for example "5s". +Specifies the total amount of time in nanoseconds, including retry attempts, Consul permits for the entire downstream request to be processed. Format the string as `""`, for example `"5s"`. Consul uses the `metav1.Duration` package to parse the value. Refer to the [Go documentation](https://pkg.go.dev/k8s.io/apimachinery/pkg/apis/meta/v1#Duration) for additional information about defining parseable values. #### Values - Default: "" -- Data type: Integer +- Data type: String diff --git a/website/content/docs/enterprise/ent-to-ce-downgrades.mdx b/website/content/docs/enterprise/ent-to-ce-downgrades.mdx deleted file mode 100644 index a5b6061f40a6f..0000000000000 --- a/website/content/docs/enterprise/ent-to-ce-downgrades.mdx +++ /dev/null @@ -1,208 +0,0 @@ ---- -layout: docs -page_title: Downgrade from Consul Enterprise to the community edition -description: >- - Learn how to downgrade your installation of Consul Enterprise to the free Consul community edition (CE) ---- - -# Downgrade from Consul Enterprise to the community edition - -This document describes how to downgrade from Consul Enterprise to Consul community edition (CE). - -## Overview - -You can downgrade Consul editions if you no longer require Consul Enterprise features. Complete the following steps to downgrade to Consul CE: - -1. Download the CE binary. -1. Backup your Consul data and set appropriate log levels. -1. Complete the downgrade procedures. - -### Request-handling details - -During the downgrade process, the Consul CE server handles the raft replication logs in one of the following ways: - -- Drops the request. -- Filters out data from requests sent from non-default namespaces or partitions. -- Panics and stops the downgrade. - -The following examples describe scenarios where the server may drop the requests: - -- Registration requests in non-default namespace -- Services or health checks in non-default namespaces or partitions. - -- Write requests to peered clusters if the local partition connecting to the peer is non-default. - -The following examples describe scenarios where the server may filter out data from requests: - -- Intention sources that target non-default namespaces or partitions are filtered out of the configuration entry. -- Exports of services within non-default namespaces or partitions are filtered out of the configuration entry. - -The server may panic and stop the downgrade when Consul cannot safely filter configuration entries that route traffic. This is because Consul is unable to determine if the filtered configuration entries send traffic to services that are able to handle the traffic. Consul CE panics in order to prevent harm to existing service mesh routes. - -In these situations, you must first remove references to services within non-default namespaces or partitions from those configuration entries. - -The server may panic in the following cases: - -- Service splitter, service resolver, and service router configuration entry requests that have references to services located in non-default namespaces or partitions cause the server to panic. - -## Requirements - -You can only downgrade Consul editions for v1.18 and later. - -## Download the CE binary version - -First, download the binary for CE. - - - - -All current and past versions of the CE and Enterprise releases are -available on the [HashiCorp releases page](https://releases.hashicorp.com/consul) - -Example: -```shell-session -$ export VERSION=1.18.0 -$ curl https://releases.hashicorp.com/consul/${VERSION}/consul_${VERSION} _linux_amd64.zip -``` - - - - -To downgrade Consul edition on Kubernetes, modify the image version in your Helm chart and follow the upgrade process described in [Upgrade Consul version](/consul/docs/k8s/upgrade#upgrade-consul-version). - - - - - -## Prepare for the downgrade to CE - -1. Take a snapshot of the existing Consul state so that you have a safe fallback if an error occurs. - - ```shell-session - $ consul snapshot save backup.snap - ``` - -1. Run the following command to verify that the snapshot was successfully saved: - - ```shell-session - $ consul snapshot inspect backup.snap - ``` - - Example output: - - ``` - ID 2-1182-1542056499724 - Size 4115 - Index 1182 - Term 2 - Version 1 - ``` - -1. Store the snapshot in a safe location. Refer to the following documentation for additional information about using snapshots: - - - [Consul snapshot](/consul/commands/snapshot) - - [Backup Consul Data and State tutorial](/consul/tutorials/production-deploy/backup-and-restore) - -1. Temporarily modify your Consul configuration so that its [log_level](/consul/docs/agent/config/cli-flags#_log_level) - is set to `debug`. This enables Consul to report detailed information if an error occurs. -1. Issue the following command on your servers to reload the configuration: - - ```shell-session - $ consul reload - ``` - -1. If applicable, modify the following configuration entries: - - [Service resolver](/consul/docs/connect/config-entries/service-resolver): - 1. Remove services configured as failovers in non-default namespaces or services that belong to a sameness group. - 1. Remove services configured as redirects that belong to non-default namespaces or partitions. - - [Service splitter](/consul/docs/connect/config-entries/service-splitter): - 1. Remove services configured as splits that belong to non-default namespaces or partitions. - - [Service router](/consul/docs/connect/config-entries/service-router): - 1. Remove services configured as a destination that belong to non-default namespaces or partitions. - -## Perform the downgrade - -1. Restart or redeploy all Consul clients with a CE version of the binary. You can use a service management system, such as `systemd` or `upstart`, to restart the Consul service. If you are not using a service management system, you must restart the agent manually. The following example uses `systemctl` to restart the Consul service: - - ```shell-session - $ sudo systemctl restart consul - ``` - -1. Issue the following command to discover which server is currently the leader: - - ```shell-session - $ consul operator raft list-peers - ``` - - Consul prints the raft information. The format and content may differ based on your version of Consul: - - ```shell-session - Node ID Address State Voter RaftProtocol - dc1-node1 ae15858f-7f5f-4dcb-b7d5-710fdcdd2745 10.11.0.2:8300 leader true 3 - dc1-node2 20e6be1b-f1cb-4aab-929f-f7d2d43d9a96 10.11.0.3:8300 follower true 3 - dc1-node3 658c343b-8769-431f-a71a-236f9dbb17b3 10.11.0.4:8300 follower true 3 - ``` - -1. Make a note of the leader so that you can perform the downgrade on agents in the proper order. - -1. Update the server binaries to use the CE version. Complete the following steps in order for each server agent in the `follower` state. Then, repeat the steps for the `leader` agent. - - 1. Set an environment variable named `CONSUL_ENTERPRISE_DOWNGRADE_TO_CE` to `true`. The following example sets variable using `systemd`: - 1. Edit the Consul systemd service unit file: - ```shell-session - $ sudo vi /etc/systemd/system/consul.service - ``` - 1. Add the environment variables you want to set for Consul under the `[Service]` section of the unit file and save the changes: - ```shell-session - [Service] - Environment=CONSUL_ENTERPRISE_DOWNGRADE_TO_CE=true - ``` - 1. Reload `systemd`: - ```shell-session - $ sudo systemctl daemon-reload - ``` - 1. Restart the Consul service. You can use a service management system, such as `systemd` or `upstart`. If you are not using a service management system, you must restart the agent manually. The following example restarts Consul using `systemctl`: - ```shell-session - $ sudo systemctl restart consul - ``` - 1. To validate that the agent has rejoined the cluster and is in sync with the leader, issue the following command: - ```shell-session - $ consul info - ``` - Verify that the `commit_index` and `last_log_index` fields have the same value. Differing values may be result of an unexpected leadership election due to loss of quorum. - -1. Run the following command to verify that all servers appear in the cluster as expected and are on the correct version: - - ```shell-session - $ consul members - ``` - - Consul prints cluster membership information. The exact format and content depends on your Consul version: - - ```shell-session - Node Address Status Type Build Protocol DC - dc1-node1 10.11.0.2:8301 alive server 1.18.0 2 dc1 - dc1-node2 10.11.0.3:8301 alive server 1.18.0 2 dc1 - dc1-node3 10.11.0.4:8301 alive server 1.18.0 2 dc1 - ``` - -1. Verify the raft state to make sure there is a leader and sufficient voters: - - ```shell-session - $ consul operator raft list-peers - ``` - - Consul prints the raft information. The format and content may differ based on your version of Consul: - - ```shell-session - Node ID Address State Voter RaftProtocol - dc1-node1 ae15858f-7f5f-4dcb-b7d5-710fdcdd2745 10.11.0.2:8300 leader true 3 - dc1-node2 20e6be1b-f1cb-4aab-929f-f7d2d43d9a96 10.11.0.3:8300 follower true 3 - dc1-node3 658c343b-8769-431f-a71a-236f9dbb17b3 10.11.0.4:8300 follower true 3 - ``` - -1. Set your `log_level` back to its original value and issue the following command on your servers to reload the configuration: - - ```shell-session - $ consul reload - ``` \ No newline at end of file diff --git a/website/content/docs/enterprise/index.mdx b/website/content/docs/enterprise/index.mdx index a8ff184784073..86f57794c158f 100644 --- a/website/content/docs/enterprise/index.mdx +++ b/website/content/docs/enterprise/index.mdx @@ -187,4 +187,4 @@ Consul Enterprise feature availability can change depending on your server and c | [Traffic rate limiting for services](/consul/docs/connect/manage-traffic/limit-request-rates) | ✅ | ✅ | ✅ | - + \ No newline at end of file diff --git a/website/content/docs/k8s/helm.mdx b/website/content/docs/k8s/helm.mdx index 319ed9746dd61..12e6077f36066 100644 --- a/website/content/docs/k8s/helm.mdx +++ b/website/content/docs/k8s/helm.mdx @@ -759,19 +759,6 @@ Use these links to navigate to a particular top-level stanza. contains best practices and recommendations for selecting suitable hardware sizes for your Consul servers. - - `persistentVolumeClaimRetentionPolicy` ((#v-server-persistentvolumeclaimretentionpolicy)) (`map`) - The [Persistent Volume Claim (PVC) retention policy](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention) - controls if and how PVCs are deleted during the lifecycle of a StatefulSet. - WhenDeleted specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is deleted, - and WhenScaled specifies what happens to PVCs created from StatefulSet VolumeClaimTemplates when the StatefulSet is scaled down. - - Example: - - ```yaml - persistentVolumeClaimRetentionPolicy: - whenDeleted: Retain - whenScaled: Retain - ``` - - `connect` ((#v-server-connect)) (`boolean: true`) - This will enable/disable [service mesh](/consul/docs/connect). Setting this to true _will not_ automatically secure pod communication, this setting will only enable usage of the feature. Consul will automatically initialize diff --git a/website/content/docs/k8s/multiport/reference/trafficpermissions.mdx b/website/content/docs/k8s/multiport/reference/trafficpermissions.mdx index 19e8a20ace7dd..0eae49e88b47e 100644 --- a/website/content/docs/k8s/multiport/reference/trafficpermissions.mdx +++ b/website/content/docs/k8s/multiport/reference/trafficpermissions.mdx @@ -24,10 +24,10 @@ The following list outlines field hierarchy, language-specific data types, and r - [`identityName`](#spec-destination-identityname): string - [`action`](#spec-action): string - [`permissions`](#spec-permissions): list of maps - - [`sources`](#spec-permissions-sources): list of maps + - [`sources`](#spec-permissions-sources): map - [`identityName`](#spec-permissions-sources-identityname): string - - [`destinationRules`](#spec-permissions-destinationrules): list of maps - - [`portNames`](#spec-permissions-destinationrules-portnames): array of strings + - [`destinationRules`](#spec-permissions-destinationrules): + - [`portNames`](#spec-permissions-destinationrules-portNames): array of strings ## Complete configuration @@ -45,10 +45,10 @@ spec: action: allow permissions: - sources: - - identityName: - destinationRules: - - portNames: - - + identityName: + destinationRules: + portNames: + - ``` ## Specification @@ -163,7 +163,7 @@ To specify wildcard references in this block using `*`, omit all other fields. F #### Values - Default: None -- Data type: List of maps +- Data type: Map ### `spec.permissions.sources.identityName` @@ -172,7 +172,7 @@ Specifies the Workload identity for the service that originates the request. #### Values - Default: None -- Data type: String +- Data type: Map ### `spec.permissions.destinationRules` @@ -185,11 +185,11 @@ When [`spec.action`](#spec-action) _denies traffic_, Consul denies authorization #### Values - Default: None -- Data type: List of maps +- Data type: Map ### `spec.permissions.destinationRules.portNames` -Specifies a port name that the Kubernetes Pod's container exposes at the destination. +Specifies a port name that the Kubernetes Service exposes at the destination. #### Values diff --git a/website/content/docs/services/discovery/dns-configuration.mdx b/website/content/docs/services/discovery/dns-configuration.mdx index 5a0d890e79bff..369f8fe50ff79 100644 --- a/website/content/docs/services/discovery/dns-configuration.mdx +++ b/website/content/docs/services/discovery/dns-configuration.mdx @@ -16,7 +16,7 @@ The Consul DNS is the primary interface for querying records when Consul service By default, the Consul DNS listens for queries at `127.0.0.1:8600` and uses the `consul` domain. Specify the following parameters in the agent configuration to determine DNS behavior when querying services: - [`client_addr`](/consul/docs/agent/config/config-files#client_addr) -- [`ports.dns`](/consul/docs/agent/config/config-files#dns_port) : Consul does not use port `53`, which is typically reserved for the default port for DNS resolvers, by default because it requires an escalated privilege to bind to. +- [`ports.dns`](/consul/docs/agent/config/config-files#dns_port) : Consul does not use port `53`, which is typically reserved for the default port for DNS resolvers, by default because it requires an escalated privilege to bind to. - [`recursors`](/consul/docs/agent/config/config-files#recursors) - [`domain`](/consul/docs/agent/config/config-files#domain) - [`alt_domain`](/consul/docs/agent/config/config-files#alt_domain) diff --git a/website/data/commands-nav-data.json b/website/data/commands-nav-data.json index f8b8af1587a3e..1b0cadd0447ca 100644 --- a/website/data/commands-nav-data.json +++ b/website/data/commands-nav-data.json @@ -575,10 +575,6 @@ { "title": "proxy", "path": "troubleshoot/proxy" - }, - { - "title": "ports", - "path": "troubleshoot/ports" } ] }, diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index bc5175f4d796d..84c08a5c39f73 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -1890,10 +1890,6 @@ "path": "enterprise/license/faq" } ] - }, - { - "title": "Enterprise to CE downgrade", - "path": "enterprise/ent-to-ce-downgrades" } ] },