diff --git a/.changelog/14930.txt b/.changelog/14930.txt new file mode 100644 index 0000000000000..c8a82cc1861d5 --- /dev/null +++ b/.changelog/14930.txt @@ -0,0 +1 @@ +peering: remove ServerExternalAddresses parameter from token generation endpoint. \ No newline at end of file diff --git a/.changelog/14971.txt b/.changelog/14971.txt new file mode 100644 index 0000000000000..ce0b8b15c703e --- /dev/null +++ b/.changelog/14971.txt @@ -0,0 +1,3 @@ +```release-note:feature +ui: Display notice banner on nodes index page if synthetic nodes are being filtered. +``` diff --git a/.changelog/15035.txt b/.changelog/15035.txt new file mode 100644 index 0000000000000..22583eb91f13d --- /dev/null +++ b/.changelog/15035.txt @@ -0,0 +1,3 @@ +```release-note:improvement +connect/ca: Log a warning message instead of erroring when attempting to update the intermediate pki mount when using the Vault provider. +``` diff --git a/.changelog/15050.txt b/.changelog/15050.txt new file mode 100644 index 0000000000000..2738b7dc03d14 --- /dev/null +++ b/.changelog/15050.txt @@ -0,0 +1,6 @@ +```release-note:feature +cli: Add `-consul-dns-port` flag to the `consul connect redirect-traffic` command to allow forwarding DNS traffic to a specific Consul DNS port. +``` +```release-note:feature +sdk: Configure `iptables` to forward DNS traffic to a specific DNS port. +``` diff --git a/.changelog/15065.txt b/.changelog/15065.txt new file mode 100644 index 0000000000000..1a7af8a6c8a5d --- /dev/null +++ b/.changelog/15065.txt @@ -0,0 +1,3 @@ +```release-note:bug +peering: fix the error of wan address isn't taken by the peering token. +``` \ No newline at end of file diff --git a/.changelog/15068.txt b/.changelog/15068.txt new file mode 100644 index 0000000000000..9e248e9b0eea3 --- /dev/null +++ b/.changelog/15068.txt @@ -0,0 +1,3 @@ +```release-note:bug +deps: update go-memdb, fixing goroutine leak [[GH-15010](https://github.com/hashicorp/consul/issues/15010)] +``` \ No newline at end of file diff --git a/.changelog/15090.txt b/.changelog/15090.txt new file mode 100644 index 0000000000000..4be43a0e17b00 --- /dev/null +++ b/.changelog/15090.txt @@ -0,0 +1,3 @@ +```release-note:note +deps: Upgrade to use Go 1.19.2 +``` \ No newline at end of file diff --git a/.changelog/15108.txt b/.changelog/15108.txt new file mode 100644 index 0000000000000..10055f0cd9e81 --- /dev/null +++ b/.changelog/15108.txt @@ -0,0 +1,3 @@ +```release-note:bug +peering: when wan address is set, peering stream should use the wan address. +``` \ No newline at end of file diff --git a/.circleci/bash_env.sh b/.circleci/bash_env.sh index 69004e7c8d00a..38bcfd5bd367c 100644 --- a/.circleci/bash_env.sh +++ b/.circleci/bash_env.sh @@ -6,5 +6,5 @@ export GIT_DIRTY=$(test -n "`git status --porcelain`" && echo "+CHANGES" || true export GIT_IMPORT=github.com/hashicorp/consul/version # we're using this for build date because it's stable across platform builds # the env -i and -noprofile are used to ensure we don't try to recursively call this profile when starting bash -export GIT_DATE=$(env -i /bin/bash --noprofile -norc ${CIRCLE_WORKING_DIRECTORY}/build-support/scripts/build-date.sh) +export GIT_DATE=$(env -i /bin/bash --noprofile -norc /home/circleci/project/build-support/scripts/build-date.sh) export GOLDFLAGS="-X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X ${GIT_IMPORT}.BuildDate=${GIT_DATE}" diff --git a/.circleci/config.yml b/.circleci/config.yml index 1413810f1dfef..6411f1d82a37a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -22,7 +22,7 @@ references: S3_ARTIFACT_BUCKET: consul-dev-artifacts-v2 BASH_ENV: .circleci/bash_env.sh VAULT_BINARY_VERSION: 1.9.4 - GO_VERSION: 1.18.1 + GO_VERSION: 1.19.2 envoy-versions: &supported_envoy_versions - &default_envoy_version "1.20.7" - "1.21.5" @@ -35,7 +35,7 @@ references: images: # When updating the Go version, remember to also update the versions in the # workflows section for go-test-lib jobs. - go: &GOLANG_IMAGE docker.mirror.hashicorp.services/cimg/go:1.18.1 + go: &GOLANG_IMAGE docker.mirror.hashicorp.services/cimg/go:1.19.2 ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:14-browsers ubuntu: &UBUNTU_CI_IMAGE ubuntu-2004:202201-02 cache: @@ -130,8 +130,6 @@ commands: steps: - attach_workspace: at: /home/circleci/go/bin - - run: sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y rsyslog - - run: sudo service rsyslog start - run: go mod download - run: name: go test @@ -1069,26 +1067,26 @@ workflows: - dev-build: *filter-ignore-non-go-branches - go-test: requires: [dev-build] - - go-test-lib: - name: "go-test-api go1.17" - path: api - go-version: "1.17" - requires: [dev-build] - go-test-lib: name: "go-test-api go1.18" path: api go-version: "1.18" requires: [dev-build] - go-test-lib: - name: "go-test-sdk go1.17" - path: sdk - go-version: "1.17" - <<: *filter-ignore-non-go-branches + name: "go-test-api go1.19" + path: api + go-version: "1.19" + requires: [ dev-build ] - go-test-lib: name: "go-test-sdk go1.18" path: sdk go-version: "1.18" <<: *filter-ignore-non-go-branches + - go-test-lib: + name: "go-test-sdk go1.19" + path: sdk + go-version: "1.19" + <<: *filter-ignore-non-go-branches - go-test-race: *filter-ignore-non-go-branches - go-test-32bit: *filter-ignore-non-go-branches - noop diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 45891047dce88..d98a840770ca0 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -71,15 +71,15 @@ jobs: strategy: matrix: include: - - {go: "1.18.1", goos: "linux", goarch: "386"} - - {go: "1.18.1", goos: "linux", goarch: "amd64"} - - {go: "1.18.1", goos: "linux", goarch: "arm"} - - {go: "1.18.1", goos: "linux", goarch: "arm64"} - - {go: "1.18.1", goos: "freebsd", goarch: "386"} - - {go: "1.18.1", goos: "freebsd", goarch: "amd64"} - - {go: "1.18.1", goos: "windows", goarch: "386"} - - {go: "1.18.1", goos: "windows", goarch: "amd64"} - - {go: "1.18.1", goos: "solaris", goarch: "amd64"} + - {go: "1.19.2", goos: "linux", goarch: "386"} + - {go: "1.19.2", goos: "linux", goarch: "amd64"} + - {go: "1.19.2", goos: "linux", goarch: "arm"} + - {go: "1.19.2", goos: "linux", goarch: "arm64"} + - {go: "1.19.2", goos: "freebsd", goarch: "386"} + - {go: "1.19.2", goos: "freebsd", goarch: "amd64"} + - {go: "1.19.2", goos: "windows", goarch: "386"} + - {go: "1.19.2", goos: "windows", goarch: "amd64"} + - {go: "1.19.2", goos: "solaris", goarch: "amd64"} fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build @@ -172,7 +172,7 @@ jobs: matrix: goos: [ darwin ] goarch: [ "amd64", "arm64" ] - go: [ "1.18.1" ] + go: [ "1.19.2" ] fail-fast: true name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} build @@ -272,7 +272,7 @@ jobs: version: ${{env.version}} target: ubi arch: amd64 - redhat_tag: scan.connect.redhat.com/ospid-60f9fdbec3a80eac643abedf/${{env.repo}}:${{env.version}}-ubi + redhat_tag: quay.io/redhat-isv-containers/60f9fdbec3a80eac643abedf:${{env.version}}-ubi smoke_test: .github/scripts/verify_docker.sh v${{ env.version }} build-docker-ubi-dockerhub: diff --git a/.golangci.yml b/.golangci.yml index d71c93d163c1d..b2ff1231e7ac8 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -23,10 +23,10 @@ issues: text: 'SA9004:' - linters: [staticcheck] - text: 'SA1019: Package github.com/golang/protobuf/jsonpb is deprecated' + text: 'SA1019: "github.com/golang/protobuf/jsonpb" is deprecated: Use the "google.golang.org/protobuf/encoding/protojson" package instead.' - linters: [staticcheck] - text: 'SA1019: Package github.com/golang/protobuf/proto is deprecated' + text: 'SA1019: "github.com/golang/protobuf/proto" is deprecated: Use the "google.golang.org/protobuf/proto" package instead.' - linters: [staticcheck] text: 'SA1019: ptypes.MarshalAny is deprecated' @@ -35,7 +35,10 @@ issues: text: 'SA1019: ptypes.UnmarshalAny is deprecated' - linters: [staticcheck] - text: 'SA1019: package github.com/golang/protobuf/ptypes is deprecated' + text: 'SA1019: "github.com/golang/protobuf/ptypes" is deprecated: Well-known types have specialized functionality directly injected into the generated packages for each message type. See the deprecation notice for each function for the suggested alternative.' + + - linters: [staticcheck] + text: 'SA1019: "io/ioutil" has been deprecated since Go 1.16' # An argument that always receives the same value is often not a problem. - linters: [unparam] @@ -67,6 +70,14 @@ issues: path: '(_oss.go|_oss_test.go|_ent.go|_ent_test.go)' linters-settings: + govet: + check-shadowing: true + enable-all: true + disable: + - fieldalignment + - nilness + - shadow + - unusedwrite gofmt: simplify: true forbidigo: diff --git a/CHANGELOG.md b/CHANGELOG.md index be4b55dab502f..df9ea05281470 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,70 @@ +## 1.13.3 (October 19, 2022) + +FEATURES: + +* agent: Added a new config option `rpc_client_timeout` to tune timeouts for client RPC requests [[GH-14965](https://github.com/hashicorp/consul/issues/14965)] +* config-entry(ingress-gateway): Added support for `max_connections` for upstream clusters [[GH-14749](https://github.com/hashicorp/consul/issues/14749)] + +IMPROVEMENTS: + +* connect/ca: Log a warning message instead of erroring when attempting to update the intermediate pki mount when using the Vault provider. [[GH-15035](https://github.com/hashicorp/consul/issues/15035)] +* connect: Added gateway options to Envoy proxy config for enabling tcp keepalives on terminating gateway upstreams and mesh gateways in remote datacenters. [[GH-14800](https://github.com/hashicorp/consul/issues/14800)] +* connect: Bump Envoy 1.20 to 1.20.7, 1.21 to 1.21.5 and 1.22 to 1.22.5 [[GH-14828](https://github.com/hashicorp/consul/issues/14828)] +* licensing: **(Enterprise Only)** Consul Enterprise production licenses do not degrade or terminate Consul upon expiration. They will only fail when trying to upgrade to a newer version of Consul. Evaluation licenses still terminate. [[GH-1990](https://github.com/hashicorp/consul/issues/1990)] + +BUG FIXES: + +* agent: avoid leaking the alias check runner goroutine when the check is de-registered [[GH-14935](https://github.com/hashicorp/consul/issues/14935)] +* ca: fix a masked bug in leaf cert generation that would not be notified of root cert rotation after the first one [[GH-15005](https://github.com/hashicorp/consul/issues/15005)] +* cache: prevent goroutine leak in agent cache [[GH-14908](https://github.com/hashicorp/consul/issues/14908)] +* checks: Fixed a bug that prevented registration of UDP health checks from agent configuration files, such as service definition files with embedded health check definitions. [[GH-14885](https://github.com/hashicorp/consul/issues/14885)] +* connect: Fixed a bug where transparent proxy does not correctly spawn listeners for upstreams to service-resolvers. [[GH-14751](https://github.com/hashicorp/consul/issues/14751)] +* snapshot-agent: **(Enterprise only)** Fix a bug when a session is not found in Consul, which leads the agent to panic. + +## 1.12.6 (October 19, 2022) + +FEATURES: + +* agent: Added a new config option `rpc_client_timeout` to tune timeouts for client RPC requests [[GH-14965](https://github.com/hashicorp/consul/issues/14965)] +* agent: Added information about build date alongside other version information for Consul. Extended /agent/self endpoint and `consul version` commands +to report this. Agent also reports build date in log on startup. [[GH-13357](https://github.com/hashicorp/consul/issues/13357)] +* config-entry(ingress-gateway): Added support for `max_connections` for upstream clusters [[GH-14749](https://github.com/hashicorp/consul/issues/14749)] + +IMPROVEMENTS: + +* connect/ca: Log a warning message instead of erroring when attempting to update the intermediate pki mount when using the Vault provider. [[GH-15035](https://github.com/hashicorp/consul/issues/15035)] +* connect: Added gateway options to Envoy proxy config for enabling tcp keepalives on terminating gateway upstreams and mesh gateways in remote datacenters. [[GH-14800](https://github.com/hashicorp/consul/issues/14800)] +* connect: Bump Envoy 1.20 to 1.20.7, 1.21 to 1.21.5 and 1.22 to 1.22.5 [[GH-14829](https://github.com/hashicorp/consul/issues/14829)] +* licensing: **(Enterprise Only)** Consul Enterprise production licenses do not degrade or terminate Consul upon expiration. They will only fail when trying to upgrade to a newer version of Consul. Evaluation licenses still terminate. [[GH-1990](https://github.com/hashicorp/consul/issues/1990)] + +BUG FIXES: + +* agent: avoid leaking the alias check runner goroutine when the check is de-registered [[GH-14935](https://github.com/hashicorp/consul/issues/14935)] +* ca: fix a masked bug in leaf cert generation that would not be notified of root cert rotation after the first one [[GH-15005](https://github.com/hashicorp/consul/issues/15005)] +* cache: prevent goroutine leak in agent cache [[GH-14908](https://github.com/hashicorp/consul/issues/14908)] +* connect: Fixed a bug where transparent proxy does not correctly spawn listeners for upstreams to service-resolvers. [[GH-14751](https://github.com/hashicorp/consul/issues/14751)] +* snapshot-agent: **(Enterprise only)** Fix a bug when a session is not found in Consul, which leads the agent to panic. + +## 1.11.11 (October 19, 2022) + +FEATURES: + +* agent: Added a new config option `rpc_client_timeout` to tune timeouts for client RPC requests [[GH-14965](https://github.com/hashicorp/consul/issues/14965)] +* config-entry(ingress-gateway): Added support for `max_connections` for upstream clusters [[GH-14749](https://github.com/hashicorp/consul/issues/14749)] + +IMPROVEMENTS: + +* connect/ca: Log a warning message instead of erroring when attempting to update the intermediate pki mount when using the Vault provider. [[GH-15035](https://github.com/hashicorp/consul/issues/15035)] +* connect: Added gateway options to Envoy proxy config for enabling tcp keepalives on terminating gateway upstreams and mesh gateways in remote datacenters. [[GH-14800](https://github.com/hashicorp/consul/issues/14800)] +* connect: Bump Envoy 1.20 to 1.20.7 [[GH-14830](https://github.com/hashicorp/consul/issues/14830)] + +BUG FIXES: + +* agent: avoid leaking the alias check runner goroutine when the check is de-registered [[GH-14935](https://github.com/hashicorp/consul/issues/14935)] +* ca: fix a masked bug in leaf cert generation that would not be notified of root cert rotation after the first one [[GH-15005](https://github.com/hashicorp/consul/issues/15005)] +* cache: prevent goroutine leak in agent cache [[GH-14908](https://github.com/hashicorp/consul/issues/14908)] +* snapshot-agent: **(Enterprise only)** Fix a bug when a session is not found in Consul, which leads the agent to panic. + ## 1.11.10 (September 22, 2022) BUG FIXES: diff --git a/GNUmakefile b/GNUmakefile index ad5454991cb99..66570f43973ba 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -7,7 +7,7 @@ SHELL = bash # These version variables can either be a valid string for "go install @" # or the string @DEV to imply use what is currently installed locally. ### -GOLANGCI_LINT_VERSION='v1.46.2' +GOLANGCI_LINT_VERSION='v1.50.1' MOCKERY_VERSION='v2.12.2' BUF_VERSION='v1.4.0' PROTOC_GEN_GO_GRPC_VERSION="v1.2.0" @@ -149,7 +149,9 @@ dev: dev-build dev-build: mkdir -p bin CGO_ENABLED=0 go install -ldflags "$(GOLDFLAGS)" -tags "$(GOTAGS)" - cp -f ${MAIN_GOPATH}/bin/consul ./bin/consul + # rm needed due to signature caching (https://apple.stackexchange.com/a/428388) + rm -f ./bin/consul + cp ${MAIN_GOPATH}/bin/consul ./bin/consul dev-docker: linux @echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)" diff --git a/acl/errors.go b/acl/errors.go index 7c88704b34448..6e6b483daad09 100644 --- a/acl/errors.go +++ b/acl/errors.go @@ -63,7 +63,6 @@ func IsErrPermissionDenied(err error) bool { // Arguably this should be some sort of union type. // The usage of Cause and the rest of the fields is entirely disjoint. -// type PermissionDeniedError struct { Cause string diff --git a/agent/auto-config/auto_config.go b/agent/auto-config/auto_config.go index 631ccc75d382c..9abbd4bb7f7c2 100644 --- a/agent/auto-config/auto_config.go +++ b/agent/auto-config/auto_config.go @@ -225,7 +225,7 @@ func (ac *AutoConfig) introToken() (string, error) { // recordInitialConfiguration is responsible for recording the AutoConfigResponse from // the AutoConfig.InitialConfiguration RPC. It is an all-in-one function to do the following -// * update the Agent token in the token store +// - update the Agent token in the token store func (ac *AutoConfig) recordInitialConfiguration(resp *pbautoconf.AutoConfigResponse) error { ac.autoConfigResponse = resp diff --git a/agent/cache-types/connect_ca_leaf.go b/agent/cache-types/connect_ca_leaf.go index 0e326e0549ff0..f12ce1ece692e 100644 --- a/agent/cache-types/connect_ca_leaf.go +++ b/agent/cache-types/connect_ca_leaf.go @@ -262,10 +262,10 @@ func (c *ConnectCALeaf) rootWatcher(ctx context.Context) { // // Somewhat arbitrarily the current strategy looks like this: // -// 0 60% 90% -// Issued [------------------------------|===============|!!!!!] Expires -// 72h TTL: 0 ~43h ~65h -// 1h TTL: 0 36m 54m +// 0 60% 90% +// Issued [------------------------------|===============|!!!!!] Expires +// 72h TTL: 0 ~43h ~65h +// 1h TTL: 0 36m 54m // // Where |===| is the soft renewal period where we jitter for the first attempt // and |!!!| is the danger zone where we just try immediately. diff --git a/agent/cache-types/rpc.go b/agent/cache-types/rpc.go index cc0a4a8e54067..445ca204630dc 100644 --- a/agent/cache-types/rpc.go +++ b/agent/cache-types/rpc.go @@ -3,6 +3,7 @@ package cachetype // RPC is an interface that an RPC client must implement. This is a helper // interface that is implemented by the agent delegate so that Type // implementations can request RPC access. +// //go:generate mockery --name RPC --inpackage type RPC interface { RPC(method string, args interface{}, reply interface{}) error diff --git a/agent/cache/request.go b/agent/cache/request.go index 48023882d4640..3dc4ea86f8afa 100644 --- a/agent/cache/request.go +++ b/agent/cache/request.go @@ -8,6 +8,7 @@ import ( // // This interface is typically implemented by request structures in // the agent/structs package. +// //go:generate mockery --name Request --inpackage type Request interface { // CacheInfo returns information used for caching this request. diff --git a/agent/cache/type.go b/agent/cache/type.go index 05b28ad1b5921..fbe6978aa2f97 100644 --- a/agent/cache/type.go +++ b/agent/cache/type.go @@ -5,6 +5,7 @@ import ( ) // Type implements the logic to fetch certain types of data. +// //go:generate mockery --name Type --inpackage type Type interface { // Fetch fetches a single unique item. diff --git a/agent/checks/check_test.go b/agent/checks/check_test.go index b8f16d890f02f..d95b87a924b10 100644 --- a/agent/checks/check_test.go +++ b/agent/checks/check_test.go @@ -17,16 +17,17 @@ import ( "testing" "time" + "github.com/hashicorp/go-uuid" + "github.com/stretchr/testify/require" + "golang.org/x/net/http2" + "golang.org/x/net/http2/h2c" + "github.com/hashicorp/consul/agent/mock" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/freeport" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/sdk/testutil/retry" - "github.com/hashicorp/go-uuid" - "github.com/stretchr/testify/require" - http2 "golang.org/x/net/http2" - "golang.org/x/net/http2/h2c" ) func uniqueID() string { @@ -300,8 +301,6 @@ func TestCheckHTTP(t *testing.T) { {code: 429, status: api.HealthWarning}, // critical - {code: 150, status: api.HealthCritical}, - {code: 199, status: api.HealthCritical}, {code: 300, status: api.HealthCritical}, {code: 400, status: api.HealthCritical}, {code: 500, status: api.HealthCritical}, diff --git a/agent/config/file_watcher.go b/agent/config/file_watcher.go index d62d1903542c9..f0458af5f55c5 100644 --- a/agent/config/file_watcher.go +++ b/agent/config/file_watcher.go @@ -47,7 +47,7 @@ type FileWatcherEvent struct { Filenames []string } -//NewFileWatcher create a file watcher that will watch all the files/folders from configFiles +// NewFileWatcher create a file watcher that will watch all the files/folders from configFiles // if success a fileWatcher will be returned and a nil error // otherwise an error and a nil fileWatcher are returned func NewFileWatcher(configFiles []string, logger hclog.Logger) (Watcher, error) { diff --git a/agent/configentry/config_entry.go b/agent/configentry/config_entry.go index a34a197c48775..7bf308c36f1fd 100644 --- a/agent/configentry/config_entry.go +++ b/agent/configentry/config_entry.go @@ -6,9 +6,12 @@ import ( ) // KindName is a value type useful for maps. You can use: -// map[KindName]Payload +// +// map[KindName]Payload +// // instead of: -// map[string]map[string]Payload +// +// map[string]map[string]Payload type KindName struct { Kind string Name string diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index fd57366bd8d97..f3168a17f5bab 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -388,7 +388,7 @@ func (v *VaultProvider) setupIntermediatePKIPath() error { } else { err := v.tuneMountNamespaced(v.config.IntermediatePKINamespace, v.config.IntermediatePKIPath, &mountConfig) if err != nil { - return err + v.logger.Warn("Could not update intermediate PKI mount settings", "path", v.config.IntermediatePKIPath, "error", err) } } diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go index 66b89ba9f5025..ff9637325d524 100644 --- a/agent/connect/ca/provider_vault_test.go +++ b/agent/connect/ca/provider_vault_test.go @@ -20,13 +20,29 @@ import ( ) const pkiTestPolicy = ` -path "sys/mounts/*" +path "sys/mounts" { - capabilities = ["create", "read", "update", "delete", "list", "sudo"] + capabilities = ["read"] +} +path "sys/mounts/pki-root" +{ + capabilities = ["create", "read", "update", "delete", "list"] +} +path "sys/mounts/pki-intermediate" +{ + capabilities = ["create", "read", "update", "delete", "list"] +} +path "sys/mounts/pki-intermediate/tune" +{ + capabilities = ["update"] +} +path "pki-root/*" +{ + capabilities = ["create", "read", "update", "delete", "list"] } path "pki-intermediate/*" { - capabilities = ["create", "read", "update", "delete", "list", "sudo"] + capabilities = ["create", "read", "update", "delete", "list"] }` func TestVaultCAProvider_ParseVaultCAConfig(t *testing.T) { @@ -794,6 +810,98 @@ func TestVaultProvider_RotateAuthMethodToken(t *testing.T) { }, 10*time.Second, 100*time.Millisecond) } +func TestVaultProvider_ReconfigureIntermediateTTL(t *testing.T) { + SkipIfVaultNotPresent(t) + + // Set up a standard policy without any sys/mounts/pki-intermediate/tune permissions. + policy := ` + path "sys/mounts" + { + capabilities = ["read"] + } + path "sys/mounts/pki-root" + { + capabilities = ["create", "read", "update", "delete", "list"] + } + path "sys/mounts/pki-intermediate" + { + capabilities = ["create", "read", "update", "delete", "list"] + } + path "pki-root/*" + { + capabilities = ["create", "read", "update", "delete", "list"] + } + path "pki-intermediate/*" + { + capabilities = ["create", "read", "update", "delete", "list"] + }` + testVault := NewTestVaultServer(t) + + err := testVault.Client().Sys().PutPolicy("pki", policy) + require.NoError(t, err) + + tcr := &vaultapi.TokenCreateRequest{ + Policies: []string{"pki"}, + } + secret, err := testVault.client.Auth().Token().Create(tcr) + require.NoError(t, err) + providerToken := secret.Auth.ClientToken + + makeProviderConfWithTTL := func(ttl string) ProviderConfig { + conf := map[string]interface{}{ + "Address": testVault.Addr, + "RootPKIPath": "pki-root/", + "IntermediatePKIPath": "pki-intermediate/", + "Token": providerToken, + "IntermediateCertTTL": ttl, + } + cfg := ProviderConfig{ + ClusterID: connect.TestClusterID, + Datacenter: "dc1", + IsPrimary: true, + RawConfig: conf, + } + return cfg + } + + provider := NewVaultProvider(hclog.New(nil)) + + // Set up the initial provider config + t.Cleanup(provider.Stop) + err = provider.Configure(makeProviderConfWithTTL("222h")) + require.NoError(t, err) + _, err = provider.GenerateRoot() + require.NoError(t, err) + _, err = provider.GenerateIntermediate() + require.NoError(t, err) + + // Attempt to update the ttl without permissions for the tune endpoint - shouldn't + // return an error. + err = provider.Configure(makeProviderConfWithTTL("333h")) + require.NoError(t, err) + + // Intermediate TTL shouldn't have changed + mountConfig, err := testVault.Client().Sys().MountConfig("pki-intermediate") + require.NoError(t, err) + require.Equal(t, 222*3600, mountConfig.MaxLeaseTTL) + + // Update the policy and verify we can reconfigure the TTL properly. + policy += ` + path "sys/mounts/pki-intermediate/tune" + { + capabilities = ["update"] + }` + err = testVault.Client().Sys().PutPolicy("pki", policy) + require.NoError(t, err) + + err = provider.Configure(makeProviderConfWithTTL("333h")) + require.NoError(t, err) + + mountConfig, err = testVault.Client().Sys().MountConfig("pki-intermediate") + require.NoError(t, err) + require.Equal(t, 333*3600, mountConfig.MaxLeaseTTL) +} + func getIntermediateCertTTL(t *testing.T, caConf *structs.CAConfiguration) time.Duration { t.Helper() diff --git a/agent/connect/common_names.go b/agent/connect/common_names.go index 2915de217119f..641831b24f36d 100644 --- a/agent/connect/common_names.go +++ b/agent/connect/common_names.go @@ -45,9 +45,10 @@ func CompactUID() (string, error) { // specific purpose. // // Format is: -// {provider}-{uniqueID_first8}.{pri|sec}.ca..consul // -// trust domain is truncated to keep the whole name short +// {provider}-{uniqueID_first8}.{pri|sec}.ca..consul +// +// trust domain is truncated to keep the whole name short func CACN(provider, uniqueID, trustDomain string, primaryDC bool) string { providerSan := invalidDNSNameChars.ReplaceAllString(strings.ToLower(provider), "") typ := "pri" diff --git a/agent/consul/acl.go b/agent/consul/acl.go index bf7972e5d4f1b..5360b9751800a 100644 --- a/agent/consul/acl.go +++ b/agent/consul/acl.go @@ -225,19 +225,19 @@ type ACLResolverSettings struct { // - Resolving roles remotely via an ACL.RoleResolve RPC // // Remote Resolution: -// Remote resolution can be done synchronously or asynchronously depending -// on the ACLDownPolicy in the Config passed to the resolver. // -// When the down policy is set to async-cache and we have already cached values -// then go routines will be spawned to perform the RPCs in the background -// and then will update the cache with either the positive or negative result. +// Remote resolution can be done synchronously or asynchronously depending +// on the ACLDownPolicy in the Config passed to the resolver. // -// When the down policy is set to extend-cache or the token/policy/role is not already -// cached then the same go routines are spawned to do the RPCs in the background. -// However in this mode channels are created to receive the results of the RPC -// and are registered with the resolver. Those channels are immediately read/blocked -// upon. +// When the down policy is set to async-cache and we have already cached values +// then go routines will be spawned to perform the RPCs in the background +// and then will update the cache with either the positive or negative result. // +// When the down policy is set to extend-cache or the token/policy/role is not already +// cached then the same go routines are spawned to do the RPCs in the background. +// However in this mode channels are created to receive the results of the RPC +// and are registered with the resolver. Those channels are immediately read/blocked +// upon. type ACLResolver struct { config ACLResolverSettings logger hclog.Logger diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go index 1c5731833808d..513b594b74fa7 100644 --- a/agent/consul/acl_endpoint.go +++ b/agent/consul/acl_endpoint.go @@ -13,8 +13,8 @@ import ( "github.com/armon/go-metrics/prometheus" "github.com/hashicorp/go-bexpr" "github.com/hashicorp/go-hclog" - memdb "github.com/hashicorp/go-memdb" - uuid "github.com/hashicorp/go-uuid" + "github.com/hashicorp/go-memdb" + "github.com/hashicorp/go-uuid" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl/resolver" @@ -108,19 +108,18 @@ type ACL struct { // fileBootstrapResetIndex retrieves the reset index specified by the administrator from // the file on disk. // -// Q: What is the bootstrap reset index? -// A: If you happen to lose acess to all tokens capable of ACL management you need a way -// to get back into your system. This allows an admin to write the current -// bootstrap "index" into a special file on disk to override the mechanism preventing -// a second token bootstrap. The index will be retrieved by a API call to /v1/acl/bootstrap -// When already bootstrapped this API will return the reset index necessary within -// the error response. Once set in the file, the bootstrap API can be used again to -// get a new token. -// -// Q: Why is the reset index not in the config? -// A: We want to be able to remove the reset index once we have used it. This prevents -// accidentally allowing bootstrapping yet again after a snapshot restore. +// Q: What is the bootstrap reset index? +// A: If you happen to lose acess to all tokens capable of ACL management you need a way +// to get back into your system. This allows an admin to write the current +// bootstrap "index" into a special file on disk to override the mechanism preventing +// a second token bootstrap. The index will be retrieved by a API call to /v1/acl/bootstrap +// When already bootstrapped this API will return the reset index necessary within +// the error response. Once set in the file, the bootstrap API can be used again to +// get a new token. // +// Q: Why is the reset index not in the config? +// A: We want to be able to remove the reset index once we have used it. This prevents +// accidentally allowing bootstrapping yet again after a snapshot restore. func (a *ACL) fileBootstrapResetIndex() uint64 { // Determine the file path to check path := filepath.Join(a.srv.config.DataDir, aclBootstrapReset) diff --git a/agent/consul/authmethod/kubeauth/testing.go b/agent/consul/authmethod/kubeauth/testing.go index 4b15378fd2088..87938f406bad1 100644 --- a/agent/consul/authmethod/kubeauth/testing.go +++ b/agent/consul/authmethod/kubeauth/testing.go @@ -27,7 +27,6 @@ import ( // // - POST /apis/authentication.k8s.io/v1/tokenreviews // - GET /api/v1/namespaces//serviceaccounts/ -// type TestAPIServer struct { srv *httptest.Server caCert string diff --git a/agent/consul/fsm/fsm.go b/agent/consul/fsm/fsm.go index 432e646317673..46d7d7731020a 100644 --- a/agent/consul/fsm/fsm.go +++ b/agent/consul/fsm/fsm.go @@ -197,7 +197,11 @@ func (c *FSM) Restore(old io.ReadCloser) error { return err } default: - return fmt.Errorf("Unrecognized msg type %d", msg) + if msg >= 64 { + return fmt.Errorf("msg type <%d> is a Consul Enterprise log entry. Consul OSS cannot restore it", msg) + } else { + return fmt.Errorf("Unrecognized msg type %d", msg) + } } return nil } @@ -331,4 +335,11 @@ func (c *FSM) registerStreamSnapshotHandlers() { if err != nil { panic(fmt.Errorf("fatal error encountered registering streaming snapshot handlers: %w", err)) } + + err = c.deps.Publisher.RegisterHandler(state.EventTopicServiceDefaults, func(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { + return c.State().ServiceDefaultsSnapshot(req, buf) + }, true) + if err != nil { + panic(fmt.Errorf("fatal error encountered registering streaming snapshot handlers: %w", err)) + } } diff --git a/agent/consul/fsm/snapshot_oss_test.go b/agent/consul/fsm/snapshot_oss_test.go index 2b2d3e87015cb..301db3c2aea7b 100644 --- a/agent/consul/fsm/snapshot_oss_test.go +++ b/agent/consul/fsm/snapshot_oss_test.go @@ -1,1028 +1,48 @@ +//go:build !consulent +// +build !consulent + package fsm import ( "bytes" - "fmt" - "net" "testing" - "time" - - "github.com/hashicorp/go-raftchunking" - "github.com/stretchr/testify/require" "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" + "github.com/stretchr/testify/require" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/lib/stringslice" - "github.com/hashicorp/consul/proto/pbpeering" - "github.com/hashicorp/consul/proto/prototest" "github.com/hashicorp/consul/sdk/testutil" ) -func TestFSM_SnapshotRestore_OSS(t *testing.T) { - t.Parallel() +func TestRestoreFromEnterprise(t *testing.T) { logger := testutil.Logger(t) fsm, err := New(nil, logger) require.NoError(t, err) - - // Add some state - node1 := &structs.Node{ - ID: "610918a6-464f-fa9b-1a95-03bd6e88ed92", - Node: "foo", - Datacenter: "dc1", - Address: "127.0.0.1", - } - node2 := &structs.Node{ - ID: "40e4a748-2192-161a-0510-9bf59fe950b5", - Node: "baz", - Datacenter: "dc1", - Address: "127.0.0.2", - TaggedAddresses: map[string]string{ - "hello": "1.2.3.4", - }, - Meta: map[string]string{ - "testMeta": "testing123", - }, - } - require.NoError(t, fsm.state.EnsureNode(1, node1)) - require.NoError(t, fsm.state.EnsureNode(2, node2)) - - // Add a service instance with Connect config. - connectConf := structs.ServiceConnect{ - Native: true, - } - fsm.state.EnsureService(3, "foo", &structs.NodeService{ - ID: "web", - Service: "web", - Tags: nil, - Address: "127.0.0.1", - Port: 80, - Connect: connectConf, - }) - - fsm.state.EnsureService(4, "foo", &structs.NodeService{ID: "db", Service: "db", Tags: []string{"primary"}, Address: "127.0.0.1", Port: 5000}) - fsm.state.EnsureService(5, "baz", &structs.NodeService{ID: "web", Service: "web", Tags: nil, Address: "127.0.0.2", Port: 80}) - fsm.state.EnsureService(6, "baz", &structs.NodeService{ID: "db", Service: "db", Tags: []string{"secondary"}, Address: "127.0.0.2", Port: 5000}) - fsm.state.EnsureCheck(7, &structs.HealthCheck{ - Node: "foo", - CheckID: "web", - Name: "web connectivity", - Status: api.HealthPassing, - ServiceID: "web", - }) - fsm.state.KVSSet(8, &structs.DirEntry{ - Key: "/test", - Value: []byte("foo"), - }) - session := &structs.Session{ID: generateUUID(), Node: "foo"} - fsm.state.SessionCreate(9, session) - - policy := &structs.ACLPolicy{ - ID: structs.ACLPolicyGlobalManagementID, - Name: "global-management", - Description: "Builtin Policy that grants unlimited access", - Rules: structs.ACLPolicyGlobalManagement, - Syntax: acl.SyntaxCurrent, - } - policy.SetHash(true) - require.NoError(t, fsm.state.ACLPolicySet(1, policy)) - - role := &structs.ACLRole{ - ID: "86dedd19-8fae-4594-8294-4e6948a81f9a", - Name: "some-role", - Description: "test snapshot role", - ServiceIdentities: []*structs.ACLServiceIdentity{ - { - ServiceName: "example", - }, - }, - } - role.SetHash(true) - require.NoError(t, fsm.state.ACLRoleSet(1, role)) - - token := &structs.ACLToken{ - AccessorID: "30fca056-9fbb-4455-b94a-bf0e2bc575d6", - SecretID: "cbe1c6fd-d865-4034-9d6d-64fef7fb46a9", - Description: "Bootstrap Token (Global Management)", - Policies: []structs.ACLTokenPolicyLink{ - { - ID: structs.ACLPolicyGlobalManagementID, - }, - }, - CreateTime: time.Now(), - Local: false, - Type: "management", - } - require.NoError(t, fsm.state.ACLBootstrap(10, 0, token)) - - method := &structs.ACLAuthMethod{ - Name: "some-method", - Type: "testing", - Description: "test snapshot auth method", - Config: map[string]interface{}{ - "SessionID": "952ebfa8-2a42-46f0-bcd3-fd98a842000e", - }, - } - require.NoError(t, fsm.state.ACLAuthMethodSet(1, method)) - - method = &structs.ACLAuthMethod{ - Name: "some-method2", - Type: "testing", - Description: "test snapshot auth method", - } - require.NoError(t, fsm.state.ACLAuthMethodSet(1, method)) - - bindingRule := &structs.ACLBindingRule{ - ID: "85184c52-5997-4a84-9817-5945f2632a17", - Description: "test snapshot binding rule", - AuthMethod: "some-method", - Selector: "serviceaccount.namespace==default", - BindType: structs.BindingRuleBindTypeService, - BindName: "${serviceaccount.name}", - } - require.NoError(t, fsm.state.ACLBindingRuleSet(1, bindingRule)) - - fsm.state.KVSSet(11, &structs.DirEntry{ - Key: "/remove", - Value: []byte("foo"), - }) - fsm.state.KVSDelete(12, "/remove", nil) - idx, _, err := fsm.state.KVSList(nil, "/remove", nil) - require.NoError(t, err) - require.EqualValues(t, 12, idx, "bad index") - - updates := structs.Coordinates{ - &structs.Coordinate{ - Node: "baz", - Coord: generateRandomCoordinate(), - }, - &structs.Coordinate{ - Node: "foo", - Coord: generateRandomCoordinate(), - }, - } - require.NoError(t, fsm.state.CoordinateBatchUpdate(13, updates)) - - query := structs.PreparedQuery{ - ID: generateUUID(), - Service: structs.ServiceQuery{ - Service: "web", - }, - RaftIndex: structs.RaftIndex{ - CreateIndex: 14, - ModifyIndex: 14, - }, - } - require.NoError(t, fsm.state.PreparedQuerySet(14, &query)) - - autopilotConf := &structs.AutopilotConfig{ - CleanupDeadServers: true, - LastContactThreshold: 100 * time.Millisecond, - MaxTrailingLogs: 222, - } - require.NoError(t, fsm.state.AutopilotSetConfig(15, autopilotConf)) - - // Legacy Intentions - ixn := structs.TestIntention(t) - ixn.ID = generateUUID() - ixn.RaftIndex = structs.RaftIndex{ - CreateIndex: 14, - ModifyIndex: 14, - } - //nolint:staticcheck - require.NoError(t, fsm.state.LegacyIntentionSet(14, ixn)) - - // CA Roots - roots := []*structs.CARoot{ - connect.TestCA(t, nil), - connect.TestCA(t, nil), - } - for _, r := range roots[1:] { - r.Active = false - } - ok, err := fsm.state.CARootSetCAS(15, 0, roots) - require.NoError(t, err) - require.True(t, ok) - - ok, err = fsm.state.CASetProviderState(16, &structs.CAConsulProviderState{ - ID: "asdf", - PrivateKey: "foo", - RootCert: "bar", - }) - require.NoError(t, err) - require.True(t, ok) - - // CA Config - caConfig := &structs.CAConfiguration{ - ClusterID: "foo", - Provider: "consul", - Config: map[string]interface{}{ - "foo": "asdf", - "bar": 6.5, - }, - } - err = fsm.state.CASetConfig(17, caConfig) - require.NoError(t, err) - - // Config entries - serviceConfig := &structs.ServiceConfigEntry{ - Kind: structs.ServiceDefaults, - Name: "foo", - Protocol: "http", - } - proxyConfig := &structs.ProxyConfigEntry{ - Kind: structs.ProxyDefaults, - Name: "global", - } - require.NoError(t, fsm.state.EnsureConfigEntry(18, serviceConfig)) - require.NoError(t, fsm.state.EnsureConfigEntry(19, proxyConfig)) - - ingress := &structs.IngressGatewayConfigEntry{ - Kind: structs.IngressGateway, - Name: "ingress", - Listeners: []structs.IngressListener{ - { - Port: 8080, - Protocol: "http", - Services: []structs.IngressService{ - { - Name: "foo", - }, - }, - }, - }, - } - require.NoError(t, fsm.state.EnsureConfigEntry(20, ingress)) - _, gatewayServices, err := fsm.state.GatewayServices(nil, "ingress", structs.DefaultEnterpriseMetaInDefaultPartition()) - require.NoError(t, err) - - // Raft Chunking - chunkState := &raftchunking.State{ - ChunkMap: make(raftchunking.ChunkMap), - } - chunkState.ChunkMap[0] = []*raftchunking.ChunkInfo{ - { - OpNum: 0, - SequenceNum: 0, - NumChunks: 3, - Data: []byte("foo"), - }, - nil, - { - OpNum: 0, - SequenceNum: 2, - NumChunks: 3, - Data: []byte("bar"), - }, - } - chunkState.ChunkMap[20] = []*raftchunking.ChunkInfo{ - nil, - { - OpNum: 20, - SequenceNum: 1, - NumChunks: 2, - Data: []byte("bar"), - }, - } - err = fsm.chunker.RestoreState(chunkState) - require.NoError(t, err) - - // Federation states - fedState1 := &structs.FederationState{ - Datacenter: "dc1", - MeshGateways: []structs.CheckServiceNode{ - { - Node: &structs.Node{ - ID: "664bac9f-4de7-4f1b-ad35-0e5365e8f329", - Node: "gateway1", - Datacenter: "dc1", - Address: "1.2.3.4", - }, - Service: &structs.NodeService{ - ID: "mesh-gateway", - Service: "mesh-gateway", - Kind: structs.ServiceKindMeshGateway, - Port: 1111, - Meta: map[string]string{structs.MetaWANFederationKey: "1"}, - }, - Checks: []*structs.HealthCheck{ - { - Name: "web connectivity", - Status: api.HealthPassing, - ServiceID: "mesh-gateway", - }, - }, - }, - { - Node: &structs.Node{ - ID: "3fb9a696-8209-4eee-a1f7-48600deb9716", - Node: "gateway2", - Datacenter: "dc1", - Address: "9.8.7.6", - }, - Service: &structs.NodeService{ - ID: "mesh-gateway", - Service: "mesh-gateway", - Kind: structs.ServiceKindMeshGateway, - Port: 2222, - Meta: map[string]string{structs.MetaWANFederationKey: "1"}, - }, - Checks: []*structs.HealthCheck{ - { - Name: "web connectivity", - Status: api.HealthPassing, - ServiceID: "mesh-gateway", - }, - }, - }, - }, - UpdatedAt: time.Now().UTC(), - } - fedState2 := &structs.FederationState{ - Datacenter: "dc2", - MeshGateways: []structs.CheckServiceNode{ - { - Node: &structs.Node{ - ID: "0f92b02e-9f51-4aa2-861b-4ddbc3492724", - Node: "gateway1", - Datacenter: "dc2", - Address: "8.8.8.8", - }, - Service: &structs.NodeService{ - ID: "mesh-gateway", - Service: "mesh-gateway", - Kind: structs.ServiceKindMeshGateway, - Port: 3333, - Meta: map[string]string{structs.MetaWANFederationKey: "1"}, - }, - Checks: []*structs.HealthCheck{ - { - Name: "web connectivity", - Status: api.HealthPassing, - ServiceID: "mesh-gateway", - }, - }, - }, - { - Node: &structs.Node{ - ID: "99a76121-1c3f-4023-88ef-805248beb10b", - Node: "gateway2", - Datacenter: "dc2", - Address: "5.5.5.5", - }, - Service: &structs.NodeService{ - ID: "mesh-gateway", - Service: "mesh-gateway", - Kind: structs.ServiceKindMeshGateway, - Port: 4444, - Meta: map[string]string{structs.MetaWANFederationKey: "1"}, - }, - Checks: []*structs.HealthCheck{ - { - Name: "web connectivity", - Status: api.HealthPassing, - ServiceID: "mesh-gateway", - }, - }, - }, - }, - UpdatedAt: time.Now().UTC(), - } - require.NoError(t, fsm.state.FederationStateSet(21, fedState1)) - require.NoError(t, fsm.state.FederationStateSet(22, fedState2)) - - // Update a node, service and health check to make sure the ModifyIndexes are preserved correctly after restore. - require.NoError(t, fsm.state.EnsureNode(23, &structs.Node{ - ID: "610918a6-464f-fa9b-1a95-03bd6e88ed92", - Node: "foo", - Datacenter: "dc1", - Address: "127.0.0.3", - })) - require.NoError(t, fsm.state.EnsureService(24, "foo", &structs.NodeService{ID: "db", Service: "db", Tags: []string{"primary"}, Address: "127.0.0.1", Port: 5001})) - require.NoError(t, fsm.state.EnsureCheck(25, &structs.HealthCheck{ - Node: "foo", - CheckID: "web", - Name: "web connectivity", - Status: api.HealthCritical, - ServiceID: "web", - })) - - // system metadata - systemMetadataEntry := &structs.SystemMetadataEntry{ - Key: "key1", Value: "val1", - } - require.NoError(t, fsm.state.SystemMetadataSet(25, systemMetadataEntry)) - - // service-intentions - serviceIxn := &structs.ServiceIntentionsConfigEntry{ - Kind: structs.ServiceIntentions, - Name: "foo", - Sources: []*structs.SourceIntention{ - { - Name: "bar", - Action: structs.IntentionActionAllow, - }, - }, - } - require.NoError(t, fsm.state.EnsureConfigEntry(26, serviceIxn)) - - // mesh config entry - meshConfig := &structs.MeshConfigEntry{ - TransparentProxy: structs.TransparentProxyMeshConfig{ - MeshDestinationsOnly: true, - }, - } - require.NoError(t, fsm.state.EnsureConfigEntry(27, meshConfig)) - - // Connect-native services for virtual IP generation - systemMetadataEntry = &structs.SystemMetadataEntry{ - Key: structs.SystemMetadataVirtualIPsEnabled, - Value: "true", - } - require.NoError(t, fsm.state.SystemMetadataSet(28, systemMetadataEntry)) - - fsm.state.EnsureService(29, "foo", &structs.NodeService{ - ID: "frontend", - Service: "frontend", - Address: "127.0.0.1", - Port: 8000, - Connect: connectConf, - }) - psn := structs.PeeredServiceName{ServiceName: structs.NewServiceName("frontend", nil)} - vip, err := fsm.state.VirtualIPForService(psn) - require.NoError(t, err) - require.Equal(t, vip, "240.0.0.1") - - fsm.state.EnsureService(30, "foo", &structs.NodeService{ - ID: "backend", - Service: "backend", - Address: "127.0.0.1", - Port: 9000, - Connect: connectConf, - }) - psn = structs.PeeredServiceName{ServiceName: structs.NewServiceName("backend", nil)} - vip, err = fsm.state.VirtualIPForService(psn) - require.NoError(t, err) - require.Equal(t, vip, "240.0.0.2") - - _, serviceNames, err := fsm.state.ServiceNamesOfKind(nil, structs.ServiceKindTypical) - require.NoError(t, err) - - expect := []string{"backend", "db", "frontend", "web"} - for i, sn := range serviceNames { - require.Equal(t, expect[i], sn.Service.Name) - } - - // Peerings - require.NoError(t, fsm.state.PeeringWrite(31, &pbpeering.PeeringWriteRequest{ - Peering: &pbpeering.Peering{ - ID: "1fabcd52-1d46-49b0-b1d8-71559aee47f5", - Name: "baz", - }, - SecretsRequest: &pbpeering.SecretsWriteRequest{ - PeerID: "1fabcd52-1d46-49b0-b1d8-71559aee47f5", - Request: &pbpeering.SecretsWriteRequest_GenerateToken{ - GenerateToken: &pbpeering.SecretsWriteRequest_GenerateTokenRequest{ - EstablishmentSecret: "baaeea83-8419-4aa8-ac89-14e7246a3d2f", - }, - }, - }, - })) - - // Peering Trust Bundles - require.NoError(t, fsm.state.PeeringTrustBundleWrite(32, &pbpeering.PeeringTrustBundle{ - TrustDomain: "qux.com", - PeerName: "qux", - RootPEMs: []string{"qux certificate bundle"}, - })) - - // Issue two more secrets writes so that there are three secrets associated with the peering: - // - Establishment: "389bbcdf-1c31-47d6-ae96-f2a3f4c45f84" - // - Pending: "0b7812d4-32d9-4e54-b1b3-4d97084982a0" - require.NoError(t, fsm.state.PeeringSecretsWrite(34, &pbpeering.SecretsWriteRequest{ - PeerID: "1fabcd52-1d46-49b0-b1d8-71559aee47f5", - Request: &pbpeering.SecretsWriteRequest_ExchangeSecret{ - ExchangeSecret: &pbpeering.SecretsWriteRequest_ExchangeSecretRequest{ - EstablishmentSecret: "baaeea83-8419-4aa8-ac89-14e7246a3d2f", - PendingStreamSecret: "0b7812d4-32d9-4e54-b1b3-4d97084982a0", - }, - }, - })) - require.NoError(t, fsm.state.PeeringSecretsWrite(33, &pbpeering.SecretsWriteRequest{ - PeerID: "1fabcd52-1d46-49b0-b1d8-71559aee47f5", - Request: &pbpeering.SecretsWriteRequest_GenerateToken{ - GenerateToken: &pbpeering.SecretsWriteRequest_GenerateTokenRequest{ - EstablishmentSecret: "389bbcdf-1c31-47d6-ae96-f2a3f4c45f84", - }, - }, - })) - - // Snapshot - snap, err := fsm.Snapshot() - require.NoError(t, err) - defer snap.Release() - - // Persist + // To verify if a proper message is displayed when Consul OSS tries to + // unsuccessfully restore entries from a Consul Ent snapshot. buf := bytes.NewBuffer(nil) sink := &MockSink{buf, false} - require.NoError(t, snap.Persist(sink)) - - // create an encoder to handle some custom persisted data - // this is mainly to inject data that would no longer ever - // be persisted but that we still need to be able to restore - encoder := codec.NewEncoder(sink, structs.MsgpackHandle) - - // Persist a legacy ACL token - this is not done in newer code - // but we want to ensure that restoring legacy tokens works as - // expected so we must inject one here manually - _, err = sink.Write([]byte{byte(structs.DeprecatedACLRequestType)}) - require.NoError(t, err) - - acl := LegacyACL{ - ID: "1057354f-69ef-4487-94ab-aead3c755445", - Name: "test-legacy", - Type: "client", - Rules: `operator = "read"`, - RaftIndex: structs.RaftIndex{CreateIndex: 1, ModifyIndex: 2}, - } - require.NoError(t, encoder.Encode(&acl)) - - // Persist a ACLToken without a Hash - the state store will - // now tack these on but we want to ensure we can restore - // tokens without a hash and have the hash be set. - token2 := &structs.ACLToken{ - AccessorID: "4464e4c2-1c55-4c37-978a-66cb3abe6587", - SecretID: "fc8708dc-c5ae-4bb2-a9af-a1ca456548fb", - Description: "Test No Hash", - CreateTime: time.Now(), - Local: false, - Rules: `operator = "read"`, - RaftIndex: structs.RaftIndex{CreateIndex: 1, ModifyIndex: 2}, - } - - _, err = sink.Write([]byte{byte(structs.ACLTokenSetRequestType)}) - require.NoError(t, err) - require.NoError(t, encoder.Encode(&token2)) - - // Try to restore on a new FSM - fsm2, err := New(nil, logger) - require.NoError(t, err) - - // Do a restore - require.NoError(t, fsm2.Restore(sink)) - - // Verify the contents - _, nodes, err := fsm2.state.Nodes(nil, nil, "") - require.NoError(t, err) - require.Len(t, nodes, 2, "incorect number of nodes: %v", nodes) - - // validate the first node. Note that this test relies on stable - // iteration through the memdb index and the fact that node2 has - // a name of "baz" so it should be indexed before node1 with a - // name of "foo". If memdb our our indexing changes this is likely - // to break. - require.Equal(t, node2.ID, nodes[0].ID) - require.Equal(t, "baz", nodes[0].Node) - require.Equal(t, "dc1", nodes[0].Datacenter) - require.Equal(t, "127.0.0.2", nodes[0].Address) - require.Len(t, nodes[0].Meta, 1) - require.Equal(t, "testing123", nodes[0].Meta["testMeta"]) - require.Len(t, nodes[0].TaggedAddresses, 1) - require.Equal(t, "1.2.3.4", nodes[0].TaggedAddresses["hello"]) - require.Equal(t, uint64(2), nodes[0].CreateIndex) - require.Equal(t, uint64(2), nodes[0].ModifyIndex) - - require.Equal(t, node1.ID, nodes[1].ID) - require.Equal(t, "foo", nodes[1].Node) - require.Equal(t, "dc1", nodes[1].Datacenter) - require.Equal(t, "127.0.0.3", nodes[1].Address) - require.Empty(t, nodes[1].TaggedAddresses) - require.Equal(t, uint64(1), nodes[1].CreateIndex) - require.Equal(t, uint64(23), nodes[1].ModifyIndex) - - _, fooSrv, err := fsm2.state.NodeServices(nil, "foo", nil, "") - require.NoError(t, err) - require.Len(t, fooSrv.Services, 4) - require.Contains(t, fooSrv.Services["db"].Tags, "primary") - require.True(t, stringslice.Contains(fooSrv.Services["db"].Tags, "primary")) - require.Equal(t, 5001, fooSrv.Services["db"].Port) - require.Equal(t, uint64(4), fooSrv.Services["db"].CreateIndex) - require.Equal(t, uint64(24), fooSrv.Services["db"].ModifyIndex) - connectSrv := fooSrv.Services["web"] - require.Equal(t, connectConf, connectSrv.Connect) - require.Equal(t, uint64(3), fooSrv.Services["web"].CreateIndex) - require.Equal(t, uint64(3), fooSrv.Services["web"].ModifyIndex) - - _, checks, err := fsm2.state.NodeChecks(nil, "foo", nil, "") - require.NoError(t, err) - require.Len(t, checks, 1) - require.Equal(t, "foo", checks[0].Node) - require.Equal(t, "web", checks[0].ServiceName) - require.Equal(t, uint64(7), checks[0].CreateIndex) - require.Equal(t, uint64(25), checks[0].ModifyIndex) - - // Verify virtual IPs are consistent. - psn = structs.PeeredServiceName{ServiceName: structs.NewServiceName("frontend", nil)} - vip, err = fsm2.state.VirtualIPForService(psn) - require.NoError(t, err) - require.Equal(t, vip, "240.0.0.1") - psn = structs.PeeredServiceName{ServiceName: structs.NewServiceName("backend", nil)} - vip, err = fsm2.state.VirtualIPForService(psn) - require.NoError(t, err) - require.Equal(t, vip, "240.0.0.2") - - // Verify key is set - _, d, err := fsm2.state.KVSGet(nil, "/test", nil) - require.NoError(t, err) - require.EqualValues(t, "foo", d.Value) - - // Verify session is restored - idx, s, err := fsm2.state.SessionGet(nil, session.ID, nil) - require.NoError(t, err) - require.Equal(t, "foo", s.Node) - require.EqualValues(t, 9, idx) - - // Verify ACL Binding Rule is restored - _, bindingRule2, err := fsm2.state.ACLBindingRuleGetByID(nil, bindingRule.ID, nil) - require.NoError(t, err) - require.Equal(t, bindingRule, bindingRule2) - - // Verify ACL Auth Methods are restored - _, authMethods, err := fsm2.state.ACLAuthMethodList(nil, nil) - require.NoError(t, err) - require.Len(t, authMethods, 2) - require.Equal(t, "some-method", authMethods[0].Name) - require.Equal(t, "some-method2", authMethods[1].Name) - - // Verify ACL Token is restored - _, rtoken, err := fsm2.state.ACLTokenGetByAccessor(nil, token.AccessorID, nil) - require.NoError(t, err) - require.NotNil(t, rtoken) - // the state store function will add on the Hash if its empty - require.NotEmpty(t, rtoken.Hash) - token.CreateTime = token.CreateTime.Round(0) - rtoken.CreateTime = rtoken.CreateTime.Round(0) - - // note that this can work because the state store will add the Hash to the token before - // storing. That token just happens to be a pointer to the one in this function so it - // adds the Hash to our local var. - require.Equal(t, token, rtoken) - - // Verify legacy ACL is restored - _, rtoken, err = fsm2.state.ACLTokenGetBySecret(nil, acl.ID, nil) - require.NoError(t, err) - require.NotNil(t, rtoken) - require.NotEmpty(t, rtoken.Hash) - - restoredACL, err := convertACLTokenToLegacy(rtoken) - require.NoError(t, err) - require.Equal(t, &acl, restoredACL) - - // Verify ACLToken without hash computes the Hash during restoration - _, rtoken, err = fsm2.state.ACLTokenGetByAccessor(nil, token2.AccessorID, nil) - require.NoError(t, err) - require.NotNil(t, rtoken) - require.NotEmpty(t, rtoken.Hash) - // nil the Hash so we can compare them - rtoken.Hash = nil - token2.CreateTime = token2.CreateTime.Round(0) - rtoken.CreateTime = rtoken.CreateTime.Round(0) - require.Equal(t, token2, rtoken) - - // Verify the acl-token-bootstrap index was restored - canBootstrap, index, err := fsm2.state.CanBootstrapACLToken() - require.NoError(t, err) - require.False(t, canBootstrap) - require.True(t, index > 0) - - // Verify ACL Role is restored - _, role2, err := fsm2.state.ACLRoleGetByID(nil, role.ID, nil) - require.NoError(t, err) - require.Equal(t, role, role2) - - // Verify ACL Policy is restored - _, policy2, err := fsm2.state.ACLPolicyGetByID(nil, structs.ACLPolicyGlobalManagementID, nil) - require.NoError(t, err) - require.Equal(t, policy, policy2) - - // Verify tombstones are restored - func() { - snap := fsm2.state.Snapshot() - defer snap.Close() - stones, err := snap.Tombstones() - require.NoError(t, err) - stone := stones.Next().(*state.Tombstone) - require.NotNil(t, stone) - require.Equal(t, "/remove", stone.Key) - require.Nil(t, stones.Next()) - }() - - // Verify coordinates are restored - _, coords, err := fsm2.state.Coordinates(nil, nil) - require.NoError(t, err) - require.Equal(t, updates, coords) - - // Verify queries are restored. - _, queries, err := fsm2.state.PreparedQueryList(nil) - require.NoError(t, err) - require.Len(t, queries, 1) - require.Equal(t, &query, queries[0]) - - // Verify autopilot config is restored. - _, restoredConf, err := fsm2.state.AutopilotConfig() - require.NoError(t, err) - require.Equal(t, autopilotConf, restoredConf) - - // Verify legacy intentions are restored. - _, ixns, err := fsm2.state.LegacyIntentions(nil, structs.WildcardEnterpriseMetaInDefaultPartition()) - require.NoError(t, err) - require.Len(t, ixns, 1) - require.Equal(t, ixn, ixns[0]) - - // Verify CA roots are restored. - _, roots, err = fsm2.state.CARoots(nil) - require.NoError(t, err) - require.Len(t, roots, 2) - - // Verify provider state is restored. - _, provider, err := fsm2.state.CAProviderState("asdf") - require.NoError(t, err) - require.Equal(t, "foo", provider.PrivateKey) - require.Equal(t, "bar", provider.RootCert) - - // Verify CA configuration is restored. - _, caConf, err := fsm2.state.CAConfig(nil) - require.NoError(t, err) - require.Equal(t, caConfig, caConf) - - // Verify config entries are restored - _, serviceConfEntry, err := fsm2.state.ConfigEntry(nil, structs.ServiceDefaults, "foo", structs.DefaultEnterpriseMetaInDefaultPartition()) - require.NoError(t, err) - require.Equal(t, serviceConfig, serviceConfEntry) - - _, proxyConfEntry, err := fsm2.state.ConfigEntry(nil, structs.ProxyDefaults, "global", structs.DefaultEnterpriseMetaInDefaultPartition()) - require.NoError(t, err) - require.Equal(t, proxyConfig, proxyConfEntry) - - _, ingressRestored, err := fsm2.state.ConfigEntry(nil, structs.IngressGateway, "ingress", structs.DefaultEnterpriseMetaInDefaultPartition()) - require.NoError(t, err) - require.Equal(t, ingress, ingressRestored) - - _, restoredGatewayServices, err := fsm2.state.GatewayServices(nil, "ingress", structs.DefaultEnterpriseMetaInDefaultPartition()) - require.NoError(t, err) - require.Equal(t, gatewayServices, restoredGatewayServices) - - newChunkState, err := fsm2.chunker.CurrentState() - require.NoError(t, err) - require.Equal(t, newChunkState, chunkState) - - // Verify federation states are restored. - _, fedStateLoaded1, err := fsm2.state.FederationStateGet(nil, "dc1") - require.NoError(t, err) - require.Equal(t, fedState1, fedStateLoaded1) - _, fedStateLoaded2, err := fsm2.state.FederationStateGet(nil, "dc2") - require.NoError(t, err) - require.Equal(t, fedState2, fedStateLoaded2) - - // Verify usage data is correctly updated - idx, nodeUsage, err := fsm2.state.NodeUsage() - require.NoError(t, err) - require.Equal(t, len(nodes), nodeUsage.Nodes) - require.NotZero(t, idx) - - // Verify system metadata is restored. - _, systemMetadataLoaded, err := fsm2.state.SystemMetadataList(nil) - require.NoError(t, err) - require.Len(t, systemMetadataLoaded, 2) - require.Equal(t, systemMetadataEntry, systemMetadataLoaded[1]) - - // Verify service-intentions is restored - _, serviceIxnEntry, err := fsm2.state.ConfigEntry(nil, structs.ServiceIntentions, "foo", structs.DefaultEnterpriseMetaInDefaultPartition()) - require.NoError(t, err) - require.Equal(t, serviceIxn, serviceIxnEntry) - - // Verify mesh config entry is restored - _, meshConfigEntry, err := fsm2.state.ConfigEntry(nil, structs.MeshConfig, structs.MeshConfigMesh, structs.DefaultEnterpriseMetaInDefaultPartition()) - require.NoError(t, err) - require.Equal(t, meshConfig, meshConfigEntry) - - _, restoredServiceNames, err := fsm2.state.ServiceNamesOfKind(nil, structs.ServiceKindTypical) - require.NoError(t, err) - - expect = []string{"backend", "db", "frontend", "web"} - for i, sn := range restoredServiceNames { - require.Equal(t, expect[i], sn.Service.Name) - } - - // Verify peering is restored - idx, prngRestored, err := fsm2.state.PeeringRead(nil, state.Query{ - Value: "baz", - }) - require.NoError(t, err) - require.Equal(t, uint64(31), idx) - require.NotNil(t, prngRestored) - require.Equal(t, "baz", prngRestored.Name) - - // Verify peering secrets are restored - secretsRestored, err := fsm2.state.PeeringSecretsRead(nil, "1fabcd52-1d46-49b0-b1d8-71559aee47f5") - require.NoError(t, err) - expectSecrets := &pbpeering.PeeringSecrets{ - PeerID: "1fabcd52-1d46-49b0-b1d8-71559aee47f5", - Establishment: &pbpeering.PeeringSecrets_Establishment{ - SecretID: "389bbcdf-1c31-47d6-ae96-f2a3f4c45f84", - }, - Stream: &pbpeering.PeeringSecrets_Stream{ - PendingSecretID: "0b7812d4-32d9-4e54-b1b3-4d97084982a0", - }, - } - prototest.AssertDeepEqual(t, expectSecrets, secretsRestored) - - uuids := []string{"389bbcdf-1c31-47d6-ae96-f2a3f4c45f84", "0b7812d4-32d9-4e54-b1b3-4d97084982a0"} - for _, id := range uuids { - free, err := fsm2.state.ValidateProposedPeeringSecretUUID(id) - require.NoError(t, err) - - // The UUIDs in the peering secret should be tracked as in use. - require.False(t, free) - } - - // Verify peering trust bundle is restored - idx, ptbRestored, err := fsm2.state.PeeringTrustBundleRead(nil, state.Query{ - Value: "qux", - }) - require.NoError(t, err) - require.Equal(t, uint64(32), idx) - require.NotNil(t, ptbRestored) - require.Equal(t, "qux.com", ptbRestored.TrustDomain) - require.Equal(t, "qux", ptbRestored.PeerName) - require.Len(t, ptbRestored.RootPEMs, 1) - require.Equal(t, "qux certificate bundle", ptbRestored.RootPEMs[0]) - - // Snapshot - snap, err = fsm2.Snapshot() - require.NoError(t, err) - defer snap.Release() - - // Persist - buf = bytes.NewBuffer(nil) - sink = &MockSink{buf, false} - require.NoError(t, snap.Persist(sink)) - - // Try to restore on the old FSM and make sure it abandons the old state - // store. - abandonCh := fsm.state.AbandonCh() - require.NoError(t, fsm.Restore(sink)) - select { - case <-abandonCh: - default: - require.Fail(t, "Old state not abandoned") - } -} - -// convertACLTokenToLegacy attempts to convert an ACLToken into an legacy ACL. -// TODO(ACL-Legacy-Compat): remove in phase 2, used by snapshot restore -func convertACLTokenToLegacy(tok *structs.ACLToken) (*LegacyACL, error) { - if tok.Type == "" { - return nil, fmt.Errorf("Cannot convert ACLToken into compat token") - } - - compat := &LegacyACL{ - ID: tok.SecretID, - Name: tok.Description, - Type: tok.Type, - Rules: tok.Rules, - RaftIndex: tok.RaftIndex, - } - return compat, nil -} - -func TestFSM_BadRestore_OSS(t *testing.T) { - t.Parallel() - // Create an FSM with some state. - logger := testutil.Logger(t) - fsm, err := New(nil, logger) - require.NoError(t, err) - fsm.state.EnsureNode(1, &structs.Node{Node: "foo", Address: "127.0.0.1"}) - abandonCh := fsm.state.AbandonCh() - - // Do a bad restore. - buf := bytes.NewBuffer([]byte("bad snapshot")) - sink := &MockSink{buf, false} - require.Error(t, fsm.Restore(sink)) - // Verify the contents didn't get corrupted. - _, nodes, err := fsm.state.Nodes(nil, nil, "") - require.NoError(t, err) - require.Len(t, nodes, 1) - require.Equal(t, "foo", nodes[0].Node) - require.Equal(t, "127.0.0.1", nodes[0].Address) - require.Empty(t, nodes[0].TaggedAddresses) - - // Verify the old state store didn't get abandoned. - select { - case <-abandonCh: - require.FailNow(t, "FSM state was abandoned when it should not have been") - default: + type EntMock struct { + ID int + Type string } -} - -func TestFSM_BadSnapshot_NilCAConfig(t *testing.T) { - t.Parallel() - - // Create an FSM with no config entry. - logger := testutil.Logger(t) - fsm, err := New(nil, logger) - require.NoError(t, err) - - // Snapshot - snap, err := fsm.Snapshot() - require.NoError(t, err) - defer snap.Release() - - // Persist - buf := bytes.NewBuffer(nil) - sink := &MockSink{buf, false} - require.NoError(t, snap.Persist(sink)) - - // Try to restore on a new FSM - fsm2, err := New(nil, logger) - require.NoError(t, err) - // Do a restore - require.NoError(t, fsm2.Restore(sink)) - - // Make sure there's no entry in the CA config table. - state := fsm2.State() - idx, config, err := state.CAConfig(nil) - require.NoError(t, err) - require.EqualValues(t, 0, idx) - require.Nil(t, config) -} - -// This test asserts that ServiceVirtualIP, which made a breaking change -// in 1.13.0, can still restore from older snapshots which use the old -// state.ServiceVirtualIP type. -func Test_restoreServiceVirtualIP(t *testing.T) { - psn := structs.PeeredServiceName{ - ServiceName: structs.ServiceName{ - Name: "foo", - }, + entMockEntry := EntMock{ + ID: 65, + Type: "A Consul Ent Log Type", } - run := func(t *testing.T, input interface{}) { - t.Helper() - - var b []byte - buf := bytes.NewBuffer(b) - // Encode input - encoder := codec.NewEncoder(buf, structs.MsgpackHandle) - require.NoError(t, encoder.Encode(input)) - - // Create a decoder - dec := codec.NewDecoder(buf, structs.MsgpackHandle) - - logger := testutil.Logger(t) - fsm, err := New(nil, logger) - require.NoError(t, err) - - restore := fsm.State().Restore() - - // Call restore - require.NoError(t, restoreServiceVirtualIP(nil, restore, dec)) - require.NoError(t, restore.Commit()) - - ip, err := fsm.State().VirtualIPForService(psn) - require.NoError(t, err) - - // 240->224 due to addIPOffset - require.Equal(t, "224.0.0.2", ip) + // Write the header + header := SnapshotHeader{ + LastIndex: 0, } + encoder := codec.NewEncoder(sink, structs.MsgpackHandle) + encoder.Encode(&header) + sink.Write([]byte{byte(structs.MessageType(entMockEntry.ID))}) + encoder.Encode(entMockEntry) - t.Run("new ServiceVirtualIP with PeeredServiceName", func(t *testing.T) { - run(t, state.ServiceVirtualIP{ - Service: psn, - IP: net.ParseIP("240.0.0.2"), - RaftIndex: structs.RaftIndex{}, - }) - }) - t.Run("pre-1.13.0 ServiceVirtualIP with ServiceName", func(t *testing.T) { - type compatServiceVirtualIP struct { - Service structs.ServiceName - IP net.IP - RaftIndex structs.RaftIndex - } - - run(t, compatServiceVirtualIP{ - Service: structs.ServiceName{ - Name: "foo", - }, - IP: net.ParseIP("240.0.0.2"), - RaftIndex: structs.RaftIndex{}, - }) - }) + require.EqualError(t, fsm.Restore(sink), "msg type <65> is a Consul Enterprise log entry. Consul OSS cannot restore it") + sink.Cancel() } diff --git a/agent/consul/fsm/snapshot_test.go b/agent/consul/fsm/snapshot_test.go new file mode 100644 index 0000000000000..2b2d3e87015cb --- /dev/null +++ b/agent/consul/fsm/snapshot_test.go @@ -0,0 +1,1028 @@ +package fsm + +import ( + "bytes" + "fmt" + "net" + "testing" + "time" + + "github.com/hashicorp/go-raftchunking" + "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/api" + "github.com/hashicorp/consul/lib/stringslice" + "github.com/hashicorp/consul/proto/pbpeering" + "github.com/hashicorp/consul/proto/prototest" + "github.com/hashicorp/consul/sdk/testutil" +) + +func TestFSM_SnapshotRestore_OSS(t *testing.T) { + t.Parallel() + + logger := testutil.Logger(t) + fsm, err := New(nil, logger) + require.NoError(t, err) + + // Add some state + node1 := &structs.Node{ + ID: "610918a6-464f-fa9b-1a95-03bd6e88ed92", + Node: "foo", + Datacenter: "dc1", + Address: "127.0.0.1", + } + node2 := &structs.Node{ + ID: "40e4a748-2192-161a-0510-9bf59fe950b5", + Node: "baz", + Datacenter: "dc1", + Address: "127.0.0.2", + TaggedAddresses: map[string]string{ + "hello": "1.2.3.4", + }, + Meta: map[string]string{ + "testMeta": "testing123", + }, + } + require.NoError(t, fsm.state.EnsureNode(1, node1)) + require.NoError(t, fsm.state.EnsureNode(2, node2)) + + // Add a service instance with Connect config. + connectConf := structs.ServiceConnect{ + Native: true, + } + fsm.state.EnsureService(3, "foo", &structs.NodeService{ + ID: "web", + Service: "web", + Tags: nil, + Address: "127.0.0.1", + Port: 80, + Connect: connectConf, + }) + + fsm.state.EnsureService(4, "foo", &structs.NodeService{ID: "db", Service: "db", Tags: []string{"primary"}, Address: "127.0.0.1", Port: 5000}) + fsm.state.EnsureService(5, "baz", &structs.NodeService{ID: "web", Service: "web", Tags: nil, Address: "127.0.0.2", Port: 80}) + fsm.state.EnsureService(6, "baz", &structs.NodeService{ID: "db", Service: "db", Tags: []string{"secondary"}, Address: "127.0.0.2", Port: 5000}) + fsm.state.EnsureCheck(7, &structs.HealthCheck{ + Node: "foo", + CheckID: "web", + Name: "web connectivity", + Status: api.HealthPassing, + ServiceID: "web", + }) + fsm.state.KVSSet(8, &structs.DirEntry{ + Key: "/test", + Value: []byte("foo"), + }) + session := &structs.Session{ID: generateUUID(), Node: "foo"} + fsm.state.SessionCreate(9, session) + + policy := &structs.ACLPolicy{ + ID: structs.ACLPolicyGlobalManagementID, + Name: "global-management", + Description: "Builtin Policy that grants unlimited access", + Rules: structs.ACLPolicyGlobalManagement, + Syntax: acl.SyntaxCurrent, + } + policy.SetHash(true) + require.NoError(t, fsm.state.ACLPolicySet(1, policy)) + + role := &structs.ACLRole{ + ID: "86dedd19-8fae-4594-8294-4e6948a81f9a", + Name: "some-role", + Description: "test snapshot role", + ServiceIdentities: []*structs.ACLServiceIdentity{ + { + ServiceName: "example", + }, + }, + } + role.SetHash(true) + require.NoError(t, fsm.state.ACLRoleSet(1, role)) + + token := &structs.ACLToken{ + AccessorID: "30fca056-9fbb-4455-b94a-bf0e2bc575d6", + SecretID: "cbe1c6fd-d865-4034-9d6d-64fef7fb46a9", + Description: "Bootstrap Token (Global Management)", + Policies: []structs.ACLTokenPolicyLink{ + { + ID: structs.ACLPolicyGlobalManagementID, + }, + }, + CreateTime: time.Now(), + Local: false, + Type: "management", + } + require.NoError(t, fsm.state.ACLBootstrap(10, 0, token)) + + method := &structs.ACLAuthMethod{ + Name: "some-method", + Type: "testing", + Description: "test snapshot auth method", + Config: map[string]interface{}{ + "SessionID": "952ebfa8-2a42-46f0-bcd3-fd98a842000e", + }, + } + require.NoError(t, fsm.state.ACLAuthMethodSet(1, method)) + + method = &structs.ACLAuthMethod{ + Name: "some-method2", + Type: "testing", + Description: "test snapshot auth method", + } + require.NoError(t, fsm.state.ACLAuthMethodSet(1, method)) + + bindingRule := &structs.ACLBindingRule{ + ID: "85184c52-5997-4a84-9817-5945f2632a17", + Description: "test snapshot binding rule", + AuthMethod: "some-method", + Selector: "serviceaccount.namespace==default", + BindType: structs.BindingRuleBindTypeService, + BindName: "${serviceaccount.name}", + } + require.NoError(t, fsm.state.ACLBindingRuleSet(1, bindingRule)) + + fsm.state.KVSSet(11, &structs.DirEntry{ + Key: "/remove", + Value: []byte("foo"), + }) + fsm.state.KVSDelete(12, "/remove", nil) + idx, _, err := fsm.state.KVSList(nil, "/remove", nil) + require.NoError(t, err) + require.EqualValues(t, 12, idx, "bad index") + + updates := structs.Coordinates{ + &structs.Coordinate{ + Node: "baz", + Coord: generateRandomCoordinate(), + }, + &structs.Coordinate{ + Node: "foo", + Coord: generateRandomCoordinate(), + }, + } + require.NoError(t, fsm.state.CoordinateBatchUpdate(13, updates)) + + query := structs.PreparedQuery{ + ID: generateUUID(), + Service: structs.ServiceQuery{ + Service: "web", + }, + RaftIndex: structs.RaftIndex{ + CreateIndex: 14, + ModifyIndex: 14, + }, + } + require.NoError(t, fsm.state.PreparedQuerySet(14, &query)) + + autopilotConf := &structs.AutopilotConfig{ + CleanupDeadServers: true, + LastContactThreshold: 100 * time.Millisecond, + MaxTrailingLogs: 222, + } + require.NoError(t, fsm.state.AutopilotSetConfig(15, autopilotConf)) + + // Legacy Intentions + ixn := structs.TestIntention(t) + ixn.ID = generateUUID() + ixn.RaftIndex = structs.RaftIndex{ + CreateIndex: 14, + ModifyIndex: 14, + } + //nolint:staticcheck + require.NoError(t, fsm.state.LegacyIntentionSet(14, ixn)) + + // CA Roots + roots := []*structs.CARoot{ + connect.TestCA(t, nil), + connect.TestCA(t, nil), + } + for _, r := range roots[1:] { + r.Active = false + } + ok, err := fsm.state.CARootSetCAS(15, 0, roots) + require.NoError(t, err) + require.True(t, ok) + + ok, err = fsm.state.CASetProviderState(16, &structs.CAConsulProviderState{ + ID: "asdf", + PrivateKey: "foo", + RootCert: "bar", + }) + require.NoError(t, err) + require.True(t, ok) + + // CA Config + caConfig := &structs.CAConfiguration{ + ClusterID: "foo", + Provider: "consul", + Config: map[string]interface{}{ + "foo": "asdf", + "bar": 6.5, + }, + } + err = fsm.state.CASetConfig(17, caConfig) + require.NoError(t, err) + + // Config entries + serviceConfig := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "foo", + Protocol: "http", + } + proxyConfig := &structs.ProxyConfigEntry{ + Kind: structs.ProxyDefaults, + Name: "global", + } + require.NoError(t, fsm.state.EnsureConfigEntry(18, serviceConfig)) + require.NoError(t, fsm.state.EnsureConfigEntry(19, proxyConfig)) + + ingress := &structs.IngressGatewayConfigEntry{ + Kind: structs.IngressGateway, + Name: "ingress", + Listeners: []structs.IngressListener{ + { + Port: 8080, + Protocol: "http", + Services: []structs.IngressService{ + { + Name: "foo", + }, + }, + }, + }, + } + require.NoError(t, fsm.state.EnsureConfigEntry(20, ingress)) + _, gatewayServices, err := fsm.state.GatewayServices(nil, "ingress", structs.DefaultEnterpriseMetaInDefaultPartition()) + require.NoError(t, err) + + // Raft Chunking + chunkState := &raftchunking.State{ + ChunkMap: make(raftchunking.ChunkMap), + } + chunkState.ChunkMap[0] = []*raftchunking.ChunkInfo{ + { + OpNum: 0, + SequenceNum: 0, + NumChunks: 3, + Data: []byte("foo"), + }, + nil, + { + OpNum: 0, + SequenceNum: 2, + NumChunks: 3, + Data: []byte("bar"), + }, + } + chunkState.ChunkMap[20] = []*raftchunking.ChunkInfo{ + nil, + { + OpNum: 20, + SequenceNum: 1, + NumChunks: 2, + Data: []byte("bar"), + }, + } + err = fsm.chunker.RestoreState(chunkState) + require.NoError(t, err) + + // Federation states + fedState1 := &structs.FederationState{ + Datacenter: "dc1", + MeshGateways: []structs.CheckServiceNode{ + { + Node: &structs.Node{ + ID: "664bac9f-4de7-4f1b-ad35-0e5365e8f329", + Node: "gateway1", + Datacenter: "dc1", + Address: "1.2.3.4", + }, + Service: &structs.NodeService{ + ID: "mesh-gateway", + Service: "mesh-gateway", + Kind: structs.ServiceKindMeshGateway, + Port: 1111, + Meta: map[string]string{structs.MetaWANFederationKey: "1"}, + }, + Checks: []*structs.HealthCheck{ + { + Name: "web connectivity", + Status: api.HealthPassing, + ServiceID: "mesh-gateway", + }, + }, + }, + { + Node: &structs.Node{ + ID: "3fb9a696-8209-4eee-a1f7-48600deb9716", + Node: "gateway2", + Datacenter: "dc1", + Address: "9.8.7.6", + }, + Service: &structs.NodeService{ + ID: "mesh-gateway", + Service: "mesh-gateway", + Kind: structs.ServiceKindMeshGateway, + Port: 2222, + Meta: map[string]string{structs.MetaWANFederationKey: "1"}, + }, + Checks: []*structs.HealthCheck{ + { + Name: "web connectivity", + Status: api.HealthPassing, + ServiceID: "mesh-gateway", + }, + }, + }, + }, + UpdatedAt: time.Now().UTC(), + } + fedState2 := &structs.FederationState{ + Datacenter: "dc2", + MeshGateways: []structs.CheckServiceNode{ + { + Node: &structs.Node{ + ID: "0f92b02e-9f51-4aa2-861b-4ddbc3492724", + Node: "gateway1", + Datacenter: "dc2", + Address: "8.8.8.8", + }, + Service: &structs.NodeService{ + ID: "mesh-gateway", + Service: "mesh-gateway", + Kind: structs.ServiceKindMeshGateway, + Port: 3333, + Meta: map[string]string{structs.MetaWANFederationKey: "1"}, + }, + Checks: []*structs.HealthCheck{ + { + Name: "web connectivity", + Status: api.HealthPassing, + ServiceID: "mesh-gateway", + }, + }, + }, + { + Node: &structs.Node{ + ID: "99a76121-1c3f-4023-88ef-805248beb10b", + Node: "gateway2", + Datacenter: "dc2", + Address: "5.5.5.5", + }, + Service: &structs.NodeService{ + ID: "mesh-gateway", + Service: "mesh-gateway", + Kind: structs.ServiceKindMeshGateway, + Port: 4444, + Meta: map[string]string{structs.MetaWANFederationKey: "1"}, + }, + Checks: []*structs.HealthCheck{ + { + Name: "web connectivity", + Status: api.HealthPassing, + ServiceID: "mesh-gateway", + }, + }, + }, + }, + UpdatedAt: time.Now().UTC(), + } + require.NoError(t, fsm.state.FederationStateSet(21, fedState1)) + require.NoError(t, fsm.state.FederationStateSet(22, fedState2)) + + // Update a node, service and health check to make sure the ModifyIndexes are preserved correctly after restore. + require.NoError(t, fsm.state.EnsureNode(23, &structs.Node{ + ID: "610918a6-464f-fa9b-1a95-03bd6e88ed92", + Node: "foo", + Datacenter: "dc1", + Address: "127.0.0.3", + })) + require.NoError(t, fsm.state.EnsureService(24, "foo", &structs.NodeService{ID: "db", Service: "db", Tags: []string{"primary"}, Address: "127.0.0.1", Port: 5001})) + require.NoError(t, fsm.state.EnsureCheck(25, &structs.HealthCheck{ + Node: "foo", + CheckID: "web", + Name: "web connectivity", + Status: api.HealthCritical, + ServiceID: "web", + })) + + // system metadata + systemMetadataEntry := &structs.SystemMetadataEntry{ + Key: "key1", Value: "val1", + } + require.NoError(t, fsm.state.SystemMetadataSet(25, systemMetadataEntry)) + + // service-intentions + serviceIxn := &structs.ServiceIntentionsConfigEntry{ + Kind: structs.ServiceIntentions, + Name: "foo", + Sources: []*structs.SourceIntention{ + { + Name: "bar", + Action: structs.IntentionActionAllow, + }, + }, + } + require.NoError(t, fsm.state.EnsureConfigEntry(26, serviceIxn)) + + // mesh config entry + meshConfig := &structs.MeshConfigEntry{ + TransparentProxy: structs.TransparentProxyMeshConfig{ + MeshDestinationsOnly: true, + }, + } + require.NoError(t, fsm.state.EnsureConfigEntry(27, meshConfig)) + + // Connect-native services for virtual IP generation + systemMetadataEntry = &structs.SystemMetadataEntry{ + Key: structs.SystemMetadataVirtualIPsEnabled, + Value: "true", + } + require.NoError(t, fsm.state.SystemMetadataSet(28, systemMetadataEntry)) + + fsm.state.EnsureService(29, "foo", &structs.NodeService{ + ID: "frontend", + Service: "frontend", + Address: "127.0.0.1", + Port: 8000, + Connect: connectConf, + }) + psn := structs.PeeredServiceName{ServiceName: structs.NewServiceName("frontend", nil)} + vip, err := fsm.state.VirtualIPForService(psn) + require.NoError(t, err) + require.Equal(t, vip, "240.0.0.1") + + fsm.state.EnsureService(30, "foo", &structs.NodeService{ + ID: "backend", + Service: "backend", + Address: "127.0.0.1", + Port: 9000, + Connect: connectConf, + }) + psn = structs.PeeredServiceName{ServiceName: structs.NewServiceName("backend", nil)} + vip, err = fsm.state.VirtualIPForService(psn) + require.NoError(t, err) + require.Equal(t, vip, "240.0.0.2") + + _, serviceNames, err := fsm.state.ServiceNamesOfKind(nil, structs.ServiceKindTypical) + require.NoError(t, err) + + expect := []string{"backend", "db", "frontend", "web"} + for i, sn := range serviceNames { + require.Equal(t, expect[i], sn.Service.Name) + } + + // Peerings + require.NoError(t, fsm.state.PeeringWrite(31, &pbpeering.PeeringWriteRequest{ + Peering: &pbpeering.Peering{ + ID: "1fabcd52-1d46-49b0-b1d8-71559aee47f5", + Name: "baz", + }, + SecretsRequest: &pbpeering.SecretsWriteRequest{ + PeerID: "1fabcd52-1d46-49b0-b1d8-71559aee47f5", + Request: &pbpeering.SecretsWriteRequest_GenerateToken{ + GenerateToken: &pbpeering.SecretsWriteRequest_GenerateTokenRequest{ + EstablishmentSecret: "baaeea83-8419-4aa8-ac89-14e7246a3d2f", + }, + }, + }, + })) + + // Peering Trust Bundles + require.NoError(t, fsm.state.PeeringTrustBundleWrite(32, &pbpeering.PeeringTrustBundle{ + TrustDomain: "qux.com", + PeerName: "qux", + RootPEMs: []string{"qux certificate bundle"}, + })) + + // Issue two more secrets writes so that there are three secrets associated with the peering: + // - Establishment: "389bbcdf-1c31-47d6-ae96-f2a3f4c45f84" + // - Pending: "0b7812d4-32d9-4e54-b1b3-4d97084982a0" + require.NoError(t, fsm.state.PeeringSecretsWrite(34, &pbpeering.SecretsWriteRequest{ + PeerID: "1fabcd52-1d46-49b0-b1d8-71559aee47f5", + Request: &pbpeering.SecretsWriteRequest_ExchangeSecret{ + ExchangeSecret: &pbpeering.SecretsWriteRequest_ExchangeSecretRequest{ + EstablishmentSecret: "baaeea83-8419-4aa8-ac89-14e7246a3d2f", + PendingStreamSecret: "0b7812d4-32d9-4e54-b1b3-4d97084982a0", + }, + }, + })) + require.NoError(t, fsm.state.PeeringSecretsWrite(33, &pbpeering.SecretsWriteRequest{ + PeerID: "1fabcd52-1d46-49b0-b1d8-71559aee47f5", + Request: &pbpeering.SecretsWriteRequest_GenerateToken{ + GenerateToken: &pbpeering.SecretsWriteRequest_GenerateTokenRequest{ + EstablishmentSecret: "389bbcdf-1c31-47d6-ae96-f2a3f4c45f84", + }, + }, + })) + + // Snapshot + snap, err := fsm.Snapshot() + require.NoError(t, err) + defer snap.Release() + + // Persist + buf := bytes.NewBuffer(nil) + sink := &MockSink{buf, false} + require.NoError(t, snap.Persist(sink)) + + // create an encoder to handle some custom persisted data + // this is mainly to inject data that would no longer ever + // be persisted but that we still need to be able to restore + encoder := codec.NewEncoder(sink, structs.MsgpackHandle) + + // Persist a legacy ACL token - this is not done in newer code + // but we want to ensure that restoring legacy tokens works as + // expected so we must inject one here manually + _, err = sink.Write([]byte{byte(structs.DeprecatedACLRequestType)}) + require.NoError(t, err) + + acl := LegacyACL{ + ID: "1057354f-69ef-4487-94ab-aead3c755445", + Name: "test-legacy", + Type: "client", + Rules: `operator = "read"`, + RaftIndex: structs.RaftIndex{CreateIndex: 1, ModifyIndex: 2}, + } + require.NoError(t, encoder.Encode(&acl)) + + // Persist a ACLToken without a Hash - the state store will + // now tack these on but we want to ensure we can restore + // tokens without a hash and have the hash be set. + token2 := &structs.ACLToken{ + AccessorID: "4464e4c2-1c55-4c37-978a-66cb3abe6587", + SecretID: "fc8708dc-c5ae-4bb2-a9af-a1ca456548fb", + Description: "Test No Hash", + CreateTime: time.Now(), + Local: false, + Rules: `operator = "read"`, + RaftIndex: structs.RaftIndex{CreateIndex: 1, ModifyIndex: 2}, + } + + _, err = sink.Write([]byte{byte(structs.ACLTokenSetRequestType)}) + require.NoError(t, err) + require.NoError(t, encoder.Encode(&token2)) + + // Try to restore on a new FSM + fsm2, err := New(nil, logger) + require.NoError(t, err) + + // Do a restore + require.NoError(t, fsm2.Restore(sink)) + + // Verify the contents + _, nodes, err := fsm2.state.Nodes(nil, nil, "") + require.NoError(t, err) + require.Len(t, nodes, 2, "incorect number of nodes: %v", nodes) + + // validate the first node. Note that this test relies on stable + // iteration through the memdb index and the fact that node2 has + // a name of "baz" so it should be indexed before node1 with a + // name of "foo". If memdb our our indexing changes this is likely + // to break. + require.Equal(t, node2.ID, nodes[0].ID) + require.Equal(t, "baz", nodes[0].Node) + require.Equal(t, "dc1", nodes[0].Datacenter) + require.Equal(t, "127.0.0.2", nodes[0].Address) + require.Len(t, nodes[0].Meta, 1) + require.Equal(t, "testing123", nodes[0].Meta["testMeta"]) + require.Len(t, nodes[0].TaggedAddresses, 1) + require.Equal(t, "1.2.3.4", nodes[0].TaggedAddresses["hello"]) + require.Equal(t, uint64(2), nodes[0].CreateIndex) + require.Equal(t, uint64(2), nodes[0].ModifyIndex) + + require.Equal(t, node1.ID, nodes[1].ID) + require.Equal(t, "foo", nodes[1].Node) + require.Equal(t, "dc1", nodes[1].Datacenter) + require.Equal(t, "127.0.0.3", nodes[1].Address) + require.Empty(t, nodes[1].TaggedAddresses) + require.Equal(t, uint64(1), nodes[1].CreateIndex) + require.Equal(t, uint64(23), nodes[1].ModifyIndex) + + _, fooSrv, err := fsm2.state.NodeServices(nil, "foo", nil, "") + require.NoError(t, err) + require.Len(t, fooSrv.Services, 4) + require.Contains(t, fooSrv.Services["db"].Tags, "primary") + require.True(t, stringslice.Contains(fooSrv.Services["db"].Tags, "primary")) + require.Equal(t, 5001, fooSrv.Services["db"].Port) + require.Equal(t, uint64(4), fooSrv.Services["db"].CreateIndex) + require.Equal(t, uint64(24), fooSrv.Services["db"].ModifyIndex) + connectSrv := fooSrv.Services["web"] + require.Equal(t, connectConf, connectSrv.Connect) + require.Equal(t, uint64(3), fooSrv.Services["web"].CreateIndex) + require.Equal(t, uint64(3), fooSrv.Services["web"].ModifyIndex) + + _, checks, err := fsm2.state.NodeChecks(nil, "foo", nil, "") + require.NoError(t, err) + require.Len(t, checks, 1) + require.Equal(t, "foo", checks[0].Node) + require.Equal(t, "web", checks[0].ServiceName) + require.Equal(t, uint64(7), checks[0].CreateIndex) + require.Equal(t, uint64(25), checks[0].ModifyIndex) + + // Verify virtual IPs are consistent. + psn = structs.PeeredServiceName{ServiceName: structs.NewServiceName("frontend", nil)} + vip, err = fsm2.state.VirtualIPForService(psn) + require.NoError(t, err) + require.Equal(t, vip, "240.0.0.1") + psn = structs.PeeredServiceName{ServiceName: structs.NewServiceName("backend", nil)} + vip, err = fsm2.state.VirtualIPForService(psn) + require.NoError(t, err) + require.Equal(t, vip, "240.0.0.2") + + // Verify key is set + _, d, err := fsm2.state.KVSGet(nil, "/test", nil) + require.NoError(t, err) + require.EqualValues(t, "foo", d.Value) + + // Verify session is restored + idx, s, err := fsm2.state.SessionGet(nil, session.ID, nil) + require.NoError(t, err) + require.Equal(t, "foo", s.Node) + require.EqualValues(t, 9, idx) + + // Verify ACL Binding Rule is restored + _, bindingRule2, err := fsm2.state.ACLBindingRuleGetByID(nil, bindingRule.ID, nil) + require.NoError(t, err) + require.Equal(t, bindingRule, bindingRule2) + + // Verify ACL Auth Methods are restored + _, authMethods, err := fsm2.state.ACLAuthMethodList(nil, nil) + require.NoError(t, err) + require.Len(t, authMethods, 2) + require.Equal(t, "some-method", authMethods[0].Name) + require.Equal(t, "some-method2", authMethods[1].Name) + + // Verify ACL Token is restored + _, rtoken, err := fsm2.state.ACLTokenGetByAccessor(nil, token.AccessorID, nil) + require.NoError(t, err) + require.NotNil(t, rtoken) + // the state store function will add on the Hash if its empty + require.NotEmpty(t, rtoken.Hash) + token.CreateTime = token.CreateTime.Round(0) + rtoken.CreateTime = rtoken.CreateTime.Round(0) + + // note that this can work because the state store will add the Hash to the token before + // storing. That token just happens to be a pointer to the one in this function so it + // adds the Hash to our local var. + require.Equal(t, token, rtoken) + + // Verify legacy ACL is restored + _, rtoken, err = fsm2.state.ACLTokenGetBySecret(nil, acl.ID, nil) + require.NoError(t, err) + require.NotNil(t, rtoken) + require.NotEmpty(t, rtoken.Hash) + + restoredACL, err := convertACLTokenToLegacy(rtoken) + require.NoError(t, err) + require.Equal(t, &acl, restoredACL) + + // Verify ACLToken without hash computes the Hash during restoration + _, rtoken, err = fsm2.state.ACLTokenGetByAccessor(nil, token2.AccessorID, nil) + require.NoError(t, err) + require.NotNil(t, rtoken) + require.NotEmpty(t, rtoken.Hash) + // nil the Hash so we can compare them + rtoken.Hash = nil + token2.CreateTime = token2.CreateTime.Round(0) + rtoken.CreateTime = rtoken.CreateTime.Round(0) + require.Equal(t, token2, rtoken) + + // Verify the acl-token-bootstrap index was restored + canBootstrap, index, err := fsm2.state.CanBootstrapACLToken() + require.NoError(t, err) + require.False(t, canBootstrap) + require.True(t, index > 0) + + // Verify ACL Role is restored + _, role2, err := fsm2.state.ACLRoleGetByID(nil, role.ID, nil) + require.NoError(t, err) + require.Equal(t, role, role2) + + // Verify ACL Policy is restored + _, policy2, err := fsm2.state.ACLPolicyGetByID(nil, structs.ACLPolicyGlobalManagementID, nil) + require.NoError(t, err) + require.Equal(t, policy, policy2) + + // Verify tombstones are restored + func() { + snap := fsm2.state.Snapshot() + defer snap.Close() + stones, err := snap.Tombstones() + require.NoError(t, err) + stone := stones.Next().(*state.Tombstone) + require.NotNil(t, stone) + require.Equal(t, "/remove", stone.Key) + require.Nil(t, stones.Next()) + }() + + // Verify coordinates are restored + _, coords, err := fsm2.state.Coordinates(nil, nil) + require.NoError(t, err) + require.Equal(t, updates, coords) + + // Verify queries are restored. + _, queries, err := fsm2.state.PreparedQueryList(nil) + require.NoError(t, err) + require.Len(t, queries, 1) + require.Equal(t, &query, queries[0]) + + // Verify autopilot config is restored. + _, restoredConf, err := fsm2.state.AutopilotConfig() + require.NoError(t, err) + require.Equal(t, autopilotConf, restoredConf) + + // Verify legacy intentions are restored. + _, ixns, err := fsm2.state.LegacyIntentions(nil, structs.WildcardEnterpriseMetaInDefaultPartition()) + require.NoError(t, err) + require.Len(t, ixns, 1) + require.Equal(t, ixn, ixns[0]) + + // Verify CA roots are restored. + _, roots, err = fsm2.state.CARoots(nil) + require.NoError(t, err) + require.Len(t, roots, 2) + + // Verify provider state is restored. + _, provider, err := fsm2.state.CAProviderState("asdf") + require.NoError(t, err) + require.Equal(t, "foo", provider.PrivateKey) + require.Equal(t, "bar", provider.RootCert) + + // Verify CA configuration is restored. + _, caConf, err := fsm2.state.CAConfig(nil) + require.NoError(t, err) + require.Equal(t, caConfig, caConf) + + // Verify config entries are restored + _, serviceConfEntry, err := fsm2.state.ConfigEntry(nil, structs.ServiceDefaults, "foo", structs.DefaultEnterpriseMetaInDefaultPartition()) + require.NoError(t, err) + require.Equal(t, serviceConfig, serviceConfEntry) + + _, proxyConfEntry, err := fsm2.state.ConfigEntry(nil, structs.ProxyDefaults, "global", structs.DefaultEnterpriseMetaInDefaultPartition()) + require.NoError(t, err) + require.Equal(t, proxyConfig, proxyConfEntry) + + _, ingressRestored, err := fsm2.state.ConfigEntry(nil, structs.IngressGateway, "ingress", structs.DefaultEnterpriseMetaInDefaultPartition()) + require.NoError(t, err) + require.Equal(t, ingress, ingressRestored) + + _, restoredGatewayServices, err := fsm2.state.GatewayServices(nil, "ingress", structs.DefaultEnterpriseMetaInDefaultPartition()) + require.NoError(t, err) + require.Equal(t, gatewayServices, restoredGatewayServices) + + newChunkState, err := fsm2.chunker.CurrentState() + require.NoError(t, err) + require.Equal(t, newChunkState, chunkState) + + // Verify federation states are restored. + _, fedStateLoaded1, err := fsm2.state.FederationStateGet(nil, "dc1") + require.NoError(t, err) + require.Equal(t, fedState1, fedStateLoaded1) + _, fedStateLoaded2, err := fsm2.state.FederationStateGet(nil, "dc2") + require.NoError(t, err) + require.Equal(t, fedState2, fedStateLoaded2) + + // Verify usage data is correctly updated + idx, nodeUsage, err := fsm2.state.NodeUsage() + require.NoError(t, err) + require.Equal(t, len(nodes), nodeUsage.Nodes) + require.NotZero(t, idx) + + // Verify system metadata is restored. + _, systemMetadataLoaded, err := fsm2.state.SystemMetadataList(nil) + require.NoError(t, err) + require.Len(t, systemMetadataLoaded, 2) + require.Equal(t, systemMetadataEntry, systemMetadataLoaded[1]) + + // Verify service-intentions is restored + _, serviceIxnEntry, err := fsm2.state.ConfigEntry(nil, structs.ServiceIntentions, "foo", structs.DefaultEnterpriseMetaInDefaultPartition()) + require.NoError(t, err) + require.Equal(t, serviceIxn, serviceIxnEntry) + + // Verify mesh config entry is restored + _, meshConfigEntry, err := fsm2.state.ConfigEntry(nil, structs.MeshConfig, structs.MeshConfigMesh, structs.DefaultEnterpriseMetaInDefaultPartition()) + require.NoError(t, err) + require.Equal(t, meshConfig, meshConfigEntry) + + _, restoredServiceNames, err := fsm2.state.ServiceNamesOfKind(nil, structs.ServiceKindTypical) + require.NoError(t, err) + + expect = []string{"backend", "db", "frontend", "web"} + for i, sn := range restoredServiceNames { + require.Equal(t, expect[i], sn.Service.Name) + } + + // Verify peering is restored + idx, prngRestored, err := fsm2.state.PeeringRead(nil, state.Query{ + Value: "baz", + }) + require.NoError(t, err) + require.Equal(t, uint64(31), idx) + require.NotNil(t, prngRestored) + require.Equal(t, "baz", prngRestored.Name) + + // Verify peering secrets are restored + secretsRestored, err := fsm2.state.PeeringSecretsRead(nil, "1fabcd52-1d46-49b0-b1d8-71559aee47f5") + require.NoError(t, err) + expectSecrets := &pbpeering.PeeringSecrets{ + PeerID: "1fabcd52-1d46-49b0-b1d8-71559aee47f5", + Establishment: &pbpeering.PeeringSecrets_Establishment{ + SecretID: "389bbcdf-1c31-47d6-ae96-f2a3f4c45f84", + }, + Stream: &pbpeering.PeeringSecrets_Stream{ + PendingSecretID: "0b7812d4-32d9-4e54-b1b3-4d97084982a0", + }, + } + prototest.AssertDeepEqual(t, expectSecrets, secretsRestored) + + uuids := []string{"389bbcdf-1c31-47d6-ae96-f2a3f4c45f84", "0b7812d4-32d9-4e54-b1b3-4d97084982a0"} + for _, id := range uuids { + free, err := fsm2.state.ValidateProposedPeeringSecretUUID(id) + require.NoError(t, err) + + // The UUIDs in the peering secret should be tracked as in use. + require.False(t, free) + } + + // Verify peering trust bundle is restored + idx, ptbRestored, err := fsm2.state.PeeringTrustBundleRead(nil, state.Query{ + Value: "qux", + }) + require.NoError(t, err) + require.Equal(t, uint64(32), idx) + require.NotNil(t, ptbRestored) + require.Equal(t, "qux.com", ptbRestored.TrustDomain) + require.Equal(t, "qux", ptbRestored.PeerName) + require.Len(t, ptbRestored.RootPEMs, 1) + require.Equal(t, "qux certificate bundle", ptbRestored.RootPEMs[0]) + + // Snapshot + snap, err = fsm2.Snapshot() + require.NoError(t, err) + defer snap.Release() + + // Persist + buf = bytes.NewBuffer(nil) + sink = &MockSink{buf, false} + require.NoError(t, snap.Persist(sink)) + + // Try to restore on the old FSM and make sure it abandons the old state + // store. + abandonCh := fsm.state.AbandonCh() + require.NoError(t, fsm.Restore(sink)) + select { + case <-abandonCh: + default: + require.Fail(t, "Old state not abandoned") + } +} + +// convertACLTokenToLegacy attempts to convert an ACLToken into an legacy ACL. +// TODO(ACL-Legacy-Compat): remove in phase 2, used by snapshot restore +func convertACLTokenToLegacy(tok *structs.ACLToken) (*LegacyACL, error) { + if tok.Type == "" { + return nil, fmt.Errorf("Cannot convert ACLToken into compat token") + } + + compat := &LegacyACL{ + ID: tok.SecretID, + Name: tok.Description, + Type: tok.Type, + Rules: tok.Rules, + RaftIndex: tok.RaftIndex, + } + return compat, nil +} + +func TestFSM_BadRestore_OSS(t *testing.T) { + t.Parallel() + // Create an FSM with some state. + logger := testutil.Logger(t) + fsm, err := New(nil, logger) + require.NoError(t, err) + fsm.state.EnsureNode(1, &structs.Node{Node: "foo", Address: "127.0.0.1"}) + abandonCh := fsm.state.AbandonCh() + + // Do a bad restore. + buf := bytes.NewBuffer([]byte("bad snapshot")) + sink := &MockSink{buf, false} + require.Error(t, fsm.Restore(sink)) + + // Verify the contents didn't get corrupted. + _, nodes, err := fsm.state.Nodes(nil, nil, "") + require.NoError(t, err) + require.Len(t, nodes, 1) + require.Equal(t, "foo", nodes[0].Node) + require.Equal(t, "127.0.0.1", nodes[0].Address) + require.Empty(t, nodes[0].TaggedAddresses) + + // Verify the old state store didn't get abandoned. + select { + case <-abandonCh: + require.FailNow(t, "FSM state was abandoned when it should not have been") + default: + } +} + +func TestFSM_BadSnapshot_NilCAConfig(t *testing.T) { + t.Parallel() + + // Create an FSM with no config entry. + logger := testutil.Logger(t) + fsm, err := New(nil, logger) + require.NoError(t, err) + + // Snapshot + snap, err := fsm.Snapshot() + require.NoError(t, err) + defer snap.Release() + + // Persist + buf := bytes.NewBuffer(nil) + sink := &MockSink{buf, false} + require.NoError(t, snap.Persist(sink)) + + // Try to restore on a new FSM + fsm2, err := New(nil, logger) + require.NoError(t, err) + + // Do a restore + require.NoError(t, fsm2.Restore(sink)) + + // Make sure there's no entry in the CA config table. + state := fsm2.State() + idx, config, err := state.CAConfig(nil) + require.NoError(t, err) + require.EqualValues(t, 0, idx) + require.Nil(t, config) +} + +// This test asserts that ServiceVirtualIP, which made a breaking change +// in 1.13.0, can still restore from older snapshots which use the old +// state.ServiceVirtualIP type. +func Test_restoreServiceVirtualIP(t *testing.T) { + psn := structs.PeeredServiceName{ + ServiceName: structs.ServiceName{ + Name: "foo", + }, + } + + run := func(t *testing.T, input interface{}) { + t.Helper() + + var b []byte + buf := bytes.NewBuffer(b) + // Encode input + encoder := codec.NewEncoder(buf, structs.MsgpackHandle) + require.NoError(t, encoder.Encode(input)) + + // Create a decoder + dec := codec.NewDecoder(buf, structs.MsgpackHandle) + + logger := testutil.Logger(t) + fsm, err := New(nil, logger) + require.NoError(t, err) + + restore := fsm.State().Restore() + + // Call restore + require.NoError(t, restoreServiceVirtualIP(nil, restore, dec)) + require.NoError(t, restore.Commit()) + + ip, err := fsm.State().VirtualIPForService(psn) + require.NoError(t, err) + + // 240->224 due to addIPOffset + require.Equal(t, "224.0.0.2", ip) + } + + t.Run("new ServiceVirtualIP with PeeredServiceName", func(t *testing.T) { + run(t, state.ServiceVirtualIP{ + Service: psn, + IP: net.ParseIP("240.0.0.2"), + RaftIndex: structs.RaftIndex{}, + }) + }) + t.Run("pre-1.13.0 ServiceVirtualIP with ServiceName", func(t *testing.T) { + type compatServiceVirtualIP struct { + Service structs.ServiceName + IP net.IP + RaftIndex structs.RaftIndex + } + + run(t, compatServiceVirtualIP{ + Service: structs.ServiceName{ + Name: "foo", + }, + IP: net.ParseIP("240.0.0.2"), + RaftIndex: structs.RaftIndex{}, + }) + }) +} diff --git a/agent/consul/helper_test.go b/agent/consul/helper_test.go index 0f89856d74aa0..d21bb5d64b7e0 100644 --- a/agent/consul/helper_test.go +++ b/agent/consul/helper_test.go @@ -127,7 +127,7 @@ type clientOrServer interface { // joinLAN is a convenience function for // -// member.JoinLAN("127.0.0.1:"+leader.config.SerfLANConfig.MemberlistConfig.BindPort) +// member.JoinLAN("127.0.0.1:"+leader.config.SerfLANConfig.MemberlistConfig.BindPort) func joinLAN(t *testing.T, member clientOrServer, leader *Server) { t.Helper() joinLANWithOptions(t, member, leader, true) @@ -184,7 +184,7 @@ func joinLANWithOptions(t *testing.T, member clientOrServer, leader *Server, doM // joinWAN is a convenience function for // -// member.JoinWAN("127.0.0.1:"+leader.config.SerfWANConfig.MemberlistConfig.BindPort) +// member.JoinWAN("127.0.0.1:"+leader.config.SerfWANConfig.MemberlistConfig.BindPort) func joinWAN(t *testing.T, member, leader *Server) { t.Helper() joinWANWithOptions(t, member, leader, true) diff --git a/agent/consul/leader_peering.go b/agent/consul/leader_peering.go index bfa24c6ce1f92..c2e8a40a44b30 100644 --- a/agent/consul/leader_peering.go +++ b/agent/consul/leader_peering.go @@ -90,14 +90,14 @@ func (s *Server) runPeeringMetrics(ctx context.Context) error { metrics.SetGauge(leaderExportedServicesCountKey, float32(0)) return nil case <-ticker.C: - if err := s.emitPeeringMetricsOnce(logger, defaultMetrics()); err != nil { + if err := s.emitPeeringMetricsOnce(defaultMetrics()); err != nil { s.logger.Error("error emitting peering stream metrics", "error", err) } } } } -func (s *Server) emitPeeringMetricsOnce(logger hclog.Logger, metricsImpl *metrics.Metrics) error { +func (s *Server) emitPeeringMetricsOnce(metricsImpl *metrics.Metrics) error { _, peers, err := s.fsm.State().PeeringList(nil, *structs.NodeEnterpriseMetaInPartition(structs.WildcardSpecifier)) if err != nil { return err diff --git a/agent/consul/leader_peering_test.go b/agent/consul/leader_peering_test.go index fca4bfeaaed09..fd01737b802c1 100644 --- a/agent/consul/leader_peering_test.go +++ b/agent/consul/leader_peering_test.go @@ -274,6 +274,7 @@ func TestLeader_PeeringSync_Lifecycle_UnexportWhileDown(t *testing.T) { insertNode := func(i int) { req := structs.RegisterRequest{ Datacenter: "dc1", + ID: types.NodeID(generateUUID()), Node: fmt.Sprintf("node%d", i+1), Address: fmt.Sprintf("127.0.0.%d", i+1), NodeMeta: map[string]string{ @@ -1413,7 +1414,7 @@ func TestLeader_PeeringMetrics_emitPeeringMetrics(t *testing.T) { met, err := metrics.New(cfg, sink) require.NoError(t, err) - errM := s2.emitPeeringMetricsOnce(s2.logger, met) + errM := s2.emitPeeringMetricsOnce(met) require.NoError(t, errM) retry.Run(t, func(r *retry.R) { diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go index d9daeaea1507a..ba3c387ad53fe 100644 --- a/agent/consul/peering_backend.go +++ b/agent/consul/peering_backend.go @@ -205,23 +205,33 @@ func meshGatewayAdresses(state *state.Store, ws memdb.WatchSet, wan bool) ([]str return addrs, nil } +func parseNodeAddr(node *structs.ServiceNode) string { + // Prefer the wan address + if v, ok := node.TaggedAddresses[structs.TaggedAddressWAN]; ok { + return v + } + return node.Address +} + func serverAddresses(state *state.Store) ([]string, error) { - _, nodes, err := state.ServiceNodes(nil, "consul", structs.DefaultEnterpriseMetaInDefaultPartition(), structs.DefaultPeerKeyword) + _, nodes, err := state.ServiceNodes(nil, structs.ConsulServiceName, structs.DefaultEnterpriseMetaInDefaultPartition(), structs.DefaultPeerKeyword) if err != nil { return nil, err } var addrs []string for _, node := range nodes { + addr := parseNodeAddr(node) + // Prefer the TLS port if it is defined. grpcPortStr := node.ServiceMeta["grpc_tls_port"] if v, err := strconv.Atoi(grpcPortStr); err == nil && v > 0 { - addrs = append(addrs, node.Address+":"+grpcPortStr) + addrs = append(addrs, addr+":"+grpcPortStr) continue } // Fallback to the standard port if TLS is not defined. grpcPortStr = node.ServiceMeta["grpc_port"] if v, err := strconv.Atoi(grpcPortStr); err == nil && v > 0 { - addrs = append(addrs, node.Address+":"+grpcPortStr) + addrs = append(addrs, addr+":"+grpcPortStr) continue } // Skip node if neither defined. diff --git a/agent/consul/peering_backend_test.go b/agent/consul/peering_backend_test.go index a962bdefc0923..e8218bc431766 100644 --- a/agent/consul/peering_backend_test.go +++ b/agent/consul/peering_backend_test.go @@ -9,6 +9,7 @@ import ( gogrpc "google.golang.org/grpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/pool" @@ -99,6 +100,28 @@ func TestPeeringBackend_GetLocalServerAddresses(t *testing.T) { require.Equal(t, []string{expect}, addrs) }) + testutil.RunStep(t, "prefer WAN address for servers", func(t *testing.T) { + req := structs.RegisterRequest{ + Datacenter: cfg.Datacenter, + Node: cfg.NodeName, + ID: cfg.NodeID, + Address: "127.0.0.1", + EnterpriseMeta: *acl.DefaultEnterpriseMeta(), + + // Add a tagged WAN address to the server registration + TaggedAddresses: map[string]string{ + structs.TaggedAddressWAN: "3.4.5.6", + }, + } + require.NoError(t, srv.fsm.State().EnsureRegistration(200, &req)) + + addrs, err := backend.GetLocalServerAddresses() + require.NoError(t, err) + + expect := fmt.Sprintf("3.4.5.6:%d", srv.config.GRPCTLSPort) + require.Equal(t, []string{expect}, addrs) + }) + testutil.RunStep(t, "existence of mesh config entry is not enough to peer through gateways", func(t *testing.T) { mesh := structs.MeshConfigEntry{ // Enable unrelated config. @@ -112,7 +135,7 @@ func TestPeeringBackend_GetLocalServerAddresses(t *testing.T) { require.NoError(t, err) // Still expect server address because PeerThroughMeshGateways was not enabled. - expect := fmt.Sprintf("127.0.0.1:%d", srv.config.GRPCTLSPort) + expect := fmt.Sprintf("3.4.5.6:%d", srv.config.GRPCTLSPort) require.Equal(t, []string{expect}, addrs) }) diff --git a/agent/consul/rpc.go b/agent/consul/rpc.go index d6fa9fae49250..7e95e8ae9d641 100644 --- a/agent/consul/rpc.go +++ b/agent/consul/rpc.go @@ -14,9 +14,9 @@ import ( "github.com/armon/go-metrics" "github.com/armon/go-metrics/prometheus" - connlimit "github.com/hashicorp/go-connlimit" + "github.com/hashicorp/go-connlimit" "github.com/hashicorp/go-hclog" - memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/go-memdb" "github.com/hashicorp/go-raftchunking" "github.com/hashicorp/memberlist" "github.com/hashicorp/raft" @@ -992,19 +992,19 @@ type blockingQueryResponseMeta interface { // // The query function must follow these rules: // -// 1. to access data it must use the passed in state.Store. -// 2. it must set the responseMeta.Index to an index greater than -// opts.GetMinQueryIndex if the results return by the query have changed. -// 3. any channels added to the memdb.WatchSet must unblock when the results -// returned by the query have changed. +// 1. to access data it must use the passed in state.Store. +// 2. it must set the responseMeta.Index to an index greater than +// opts.GetMinQueryIndex if the results return by the query have changed. +// 3. any channels added to the memdb.WatchSet must unblock when the results +// returned by the query have changed. // // To ensure optimal performance of the query, the query function should make a // best-effort attempt to follow these guidelines: // -// 1. only set responseMeta.Index to an index greater than -// opts.GetMinQueryIndex when the results returned by the query have changed. -// 2. any channels added to the memdb.WatchSet should only unblock when the -// results returned by the query have changed. +// 1. only set responseMeta.Index to an index greater than +// opts.GetMinQueryIndex when the results returned by the query have changed. +// 2. any channels added to the memdb.WatchSet should only unblock when the +// results returned by the query have changed. func (s *Server) blockingQuery( opts blockingQueryOptions, responseMeta blockingQueryResponseMeta, @@ -1142,7 +1142,7 @@ func (s *Server) consistentRead() error { defer metrics.MeasureSince([]string{"rpc", "consistentRead"}, time.Now()) future := s.raft.VerifyLeader() if err := future.Error(); err != nil { - return err //fail fast if leader verification fails + return err // fail fast if leader verification fails } // poll consistent read readiness, wait for up to RPCHoldTimeout milliseconds if s.isReadyForConsistentReads() { @@ -1197,16 +1197,16 @@ func (s *Server) rpcQueryTimeout(queryTimeout time.Duration) time.Duration { // // Notes: // -// * The definition of "unauthenticated" here is incomplete, as it doesn't -// account for the fact that operators can modify the anonymous token with -// custom policies, or set namespace default policies. As these scenarios -// are less common and this flag is a best-effort UX improvement, we think -// the trade-off for reduced complexity is acceptable. +// - The definition of "unauthenticated" here is incomplete, as it doesn't +// account for the fact that operators can modify the anonymous token with +// custom policies, or set namespace default policies. As these scenarios +// are less common and this flag is a best-effort UX improvement, we think +// the trade-off for reduced complexity is acceptable. // -// * This method assumes that the given token has already been validated (and -// will only check whether it is blank or not). It's a safe assumption because -// ResultsFilteredByACLs is only set to try when applying the already-resolved -// token's policies. +// - This method assumes that the given token has already been validated (and +// will only check whether it is blank or not). It's a safe assumption because +// ResultsFilteredByACLs is only set to try when applying the already-resolved +// token's policies. func maskResultsFilteredByACLs(token string, meta blockingQueryResponseMeta) { if token == "" { meta.SetResultsFilteredByACLs(false) diff --git a/agent/consul/rtt_test.go b/agent/consul/rtt_test.go index d9a0fe1133054..9a488a372495a 100644 --- a/agent/consul/rtt_test.go +++ b/agent/consul/rtt_test.go @@ -73,10 +73,9 @@ func verifyCheckServiceNodeSort(t *testing.T, nodes structs.CheckServiceNodes, e // // Here's the layout of the nodes: // -// node3 node2 node5 node4 node1 -// | | | | | | | | | | | -// 0 1 2 3 4 5 6 7 8 9 10 (ms) -// +// node3 node2 node5 node4 node1 +// | | | | | | | | | | | +// 0 1 2 3 4 5 6 7 8 9 10 (ms) func seedCoordinates(t *testing.T, codec rpc.ClientCodec, server *Server) { // Register some nodes. for i := 0; i < 5; i++ { diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index 7dad6e36fd415..4d645013680a3 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -1267,8 +1267,8 @@ func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, // The service_last_extinction is set to the last raft index when a service // was unregistered (or 0 if no services were ever unregistered). This // allows blocking queries to -// * return when the last instance of a service is removed -// * block until an instance for this service is available, or another +// - return when the last instance of a service is removed +// - block until an instance for this service is available, or another // service is unregistered. func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *acl.EnterpriseMeta, peerName string) uint64 { idx, _ := maxIndexAndWatchChForService(tx, serviceName, serviceExists, checks, entMeta, peerName) @@ -1280,8 +1280,8 @@ func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bo // index. The service_last_extinction is set to the last raft index when a // service was unregistered (or 0 if no services were ever unregistered). This // allows blocking queries to -// * return when the last instance of a service is removed -// * block until an instance for this service is available, or another +// - return when the last instance of a service is removed +// - block until an instance for this service is available, or another // service is unregistered. // // It also _may_ return a watch chan to add to a WatchSet. It will only return diff --git a/agent/consul/state/catalog_oss.go b/agent/consul/state/catalog_oss.go index b7632f295bf25..fccbf6984ef09 100644 --- a/agent/consul/state/catalog_oss.go +++ b/agent/consul/state/catalog_oss.go @@ -54,8 +54,8 @@ func catalogUpdateNodeIndexes(tx WriteTxn, idx uint64, nodeName string, _ *acl.E // catalogUpdateServicesIndexes upserts the max index for the entire services table with varying levels // of granularity (no-op if `idx` is lower than what exists for that index key): -// - all services -// - all services in a specified peer (including internal) +// - all services +// - all services in a specified peer (including internal) func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta, peerName string) error { // overall services index for snapshot if err := indexUpdateMaxTxn(tx, idx, tableServices); err != nil { @@ -72,8 +72,8 @@ func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta // catalogUpdateServiceKindIndexes upserts the max index for the ServiceKind with varying levels // of granularity (no-op if `idx` is lower than what exists for that index key): -// - all services of ServiceKind -// - all services of ServiceKind in a specified peer (including internal) +// - all services of ServiceKind +// - all services of ServiceKind in a specified peer (including internal) func catalogUpdateServiceKindIndexes(tx WriteTxn, idx uint64, kind structs.ServiceKind, _ *acl.EnterpriseMeta, peerName string) error { base := "service_kind." + kind.Normalized() // service-kind index diff --git a/agent/consul/state/catalog_oss_test.go b/agent/consul/state/catalog_oss_test.go index 0fa9129730cda..e0b8dd74fcb73 100644 --- a/agent/consul/state/catalog_oss_test.go +++ b/agent/consul/state/catalog_oss_test.go @@ -5,6 +5,7 @@ package state import ( "net" + "strconv" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" @@ -226,7 +227,11 @@ func testIndexerTableGatewayServices() map[string]indexerTestCase { Service: structs.ServiceName{Name: "SerVice"}, Port: 50123, } - encodedPort := string([]byte{0x96, 0x8f, 0x06, 0, 0, 0, 0, 0, 0, 0}) + encodedPort := string([]byte{0x80, 0, 0, 0, 0, 0, 0xc3, 0xcb}) + // On 32-bit systems the int encoding will be different + if strconv.IntSize == 32 { + encodedPort = string([]byte{0x80, 0, 0xc3, 0xcb}) + } return map[string]indexerTestCase{ indexID: { read: indexValue{ diff --git a/agent/consul/state/catalog_schema.go b/agent/consul/state/catalog_schema.go index 5d0fe438cd0d9..cad35bf4368b5 100644 --- a/agent/consul/state/catalog_schema.go +++ b/agent/consul/state/catalog_schema.go @@ -418,7 +418,7 @@ func indexServiceNameFromHealthCheck(hc *structs.HealthCheck) ([]byte, error) { return b.Bytes(), nil } -// gatewayServicesTableSchema returns a new table schema used to store information +// gatewayServicesTableSchema returns a new table schema used to store information // about services associated with terminating gateways. func gatewayServicesTableSchema() *memdb.TableSchema { return &memdb.TableSchema{ diff --git a/agent/consul/state/config_entry_events.go b/agent/consul/state/config_entry_events.go index 2792ff6d82626..5fc71f0275c94 100644 --- a/agent/consul/state/config_entry_events.go +++ b/agent/consul/state/config_entry_events.go @@ -16,6 +16,7 @@ var configEntryKindToTopic = map[string]stream.Topic{ structs.ServiceResolver: EventTopicServiceResolver, structs.IngressGateway: EventTopicIngressGateway, structs.ServiceIntentions: EventTopicServiceIntentions, + structs.ServiceDefaults: EventTopicServiceDefaults, } // EventSubjectConfigEntry is a stream.Subject used to route and receive events @@ -110,6 +111,12 @@ func (s *Store) ServiceIntentionsSnapshot(req stream.SubscribeRequest, buf strea return s.configEntrySnapshot(structs.ServiceIntentions, req, buf) } +// ServiceDefaultsSnapshot is a stream.SnapshotFunc that returns a snapshot of +// service-defaults config entries. +func (s *Store) ServiceDefaultsSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { + return s.configEntrySnapshot(structs.ServiceDefaults, req, buf) +} + func (s *Store) configEntrySnapshot(kind string, req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error) { var ( idx uint64 diff --git a/agent/consul/state/config_entry_events_test.go b/agent/consul/state/config_entry_events_test.go index c00450401006f..2e50b677bda28 100644 --- a/agent/consul/state/config_entry_events_test.go +++ b/agent/consul/state/config_entry_events_test.go @@ -178,6 +178,47 @@ func TestConfigEntryEventsFromChanges(t *testing.T) { }, }, }, + "upsert service defaults": { + mutate: func(tx *txn) error { + return ensureConfigEntryTxn(tx, 0, &structs.ServiceConfigEntry{ + Name: "web", + }) + }, + events: []stream.Event{ + { + Topic: EventTopicServiceDefaults, + Index: changeIndex, + Payload: EventPayloadConfigEntry{ + Op: pbsubscribe.ConfigEntryUpdate_Upsert, + Value: &structs.ServiceConfigEntry{ + Name: "web", + }, + }, + }, + }, + }, + "delete service defaults": { + setup: func(tx *txn) error { + return ensureConfigEntryTxn(tx, 0, &structs.ServiceConfigEntry{ + Name: "web", + }) + }, + mutate: func(tx *txn) error { + return deleteConfigEntryTxn(tx, 0, structs.ServiceDefaults, "web", nil) + }, + events: []stream.Event{ + { + Topic: EventTopicServiceDefaults, + Index: changeIndex, + Payload: EventPayloadConfigEntry{ + Op: pbsubscribe.ConfigEntryUpdate_Delete, + Value: &structs.ServiceConfigEntry{ + Name: "web", + }, + }, + }, + }, + }, } for desc, tc := range testCases { t.Run(desc, func(t *testing.T) { @@ -376,11 +417,11 @@ func TestServiceIntentionsSnapshot(t *testing.T) { ixn1 := &structs.ServiceIntentionsConfigEntry{ Kind: structs.ServiceIntentions, - Name: "gw1", + Name: "svc1", } ixn2 := &structs.ServiceIntentionsConfigEntry{ Kind: structs.ServiceIntentions, - Name: "gw2", + Name: "svc2", } store := testStateStore(t) @@ -438,3 +479,71 @@ func TestServiceIntentionsSnapshot(t *testing.T) { }) } } + +func TestServiceDefaultsSnapshot(t *testing.T) { + const index uint64 = 123 + + ixn1 := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "svc1", + } + ixn2 := &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "svc2", + } + + store := testStateStore(t) + require.NoError(t, store.EnsureConfigEntry(index, ixn1)) + require.NoError(t, store.EnsureConfigEntry(index, ixn2)) + + testCases := map[string]struct { + subject stream.Subject + events []stream.Event + }{ + "named entry": { + subject: EventSubjectConfigEntry{Name: ixn1.Name}, + events: []stream.Event{ + { + Topic: EventTopicServiceDefaults, + Index: index, + Payload: EventPayloadConfigEntry{ + Op: pbsubscribe.ConfigEntryUpdate_Upsert, + Value: ixn1, + }, + }, + }, + }, + "wildcard": { + subject: stream.SubjectWildcard, + events: []stream.Event{ + { + Topic: EventTopicServiceDefaults, + Index: index, + Payload: EventPayloadConfigEntry{ + Op: pbsubscribe.ConfigEntryUpdate_Upsert, + Value: ixn1, + }, + }, + { + Topic: EventTopicServiceDefaults, + Index: index, + Payload: EventPayloadConfigEntry{ + Op: pbsubscribe.ConfigEntryUpdate_Upsert, + Value: ixn2, + }, + }, + }, + }, + } + for desc, tc := range testCases { + t.Run(desc, func(t *testing.T) { + buf := &snapshotAppender{} + + idx, err := store.ServiceDefaultsSnapshot(stream.SubscribeRequest{Subject: tc.subject}, buf) + require.NoError(t, err) + require.Equal(t, index, idx) + require.Len(t, buf.events, 1) + require.ElementsMatch(t, tc.events, buf.events[0]) + }) + } +} diff --git a/agent/consul/state/config_entry_oss.go b/agent/consul/state/config_entry_oss.go index 56fff98e8704a..ac4d1d6cb05c3 100644 --- a/agent/consul/state/config_entry_oss.go +++ b/agent/consul/state/config_entry_oss.go @@ -7,7 +7,7 @@ import ( "fmt" "strings" - memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/go-memdb" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/configentry" @@ -65,6 +65,7 @@ func configIntentionsConvertToList(iter memdb.ResultIterator, _ *acl.EnterpriseM // found in a list of exported-services config entries. For OSS, namespace is not considered, so a match is one of: // - the service name matches // - the service name is a wildcard +// // This value can be used to filter exported-services config entries for a given service name. func getExportedServicesMatchServiceNames(serviceName string, entMeta *acl.EnterpriseMeta) []structs.ServiceName { return []structs.ServiceName{ diff --git a/agent/consul/state/config_entry_test.go b/agent/consul/state/config_entry_test.go index e32b1853435e6..5253a20278e11 100644 --- a/agent/consul/state/config_entry_test.go +++ b/agent/consul/state/config_entry_test.go @@ -910,7 +910,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) { if err := entry.Validate(); err != nil { return err } - return s.EnsureConfigEntry(0, entry) + return s.EnsureConfigEntry(idx, entry) } type tcase struct { diff --git a/agent/consul/state/events.go b/agent/consul/state/events.go index 2e74c44c946fd..93a4558f271dc 100644 --- a/agent/consul/state/events.go +++ b/agent/consul/state/events.go @@ -38,7 +38,7 @@ func PBToStreamSubscribeRequest(req *pbsubscribe.SubscribeRequest, entMeta acl.E EnterpriseMeta: entMeta, PeerName: named.PeerName, } - case EventTopicMeshConfig, EventTopicServiceResolver, EventTopicIngressGateway, EventTopicServiceIntentions: + case EventTopicMeshConfig, EventTopicServiceResolver, EventTopicIngressGateway, EventTopicServiceIntentions, EventTopicServiceDefaults: subject = EventSubjectConfigEntry{ Name: named.Key, EnterpriseMeta: &entMeta, diff --git a/agent/consul/state/memdb.go b/agent/consul/state/memdb.go index 7516229770131..395325ee61f31 100644 --- a/agent/consul/state/memdb.go +++ b/agent/consul/state/memdb.go @@ -184,6 +184,7 @@ var ( EventTopicServiceResolver = pbsubscribe.Topic_ServiceResolver EventTopicIngressGateway = pbsubscribe.Topic_IngressGateway EventTopicServiceIntentions = pbsubscribe.Topic_ServiceIntentions + EventTopicServiceDefaults = pbsubscribe.Topic_ServiceDefaults EventTopicServiceList = pbsubscribe.Topic_ServiceList ) diff --git a/agent/consul/state/peering.go b/agent/consul/state/peering.go index be2aa1c73a480..b84c7acbd467f 100644 --- a/agent/consul/state/peering.go +++ b/agent/consul/state/peering.go @@ -946,6 +946,7 @@ func listAllExportedServices( return idx, found, nil } +//nolint:unparam func listServicesExportedToAnyPeerByConfigEntry( ws memdb.WatchSet, tx ReadTxn, diff --git a/agent/consul/state/tombstone_gc.go b/agent/consul/state/tombstone_gc.go index 3b141c2bdfc13..c20fd34004d29 100644 --- a/agent/consul/state/tombstone_gc.go +++ b/agent/consul/state/tombstone_gc.go @@ -16,7 +16,6 @@ import ( // data is deleted from the KV store, the "latest" row can go backwards if the // newest row is removed. The tombstones provide a way to ensure time doesn't // move backwards within some interval. -// type TombstoneGC struct { // ttl sets the TTL for tombstones. ttl time.Duration diff --git a/agent/consul/watch/server_local.go b/agent/consul/watch/server_local.go index 4ad23ee386408..e9a45c82ce32d 100644 --- a/agent/consul/watch/server_local.go +++ b/agent/consul/watch/server_local.go @@ -54,33 +54,33 @@ func noopDone() {} // ServerLocalBlockingQuery performs a blocking query similar to the pre-existing blockingQuery // method on the agent/consul.Server type. There are a few key differences. // -// 1. This function makes use of Go 1.18 generics. The function is parameterized with two -// types. The first is the ResultType which can be anything. Having this be parameterized -// instead of using interface{} allows us to simplify the call sites so that no type -// coercion from interface{} to the real type is necessary. The second parameterized type -// is something that VERY loosely resembles a agent/consul/state.Store type. The StateStore -// interface in this package has a single method to get the stores abandon channel so we -// know when a snapshot restore is occurring and can act accordingly. We could have not -// parameterized this type and used a real *state.Store instead but then we would have -// concrete dependencies on the state package and it would make it a little harder to -// test this function. +// 1. This function makes use of Go 1.18 generics. The function is parameterized with two +// types. The first is the ResultType which can be anything. Having this be parameterized +// instead of using interface{} allows us to simplify the call sites so that no type +// coercion from interface{} to the real type is necessary. The second parameterized type +// is something that VERY loosely resembles a agent/consul/state.Store type. The StateStore +// interface in this package has a single method to get the stores abandon channel so we +// know when a snapshot restore is occurring and can act accordingly. We could have not +// parameterized this type and used a real *state.Store instead but then we would have +// concrete dependencies on the state package and it would make it a little harder to +// test this function. // -// We could have also avoided the need to use a ResultType parameter by taking the route -// the original blockingQuery method did and to just assume all callers close around -// a pointer to their results and can modify it as necessary. That way of doing things -// feels a little gross so I have taken this one a different direction. The old way -// also gets especially gross with how we have to push concerns of spurious wakeup -// suppression down into every call site. +// We could have also avoided the need to use a ResultType parameter by taking the route +// the original blockingQuery method did and to just assume all callers close around +// a pointer to their results and can modify it as necessary. That way of doing things +// feels a little gross so I have taken this one a different direction. The old way +// also gets especially gross with how we have to push concerns of spurious wakeup +// suppression down into every call site. // -// 2. This method has no internal timeout and can potentially run forever until a state -// change is observed. If there is a desire to have a timeout, that should be built into -// the context.Context passed as the first argument. +// 2. This method has no internal timeout and can potentially run forever until a state +// change is observed. If there is a desire to have a timeout, that should be built into +// the context.Context passed as the first argument. // -// 3. This method bakes in some newer functionality around hashing of results to prevent sending -// back data when nothing has actually changed. With the old blockingQuery method this has to -// be done within the closure passed to the method which means the same bit of code is duplicated -// in many places. As this functionality isn't necessary in many scenarios whether to opt-in to -// that behavior is a argument to this function. +// 3. This method bakes in some newer functionality around hashing of results to prevent sending +// back data when nothing has actually changed. With the old blockingQuery method this has to +// be done within the closure passed to the method which means the same bit of code is duplicated +// in many places. As this functionality isn't necessary in many scenarios whether to opt-in to +// that behavior is a argument to this function. // // Similar to the older method: // @@ -88,21 +88,20 @@ func noopDone() {} // // The query function must follow these rules: // -// 1. To access data it must use the passed in StoreType (which will be a state.Store when -// everything gets stiched together outside of unit tests). -// 2. It must return an index greater than the minIndex if the results returned by the query -// have changed. -// 3. Any channels added to the memdb.WatchSet must unblock when the results -// returned by the query have changed. +// 1. To access data it must use the passed in StoreType (which will be a state.Store when +// everything gets stiched together outside of unit tests). +// 2. It must return an index greater than the minIndex if the results returned by the query +// have changed. +// 3. Any channels added to the memdb.WatchSet must unblock when the results +// returned by the query have changed. // // To ensure optimal performance of the query, the query function should make a // best-effort attempt to follow these guidelines: // -// 1. Only return an index greater than the minIndex. -// 2. Any channels added to the memdb.WatchSet should only unblock when the -// results returned by the query have changed. This might be difficult -// to do when blocking on non-existent data. -// +// 1. Only return an index greater than the minIndex. +// 2. Any channels added to the memdb.WatchSet should only unblock when the +// results returned by the query have changed. This might be difficult +// to do when blocking on non-existent data. func ServerLocalBlockingQuery[ResultType any, StoreType StateStore]( ctx context.Context, getStore func() StoreType, diff --git a/agent/consul/xdscapacity/capacity.go b/agent/consul/xdscapacity/capacity.go index f1974b96418e9..686ac0c484955 100644 --- a/agent/consul/xdscapacity/capacity.go +++ b/agent/consul/xdscapacity/capacity.go @@ -7,12 +7,13 @@ import ( "github.com/armon/go-metrics" "github.com/armon/go-metrics/prometheus" - "github.com/hashicorp/consul/agent/consul/state" - "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/lib/retry" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" "golang.org/x/time/rate" + + "github.com/hashicorp/consul/agent/consul/state" + "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/lib/retry" ) var StatsGauges = []prometheus.GaugeDefinition{ @@ -132,7 +133,6 @@ func (c *Controller) updateDrainRateLimit(numProxies uint32) { // 0-512 proxies: drain 1 per second // 513-2815 proxies: linearly scaled by 1/s for every additional 256 proxies // 2816+ proxies: drain 10 per second -// func calcRateLimit(numProxies uint32) rate.Limit { perSecond := math.Floor((float64(numProxies) - 256) / 256) diff --git a/agent/grpc-external/limiter/limiter.go b/agent/grpc-external/limiter/limiter.go index 26e013b161f84..115ce0623bdcc 100644 --- a/agent/grpc-external/limiter/limiter.go +++ b/agent/grpc-external/limiter/limiter.go @@ -28,9 +28,9 @@ var ErrCapacityReached = errors.New("active session limit reached") // // It is the session-holder's responsibility to: // -// 1. Call End on the session when finished. -// 2. Receive on the session's Terminated channel and exit (e.g. close the gRPC -// stream) when it is closed. +// 1. Call End on the session when finished. +// 2. Receive on the session's Terminated channel and exit (e.g. close the gRPC +// stream) when it is closed. // // The maximum number of concurrent sessions is controlled with SetMaxSessions. // If there are more than the given maximum sessions already in-flight, @@ -114,9 +114,9 @@ func (l *SessionLimiter) SetDrainRateLimit(limit rate.Limit) { // // It is the session-holder's responsibility to: // -// 1. Call End on the session when finished. -// 2. Receive on the session's Terminated channel and exit (e.g. close the gRPC -// stream) when it is closed. +// 1. Call End on the session when finished. +// 2. Receive on the session's Terminated channel and exit (e.g. close the gRPC +// stream) when it is closed. func (l *SessionLimiter) BeginSession() (Session, error) { if !l.hasCapacity() { return nil, ErrCapacityReached @@ -129,8 +129,8 @@ func (l *SessionLimiter) BeginSession() (Session, error) { // Note: hasCapacity is *best effort*. As we do not hold l.mu it's possible that: // -// - max has changed by the time we compare it to inFlight. -// - inFlight < max now, but increases before we create a new session. +// - max has changed by the time we compare it to inFlight. +// - inFlight < max now, but increases before we create a new session. // // This is acceptable for our uses, especially because excess sessions will // eventually be drained. @@ -146,8 +146,8 @@ func (l *SessionLimiter) hasCapacity() bool { // Note: overCapacity is *best effort*. As we do not hold l.mu it's possible that: // -// - max has changed by the time we compare it to inFlight. -// - inFlight > max now, but decreases before we terminate a session. +// - max has changed by the time we compare it to inFlight. +// - inFlight > max now, but decreases before we terminate a session. func (l *SessionLimiter) overCapacity() bool { max := atomic.LoadUint32(&l.max) if max == Unlimited { diff --git a/agent/grpc-external/services/peerstream/replication.go b/agent/grpc-external/services/peerstream/replication.go index 74b3278f217ef..c43262b053166 100644 --- a/agent/grpc-external/services/peerstream/replication.go +++ b/agent/grpc-external/services/peerstream/replication.go @@ -63,10 +63,7 @@ func makeExportedServiceListResponse( // makeServiceResponse handles preparing exported service instance updates to the peer cluster. // Each cache.UpdateEvent will contain all instances for a service name. // If there are no instances in the event, we consider that to be a de-registration. -func makeServiceResponse( - mst *MutableStatus, - update cache.UpdateEvent, -) (*pbpeerstream.ReplicationMessage_Response, error) { +func makeServiceResponse(update cache.UpdateEvent) (*pbpeerstream.ReplicationMessage_Response, error) { serviceName := strings.TrimPrefix(update.CorrelationID, subExportedService) csn, ok := update.Result.(*pbservice.IndexedCheckServiceNodes) if !ok { @@ -334,34 +331,64 @@ func (s *Server) handleUpdateService( // Normalize the data into a convenient form for operation. snap := newHealthSnapshot(structsNodes, partition, peerName) + storedNodesMap, storedSvcInstMap, storedChecksMap := buildStoredMap(storedInstances) for _, nodeSnap := range snap.Nodes { - // First register the node + // First register the node - skip the unchanged ones + changed := true + if storedNode, ok := storedNodesMap[nodeSnap.Node.ID]; ok { + if storedNode.IsSame(nodeSnap.Node) { + changed = false + } + } + req := nodeSnap.Node.ToRegisterRequest() - if err := s.Backend.CatalogRegister(&req); err != nil { - return fmt.Errorf("failed to register node: %w", err) + if changed { + if err := s.Backend.CatalogRegister(&req); err != nil { + return fmt.Errorf("failed to register node: %w", err) + } } - // Then register all services on that node + // Then register all services on that node - skip the unchanged ones for _, svcSnap := range nodeSnap.Services { - req.Service = svcSnap.Service - if err := s.Backend.CatalogRegister(&req); err != nil { - return fmt.Errorf("failed to register service: %w", err) + changed = true + if storedSvcInst, ok := storedSvcInstMap[makeNodeSvcInstID(nodeSnap.Node.ID, svcSnap.Service.ID)]; ok { + if storedSvcInst.IsSame(svcSnap.Service) { + changed = false + } + } + + if changed { + req.Service = svcSnap.Service + if err := s.Backend.CatalogRegister(&req); err != nil { + return fmt.Errorf("failed to register service: %w", err) + } } } req.Service = nil - // Then register all checks on that node + // Then register all checks on that node - skip the unchanged ones var chks structs.HealthChecks for _, svcSnap := range nodeSnap.Services { for _, c := range svcSnap.Checks { - chks = append(chks, c) + changed := true + if chk, ok := storedChecksMap[makeNodeCheckID(nodeSnap.Node.ID, svcSnap.Service.ID, c.CheckID)]; ok { + if chk.IsSame(c) { + changed = false + } + } + + if changed { + chks = append(chks, c) + } } } - req.Checks = chks - if err := s.Backend.CatalogRegister(&req); err != nil { - return fmt.Errorf("failed to register check: %w", err) + if len(chks) > 0 { + req.Checks = chks + if err := s.Backend.CatalogRegister(&req); err != nil { + return fmt.Errorf("failed to register check: %w", err) + } } } @@ -589,3 +616,46 @@ func makeReplicationResponse(resp *pbpeerstream.ReplicationMessage_Response) *pb }, } } + +// nodeSvcInstIdentity uniquely identifies an service instance imported from a peering cluster +type nodeSvcInstIdentity struct { + nodeID string + serviceID string +} + +// nodeCheckIdentity uniquely identifies a check imported from a peering cluster +type nodeCheckIdentity struct { + nodeID string + serviceID string + checkID string +} + +func makeNodeSvcInstID(nodeID types.NodeID, serviceID string) nodeSvcInstIdentity { + return nodeSvcInstIdentity{ + nodeID: string(nodeID), + serviceID: serviceID, + } +} + +func makeNodeCheckID(nodeID types.NodeID, serviceID string, checkID types.CheckID) nodeCheckIdentity { + return nodeCheckIdentity{ + serviceID: serviceID, + checkID: string(checkID), + nodeID: string(nodeID), + } +} + +func buildStoredMap(storedInstances structs.CheckServiceNodes) (map[types.NodeID]*structs.Node, map[nodeSvcInstIdentity]*structs.NodeService, map[nodeCheckIdentity]*structs.HealthCheck) { + nodesMap := map[types.NodeID]*structs.Node{} + svcInstMap := map[nodeSvcInstIdentity]*structs.NodeService{} + checksMap := map[nodeCheckIdentity]*structs.HealthCheck{} + + for _, csn := range storedInstances { + nodesMap[csn.Node.ID] = csn.Node + svcInstMap[makeNodeSvcInstID(csn.Node.ID, csn.Service.ID)] = csn.Service + for _, chk := range csn.Checks { + checksMap[makeNodeCheckID(csn.Node.ID, csn.Service.ID, chk.CheckID)] = chk + } + } + return nodesMap, svcInstMap, checksMap +} diff --git a/agent/grpc-external/services/peerstream/stream_resources.go b/agent/grpc-external/services/peerstream/stream_resources.go index bf9d1b791a8d3..64960f5f4ebd2 100644 --- a/agent/grpc-external/services/peerstream/stream_resources.go +++ b/agent/grpc-external/services/peerstream/stream_resources.go @@ -658,7 +658,7 @@ func (s *Server) realHandleStream(streamReq HandleStreamRequest) error { continue } case strings.HasPrefix(update.CorrelationID, subExportedService): - resp, err = makeServiceResponse(status, update) + resp, err = makeServiceResponse(update) if err != nil { // Log the error and skip this response to avoid locking up peering due to a bad update event. logger.Error("failed to create service response", "error", err) diff --git a/agent/grpc-external/services/peerstream/subscription_manager.go b/agent/grpc-external/services/peerstream/subscription_manager.go index ef31f850bfef0..8290688a604cd 100644 --- a/agent/grpc-external/services/peerstream/subscription_manager.go +++ b/agent/grpc-external/services/peerstream/subscription_manager.go @@ -9,11 +9,12 @@ import ( "time" "github.com/golang/protobuf/proto" - "github.com/hashicorp/consul/ipaddr" - "github.com/hashicorp/consul/lib/retry" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/ipaddr" + "github.com/hashicorp/consul/lib/retry" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/connect" @@ -142,7 +143,7 @@ func (m *subscriptionManager) handleEvent(ctx context.Context, state *subscripti pending := &pendingPayload{} m.syncNormalServices(ctx, state, evt.Services) if m.config.ConnectEnabled { - m.syncDiscoveryChains(ctx, state, pending, evt.ListAllDiscoveryChains()) + m.syncDiscoveryChains(state, pending, evt.ListAllDiscoveryChains()) } err := pending.Add( @@ -254,7 +255,7 @@ func (m *subscriptionManager) handleEvent(ctx context.Context, state *subscripti if state.exportList != nil { // Trigger public events for all synthetic discovery chain replies. for chainName, info := range state.connectServices { - m.collectPendingEventForDiscoveryChain(ctx, state, pending, chainName, info) + m.collectPendingEventForDiscoveryChain(state, pending, chainName, info) } } @@ -475,7 +476,6 @@ func (m *subscriptionManager) syncNormalServices( } func (m *subscriptionManager) syncDiscoveryChains( - ctx context.Context, state *subscriptionState, pending *pendingPayload, chainsByName map[structs.ServiceName]structs.ExportedDiscoveryChainInfo, @@ -488,7 +488,7 @@ func (m *subscriptionManager) syncDiscoveryChains( state.connectServices[chainName] = info - m.collectPendingEventForDiscoveryChain(ctx, state, pending, chainName, info) + m.collectPendingEventForDiscoveryChain(state, pending, chainName, info) } // if it was dropped, try to emit an DELETE event @@ -516,7 +516,6 @@ func (m *subscriptionManager) syncDiscoveryChains( } func (m *subscriptionManager) collectPendingEventForDiscoveryChain( - ctx context.Context, state *subscriptionState, pending *pendingPayload, chainName structs.ServiceName, @@ -786,7 +785,7 @@ func (m *subscriptionManager) notifyMeshConfigUpdates(ctx context.Context) <-cha const meshConfigWatch = "mesh-config-entry" notifyCh := make(chan cache.UpdateEvent, 1) - go m.syncViaBlockingQuery(ctx, meshConfigWatch, func(ctx_ context.Context, store StateStore, ws memdb.WatchSet) (interface{}, error) { + go m.syncViaBlockingQuery(ctx, meshConfigWatch, func(_ context.Context, store StateStore, ws memdb.WatchSet) (interface{}, error) { _, rawEntry, err := store.ConfigEntry(ws, structs.MeshConfig, structs.MeshConfigMesh, acl.DefaultEnterpriseMeta()) if err != nil { return nil, fmt.Errorf("failed to get mesh config entry: %w", err) @@ -909,7 +908,13 @@ func (m *subscriptionManager) subscribeServerAddrs( if srv.ExtGRPCPort == 0 { continue } - grpcAddr := srv.Address + ":" + strconv.Itoa(srv.ExtGRPCPort) + addr := srv.Address + + // wan address is preferred + if v, ok := srv.TaggedAddresses[structs.TaggedAddressWAN]; ok && v != "" { + addr = v + } + grpcAddr := addr + ":" + strconv.Itoa(srv.ExtGRPCPort) serverAddrs = append(serverAddrs, grpcAddr) } if len(serverAddrs) == 0 { diff --git a/agent/grpc-external/services/peerstream/subscription_manager_test.go b/agent/grpc-external/services/peerstream/subscription_manager_test.go index 615d72030e61f..cad1c1385b7af 100644 --- a/agent/grpc-external/services/peerstream/subscription_manager_test.go +++ b/agent/grpc-external/services/peerstream/subscription_manager_test.go @@ -7,10 +7,11 @@ import ( "testing" "time" - "github.com/hashicorp/consul/types" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/types" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/connect" @@ -710,6 +711,35 @@ func TestSubscriptionManager_ServerAddrs(t *testing.T) { ) }) + testutil.RunStep(t, "added server with WAN address", func(t *testing.T) { + payload = append(payload, autopilotevents.ReadyServerInfo{ + ID: "eec8721f-c42b-48da-a5a5-07565158015e", + Address: "198.18.0.3", + Version: "1.13.1", + ExtGRPCPort: 9502, + TaggedAddresses: map[string]string{ + structs.TaggedAddressWAN: "198.18.0.103", + }, + }) + backend.Publish([]stream.Event{ + { + Topic: autopilotevents.EventTopicReadyServers, + Index: 3, + Payload: payload, + }, + }) + + expectEvents(t, subCh, + func(t *testing.T, got cache.UpdateEvent) { + require.Equal(t, subServerAddrs, got.CorrelationID) + addrs, ok := got.Result.(*pbpeering.PeeringServerAddresses) + require.True(t, ok) + + require.Equal(t, []string{"198.18.0.1:8502", "198.18.0.2:9502", "198.18.0.103:9502"}, addrs.GetAddresses()) + }, + ) + }) + testutil.RunStep(t, "flipped to peering through mesh gateways", func(t *testing.T) { require.NoError(t, backend.store.EnsureConfigEntry(1, &structs.MeshConfigEntry{ Peering: &structs.PeeringMeshConfig{ @@ -843,11 +873,13 @@ func newTestSubscriptionBackend(t *testing.T) *testSubscriptionBackend { return backend } +//nolint:unparam func (b *testSubscriptionBackend) ensurePeering(t *testing.T, name string) (uint64, string) { b.lastIdx++ return b.lastIdx, setupTestPeering(t, b.store, name, b.lastIdx) } +//nolint:unparam func (b *testSubscriptionBackend) ensureConfigEntry(t *testing.T, entry structs.ConfigEntry) uint64 { require.NoError(t, entry.Normalize()) require.NoError(t, entry.Validate()) @@ -863,24 +895,28 @@ func (b *testSubscriptionBackend) deleteConfigEntry(t *testing.T, kind, name str return b.lastIdx } +//nolint:unparam func (b *testSubscriptionBackend) ensureNode(t *testing.T, node *structs.Node) uint64 { b.lastIdx++ require.NoError(t, b.store.EnsureNode(b.lastIdx, node)) return b.lastIdx } +//nolint:unparam func (b *testSubscriptionBackend) ensureService(t *testing.T, node string, svc *structs.NodeService) uint64 { b.lastIdx++ require.NoError(t, b.store.EnsureService(b.lastIdx, node, svc)) return b.lastIdx } +//nolint:unparam func (b *testSubscriptionBackend) ensureCheck(t *testing.T, hc *structs.HealthCheck) uint64 { b.lastIdx++ require.NoError(t, b.store.EnsureCheck(b.lastIdx, hc)) return b.lastIdx } +//nolint:unparam func (b *testSubscriptionBackend) deleteService(t *testing.T, nodeName, serviceID string) uint64 { b.lastIdx++ require.NoError(t, b.store.DeleteService(b.lastIdx, nodeName, serviceID, nil, "")) diff --git a/agent/hcp/client.go b/agent/hcp/client.go index 070814024a467..5b8f942bd95d7 100644 --- a/agent/hcp/client.go +++ b/agent/hcp/client.go @@ -18,6 +18,7 @@ import ( ) // Client interface exposes HCP operations that can be invoked by Consul +// //go:generate mockery --name Client --with-expecter --inpackage type Client interface { FetchBootstrap(ctx context.Context) (*BootstrapConfig, error) diff --git a/agent/hcp/mock_Client.go b/agent/hcp/mock_Client.go index ec6129f980565..4466bf238244e 100644 --- a/agent/hcp/mock_Client.go +++ b/agent/hcp/mock_Client.go @@ -50,7 +50,7 @@ type MockClient_DiscoverServers_Call struct { } // DiscoverServers is a helper method to define mock.On call -// - ctx context.Context +// - ctx context.Context func (_e *MockClient_Expecter) DiscoverServers(ctx interface{}) *MockClient_DiscoverServers_Call { return &MockClient_DiscoverServers_Call{Call: _e.mock.On("DiscoverServers", ctx)} } @@ -96,7 +96,7 @@ type MockClient_FetchBootstrap_Call struct { } // FetchBootstrap is a helper method to define mock.On call -// - ctx context.Context +// - ctx context.Context func (_e *MockClient_Expecter) FetchBootstrap(ctx interface{}) *MockClient_FetchBootstrap_Call { return &MockClient_FetchBootstrap_Call{Call: _e.mock.On("FetchBootstrap", ctx)} } @@ -133,8 +133,8 @@ type MockClient_PushServerStatus_Call struct { } // PushServerStatus is a helper method to define mock.On call -// - ctx context.Context -// - status *ServerStatus +// - ctx context.Context +// - status *ServerStatus func (_e *MockClient_Expecter) PushServerStatus(ctx interface{}, status interface{}) *MockClient_PushServerStatus_Call { return &MockClient_PushServerStatus_Call{Call: _e.mock.On("PushServerStatus", ctx, status)} } diff --git a/agent/hcp/scada/mock_Provider.go b/agent/hcp/scada/mock_Provider.go index 744f54e68e084..6e12d63f62edf 100644 --- a/agent/hcp/scada/mock_Provider.go +++ b/agent/hcp/scada/mock_Provider.go @@ -133,7 +133,7 @@ type MockProvider_Listen_Call struct { } // Listen is a helper method to define mock.On call -// - capability string +// - capability string func (_e *MockProvider_Expecter) Listen(capability interface{}) *MockProvider_Listen_Call { return &MockProvider_Listen_Call{Call: _e.mock.On("Listen", capability)} } @@ -269,7 +269,7 @@ type MockProvider_UpdateMeta_Call struct { } // UpdateMeta is a helper method to define mock.On call -// - _a0 map[string]string +// - _a0 map[string]string func (_e *MockProvider_Expecter) UpdateMeta(_a0 interface{}) *MockProvider_UpdateMeta_Call { return &MockProvider_UpdateMeta_Call{Call: _e.mock.On("UpdateMeta", _a0)} } diff --git a/agent/health_endpoint_test.go b/agent/health_endpoint_test.go index bfe187ea7b478..b822bdde82172 100644 --- a/agent/health_endpoint_test.go +++ b/agent/health_endpoint_test.go @@ -1128,76 +1128,84 @@ func TestHealthServiceNodes_NodeMetaFilter(t *testing.T) { } for _, tst := range tests { t.Run(tst.name, func(t *testing.T) { - a := NewTestAgent(t, tst.config) - defer a.Shutdown() testrpc.WaitForLeader(t, a.RPC, "dc1") + testrpc.WaitForTestAgent(t, a.RPC, "dc1") + waitForStreamingToBeReady(t, a) - req, _ := http.NewRequest("GET", "/v1/health/service/consul?dc=dc1&node-meta=somekey:somevalue", nil) - resp := httptest.NewRecorder() - obj, err := a.srv.HealthServiceNodes(resp, req) - if err != nil { - t.Fatalf("err: %v", err) - } + encodedMeta := url.QueryEscape("somekey:somevalue") - assertIndex(t, resp) + var lastIndex uint64 + testutil.RunStep(t, "do initial read", func(t *testing.T) { + u := fmt.Sprintf("/v1/health/service/test?dc=dc1&node-meta=%s", encodedMeta) - cIndex, err := strconv.ParseUint(resp.Header().Get("X-Consul-Index"), 10, 64) - require.NoError(t, err) + req, err := http.NewRequest("GET", u, nil) + require.NoError(t, err) + resp := httptest.NewRecorder() + obj, err := a.srv.HealthServiceNodes(resp, req) + require.NoError(t, err) - // Should be a non-nil empty list - nodes := obj.(structs.CheckServiceNodes) - if nodes == nil || len(nodes) != 0 { - t.Fatalf("bad: %v", obj) - } + lastIndex = getIndex(t, resp) + require.True(t, lastIndex > 0) - args := &structs.RegisterRequest{ - Datacenter: "dc1", - Node: "bar", - Address: "127.0.0.1", - NodeMeta: map[string]string{"somekey": "somevalue"}, - Service: &structs.NodeService{ - ID: "test", - Service: "test", - }, - } + // Should be a non-nil empty list + nodes := obj.(structs.CheckServiceNodes) + require.NotNil(t, nodes) + require.Empty(t, nodes) + }) - var out struct{} - if err := a.RPC("Catalog.Register", args, &out); err != nil { - t.Fatalf("err: %v", err) - } + require.True(t, lastIndex > 0, "lastindex = %d", lastIndex) - args = &structs.RegisterRequest{ - Datacenter: "dc1", - Node: "bar2", - Address: "127.0.0.1", - NodeMeta: map[string]string{"somekey": "othervalue"}, - Service: &structs.NodeService{ - ID: "test2", - Service: "test", - }, - } + testutil.RunStep(t, "register item 1", func(t *testing.T) { + args := &structs.RegisterRequest{ + Datacenter: "dc1", + Node: "bar", + Address: "127.0.0.1", + NodeMeta: map[string]string{"somekey": "somevalue"}, + Service: &structs.NodeService{ + ID: "test", + Service: "test", + }, + } - if err := a.RPC("Catalog.Register", args, &out); err != nil { - t.Fatalf("err: %v", err) - } + var ignored struct{} + require.NoError(t, a.RPC("Catalog.Register", args, &ignored)) + }) - req, _ = http.NewRequest("GET", fmt.Sprintf("/v1/health/service/test?dc=dc1&node-meta=somekey:somevalue&index=%d&wait=10ms", cIndex), nil) - resp = httptest.NewRecorder() - obj, err = a.srv.HealthServiceNodes(resp, req) - if err != nil { - t.Fatalf("err: %v", err) - } + testutil.RunStep(t, "register item 2", func(t *testing.T) { + args := &structs.RegisterRequest{ + Datacenter: "dc1", + Node: "bar2", + Address: "127.0.0.1", + NodeMeta: map[string]string{"somekey": "othervalue"}, + Service: &structs.NodeService{ + ID: "test2", + Service: "test", + }, + } + var ignored struct{} + require.NoError(t, a.RPC("Catalog.Register", args, &ignored)) + }) - assertIndex(t, resp) + testutil.RunStep(t, "do blocking read", func(t *testing.T) { + u := fmt.Sprintf("/v1/health/service/test?dc=dc1&node-meta=%s&index=%d&wait=100ms&cached", encodedMeta, lastIndex) - // Should be a non-nil empty list for checks - nodes = obj.(structs.CheckServiceNodes) - if len(nodes) != 1 || nodes[0].Checks == nil || len(nodes[0].Checks) != 0 { - t.Fatalf("bad: %v", obj) - } + req, err := http.NewRequest("GET", u, nil) + require.NoError(t, err) + resp := httptest.NewRecorder() + obj, err := a.srv.HealthServiceNodes(resp, req) + require.NoError(t, err) + + assertIndex(t, resp) + + // Should be a non-nil empty list for checks + nodes := obj.(structs.CheckServiceNodes) + require.Len(t, nodes, 1) + require.NotNil(t, nodes[0].Checks) + require.Empty(t, nodes[0].Checks) - require.Equal(t, tst.queryBackend, resp.Header().Get("X-Consul-Query-Backend")) + require.Equal(t, tst.queryBackend, resp.Header().Get("X-Consul-Query-Backend")) + }) }) } } @@ -1637,6 +1645,7 @@ func testHealthIngressServiceNodes(t *testing.T, agentHCL string) { a := NewTestAgent(t, agentHCL) defer a.Shutdown() testrpc.WaitForLeader(t, a.RPC, "dc1") + waitForStreamingToBeReady(t, a) // Register gateway gatewayArgs := structs.TestRegisterIngressGateway(t) @@ -2038,3 +2047,9 @@ func peerQuerySuffix(peerName string) string { } return "&peer=" + peerName } + +func waitForStreamingToBeReady(t *testing.T, a *TestAgent) { + retry.Run(t, func(r *retry.R) { + require.True(r, a.rpcClientHealth.IsReadyForStreaming()) + }) +} diff --git a/agent/http.go b/agent/http.go index ff7764f0d1596..265f32e2702ff 100644 --- a/agent/http.go +++ b/agent/http.go @@ -21,6 +21,8 @@ import ( "github.com/hashicorp/go-cleanhttp" "github.com/mitchellh/mapstructure" "github.com/pkg/errors" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" @@ -318,8 +320,8 @@ func (s *HTTPHandlers) nodeName() string { // this regular expression is applied, so the regular expression substitution // results in: // -// /v1/acl/clone/foo?token=bar -> /v1/acl/clone/?token=bar -// ^---- $1 ----^^- $2 -^^-- $3 --^ +// /v1/acl/clone/foo?token=bar -> /v1/acl/clone/?token=bar +// ^---- $1 ----^^- $2 -^^-- $3 --^ // // And then the loop that looks for parameters called "token" does the last // step to get to the final redacted form. @@ -374,6 +376,9 @@ func (s *HTTPHandlers) wrap(handler endpoint, methods []string) http.HandlerFunc if acl.IsErrPermissionDenied(err) || acl.IsErrNotFound(err) { return true } + if e, ok := status.FromError(err); ok && e.Code() == codes.PermissionDenied { + return true + } return false } diff --git a/agent/http_decode_test.go b/agent/http_decode_test.go index 50347f6e1ea40..a11f4ce83116a 100644 --- a/agent/http_decode_test.go +++ b/agent/http_decode_test.go @@ -33,7 +33,6 @@ package agent import ( "bytes" "fmt" - "strings" "testing" "time" @@ -791,21 +790,7 @@ var translateServiceIDTCs = []translateKeyTestCase{ }, } -// ACLPolicySetRequest: -// Policy structs.ACLPolicy -// ID string -// Name string -// Description string -// Rules string -// Syntax acl.SyntaxVersion -// Datacenters []string -// Hash []uint8 -// RaftIndex structs.RaftIndex -// CreateIndex uint64 -// ModifyIndex uint64 -// Datacenter string -// WriteRequest structs.WriteRequest -// Token string +// structs.ACLPolicySetRequest func TestDecodeACLPolicyWrite(t *testing.T) { for _, tc := range hashTestCases { @@ -833,35 +818,7 @@ func TestDecodeACLPolicyWrite(t *testing.T) { } } -// ACLTokenSetRequest: -// ACLToken structs.ACLToken -// AccessorID string -// SecretID string -// Description string -// Policies []structs.ACLTokenPolicyLink -// ID string -// Name string -// Roles []structs.ACLTokenRoleLink -// ID string -// Name string -// ServiceIdentities []*structs.ACLServiceIdentity -// ServiceName string -// Datacenters []string -// Type string -// Rules string -// Local bool -// AuthMethod string -// ExpirationTime *time.Time -// ExpirationTTL time.Duration -// CreateTime time.Time -// Hash []uint8 -// RaftIndex structs.RaftIndex -// CreateIndex uint64 -// ModifyIndex uint64 -// Create bool -// Datacenter string -// WriteRequest structs.WriteRequest -// Token string +// structs.ACLTokenSetRequest func TestDecodeACLToken(t *testing.T) { for _, tc := range translateValueTestCases { t.Run(tc.desc, func(t *testing.T) { @@ -1079,76 +1036,7 @@ func TestDecodeAgentRegisterCheck(t *testing.T) { } -// ServiceDefinition: -// Kind structs.ServiceKind -// ID string -// Name string -// Tags []string -// Address string -// TaggedAddresses map[string]structs.ServiceAddress -// Address string -// Port int -// Meta map[string]string -// Port int -// Check structs.CheckType -// CheckID types.CheckID -// Name string -// Status string -// Notes string -// ScriptArgs []string -// HTTP string -// Header map[string][]string -// Method string -// TCP string -// Interval time.Duration -// AliasNode string -// AliasService string -// DockerContainerID string -// Shell string -// GRPC string -// GRPCUseTLS bool -// TLSServerName string -// TLSSkipVerify bool -// Timeout time.Duration -// TTL time.Duration -// ProxyHTTP string -// ProxyGRPC string -// DeregisterCriticalServiceAfter time.Duration -// OutputMaxSize int -// Checks structs.CheckTypes -// Weights *structs.Weights -// Passing int -// Warning int -// Token string -// EnableTagOverride bool -// Proxy *structs.ConnectProxyConfig -// DestinationServiceName string -// DestinationServiceID string -// LocalServiceAddress string -// LocalServicePort int -// Config map[string]interface {} -// Upstreams structs.Upstreams -// DestinationType string -// DestinationNamespace string -// DestinationName string -// Datacenter string -// LocalBindAddress string -// LocalBindPort int -// Config map[string]interface {} -// MeshGateway structs.MeshGatewayConfig -// Mode structs.MeshGatewayMode -// MeshGateway structs.MeshGatewayConfig -// Expose structs.ExposeConfig -// Checks bool -// Paths []structs.ExposePath -// ListenerPort int -// Path string -// LocalPathPort int -// Protocol string -// ParsedFromCheck bool -// Connect *structs.ServiceConnect -// Native bool -// SidecarService *structs.ServiceDefinition +// structs.ServiceDefinition func TestDecodeAgentRegisterService(t *testing.T) { // key translation tests: // decodeCB fields: @@ -1969,133 +1857,7 @@ func TestDecodeAgentRegisterService(t *testing.T) { } -// RegisterRequest: -// Datacenter string -// ID types.NodeID -// Node string -// Address string -// TaggedAddresses map[string]string -// NodeMeta map[string]string -// Service *structs.NodeService -// Kind structs.ServiceKind -// ID string -// Service string -// Tags []string -// Address string -// TaggedAddresses map[string]structs.ServiceAddress -// Address string -// Port int -// Meta map[string]string -// Port int -// Weights *structs.Weights -// Passing int -// Warning int -// EnableTagOverride bool -// Proxy structs.ConnectProxyConfig -// DestinationServiceName string -// DestinationServiceID string -// LocalServiceAddress string -// LocalServicePort int -// Config map[string]interface {} -// Upstreams structs.Upstreams -// DestinationType string -// DestinationNamespace string -// DestinationName string -// Datacenter string -// LocalBindAddress string -// LocalBindPort int -// Config map[string]interface {} -// MeshGateway structs.MeshGatewayConfig -// Mode structs.MeshGatewayMode -// MeshGateway structs.MeshGatewayConfig -// Expose structs.ExposeConfig -// Checks bool -// Paths []structs.ExposePath -// ListenerPort int -// Path string -// LocalPathPort int -// Protocol string -// ParsedFromCheck bool -// Connect structs.ServiceConnect -// Native bool -// SidecarService *structs.ServiceDefinition -// Kind structs.ServiceKind -// ID string -// Name string -// Tags []string -// Address string -// TaggedAddresses map[string]structs.ServiceAddress -// Meta map[string]string -// Port int -// Check structs.CheckType -// CheckID types.CheckID -// Name string -// Status string -// Notes string -// ScriptArgs []string -// HTTP string -// Header map[string][]string -// Method string -// TCP string -// Interval time.Duration -// AliasNode string -// AliasService string -// DockerContainerID string -// Shell string -// GRPC string -// GRPCUseTLS bool -// TLSServerName string -// TLSSkipVerify bool -// Timeout time.Duration -// TTL time.Duration -// ProxyHTTP string -// ProxyGRPC string -// DeregisterCriticalServiceAfter time.Duration -// OutputMaxSize int -// Checks structs.CheckTypes -// Weights *structs.Weights -// Token string -// EnableTagOverride bool -// Proxy *structs.ConnectProxyConfig -// Connect *structs.ServiceConnect -// LocallyRegisteredAsSidecar bool -// RaftIndex structs.RaftIndex -// CreateIndex uint64 -// ModifyIndex uint64 -// Check *structs.HealthCheck -// Node string -// CheckID types.CheckID -// Name string -// Status string -// Notes string -// Output string -// ServiceID string -// ServiceName string -// ServiceTags []string -// Definition structs.HealthCheckDefinition -// HTTP string -// TLSServerName string -// TLSSkipVerify bool -// Header map[string][]string -// Method string -// TCP string -// Interval time.Duration -// OutputMaxSize uint -// Timeout time.Duration -// DeregisterCriticalServiceAfter time.Duration -// ScriptArgs []string -// DockerContainerID string -// Shell string -// GRPC string -// GRPCUseTLS bool -// AliasNode string -// AliasService string -// TTL time.Duration -// RaftIndex structs.RaftIndex -// Checks structs.HealthChecks -// SkipNodeUpdate bool -// WriteRequest structs.WriteRequest -// Token string +// structs.RegisterRequest func TestDecodeCatalogRegister(t *testing.T) { for _, tc := range durationTestCases { t.Run(tc.desc, func(t *testing.T) { @@ -2164,28 +1926,7 @@ func TestDecodeCatalogRegister(t *testing.T) { } } -// IntentionRequest: -// Datacenter string -// Op structs.IntentionOp -// Intention *structs.Intention -// ID string -// Description string -// SourceNS string -// SourceName string -// DestinationNS string -// DestinationName string -// SourceType structs.IntentionSourceType -// Action structs.IntentionAction -// Meta map[string]string -// Precedence int -// CreatedAt time.Time mapstructure:'-' -// UpdatedAt time.Time mapstructure:'-' -// Hash []uint8 -// RaftIndex structs.RaftIndex -// CreateIndex uint64 -// ModifyIndex uint64 -// WriteRequest structs.WriteRequest -// Token string +// structs.IntentionRequest func TestDecodeIntentionCreate(t *testing.T) { for _, tc := range append(hashTestCases, timestampTestCases...) { t.Run(tc.desc, func(t *testing.T) { @@ -2300,22 +2041,7 @@ func TestDecodeOperatorAutopilotConfiguration(t *testing.T) { } } -// SessionRequest: -// Datacenter string -// Op structs.SessionOp -// Session structs.Session -// ID string -// Name string -// Node string -// Checks []types.CheckID -// LockDelay time.Duration -// Behavior structs.SessionBehavior -// TTL string -// RaftIndex structs.RaftIndex -// CreateIndex uint64 -// ModifyIndex uint64 -// WriteRequest structs.WriteRequest -// Token string +// structs.SessionRequest func TestDecodeSessionCreate(t *testing.T) { // outSession var is shared among test cases b/c of the // nature/signature of the FixupChecks callback. @@ -2454,137 +2180,7 @@ func TestDecodeSessionCreate(t *testing.T) { } } -// TxnOps: -// KV *api.KVTxnOp -// Verb api.KVOp -// Key string -// Value []uint8 -// Flags uint64 -// Index uint64 -// Session string -// Node *api.NodeTxnOp -// Verb api.NodeOp -// Node api.Node -// ID string -// Node string -// Address string -// Datacenter string -// TaggedAddresses map[string]string -// Meta map[string]string -// CreateIndex uint64 -// ModifyIndex uint64 -// Service *api.ServiceTxnOp -// Verb api.ServiceOp -// Node string -// Service api.AgentService -// Kind api.ServiceKind -// ID string -// Service string -// Tags []string -// Meta map[string]string -// Port int -// Address string -// TaggedAddresses map[string]api.ServiceAddress -// Address string -// Port int -// Weights api.AgentWeights -// Passing int -// Warning int -// EnableTagOverride bool -// CreateIndex uint64 -// ModifyIndex uint64 -// ContentHash string -// Proxy *api.AgentServiceConnectProxyConfig -// DestinationServiceName string -// DestinationServiceID string -// LocalServiceAddress string -// LocalServicePort int -// Config map[string]interface {} -// Upstreams []api.Upstream -// DestinationType api.UpstreamDestType -// DestinationNamespace string -// DestinationName string -// Datacenter string -// LocalBindAddress string -// LocalBindPort int -// Config map[string]interface {} -// MeshGateway api.MeshGatewayConfig -// Mode api.MeshGatewayMode -// MeshGateway api.MeshGatewayConfig -// Expose api.ExposeConfig -// Checks bool -// Paths []api.ExposePath -// ListenerPort int -// Path string -// LocalPathPort int -// Protocol string -// ParsedFromCheck bool -// Connect *api.AgentServiceConnect -// Native bool -// SidecarService *api.AgentServiceRegistration -// Kind api.ServiceKind -// ID string -// Name string -// Tags []string -// Port int -// Address string -// TaggedAddresses map[string]api.ServiceAddress -// EnableTagOverride bool -// Meta map[string]string -// Weights *api.AgentWeights -// Check *api.AgentServiceCheck -// CheckID string -// Name string -// Args []string -// DockerContainerID string -// Shell string -// Interval string -// Timeout string -// TTL string -// HTTP string -// Header map[string][]string -// Method string -// TCP string -// Status string -// Notes string -// TLSServerName string -// TLSSkipVerify bool -// GRPC string -// GRPCUseTLS bool -// AliasNode string -// AliasService string -// DeregisterCriticalServiceAfter string -// Checks api.AgentServiceChecks -// Proxy *api.AgentServiceConnectProxyConfig -// Connect *api.AgentServiceConnect -// Check *api.CheckTxnOp -// Verb api.CheckOp -// Check api.HealthCheck -// Node string -// CheckID string -// Name string -// Status string -// Notes string -// Output string -// ServiceID string -// ServiceName string -// ServiceTags []string -// Definition api.HealthCheckDefinition -// HTTP string -// Header map[string][]string -// Method string -// Body string -// TLSServerName string -// TLSSkipVerify bool -// TCP string -// IntervalDuration time.Duration -// TimeoutDuration time.Duration -// DeregisterCriticalServiceAfterDuration time.Duration -// Interval api.ReadableDuration -// Timeout api.ReadableDuration -// DeregisterCriticalServiceAfter api.ReadableDuration -// CreateIndex uint64 -// ModifyIndex uint64 +// structs.TxnOps func TestDecodeTxnConvertOps(t *testing.T) { for _, tc := range durationTestCases { t.Run(tc.desc, func(t *testing.T) { diff --git a/agent/peering_endpoint_test.go b/agent/peering_endpoint_test.go index 55722dc3e767a..9dd02f55e0596 100644 --- a/agent/peering_endpoint_test.go +++ b/agent/peering_endpoint_test.go @@ -96,39 +96,6 @@ func TestHTTP_Peering_GenerateToken(t *testing.T) { // The PeerID in the token is randomly generated so we don't assert on its value. require.NotEmpty(t, token.PeerID) }) - - t.Run("Success with external address", func(t *testing.T) { - externalAddress := "32.1.2.3" - body := &pbpeering.GenerateTokenRequest{ - PeerName: "peering-a", - ServerExternalAddresses: []string{externalAddress}, - } - - bodyBytes, err := json.Marshal(body) - require.NoError(t, err) - - req, err := http.NewRequest("POST", "/v1/peering/token", bytes.NewReader(bodyBytes)) - require.NoError(t, err) - resp := httptest.NewRecorder() - a.srv.h.ServeHTTP(resp, req) - require.Equal(t, http.StatusOK, resp.Code, "expected 200, got %d: %v", resp.Code, resp.Body.String()) - - var r pbpeering.GenerateTokenResponse - require.NoError(t, json.NewDecoder(resp.Body).Decode(&r)) - - tokenJSON, err := base64.StdEncoding.DecodeString(r.PeeringToken) - require.NoError(t, err) - - var token structs.PeeringToken - require.NoError(t, json.Unmarshal(tokenJSON, &token)) - - require.NotNil(t, token.CA) - require.Equal(t, []string{externalAddress}, token.ServerAddresses) - require.Equal(t, "server.dc1.peering.11111111-2222-3333-4444-555555555555.consul", token.ServerName) - - // The PeerID in the token is randomly generated so we don't assert on its value. - require.NotEmpty(t, token.PeerID) - }) } // Test for GenerateToken calls at various points in a peer's lifecycle diff --git a/agent/pool/peek.go b/agent/pool/peek.go index 5c6568153bc30..95dadf5669475 100644 --- a/agent/pool/peek.go +++ b/agent/pool/peek.go @@ -18,8 +18,8 @@ import ( // The TLS record layer governs the very first byte. The available options start // at 20 as per: // -// - v1.2: https://tools.ietf.org/html/rfc5246#appendix-A.1 -// - v1.3: https://tools.ietf.org/html/rfc8446#appendix-B.1 +// - v1.2: https://tools.ietf.org/html/rfc5246#appendix-A.1 +// - v1.3: https://tools.ietf.org/html/rfc8446#appendix-B.1 // // Note: this indicates that '0' is 'invalid'. Given that we only care about // the first byte of a long-lived connection this is irrelevant, since you must diff --git a/agent/proxycfg-glue/config_entry.go b/agent/proxycfg-glue/config_entry.go index 1321e352af08d..76709a178fd7c 100644 --- a/agent/proxycfg-glue/config_entry.go +++ b/agent/proxycfg-glue/config_entry.go @@ -60,6 +60,8 @@ func newConfigEntryRequest(req *structs.ConfigEntryQuery, deps ServerDataSourceD topic = pbsubscribe.Topic_ServiceResolver case structs.IngressGateway: topic = pbsubscribe.Topic_IngressGateway + case structs.ServiceDefaults: + topic = pbsubscribe.Topic_ServiceDefaults default: return nil, fmt.Errorf("cannot map config entry kind: %s to a topic", req.Kind) } diff --git a/agent/proxycfg/proxycfg.go b/agent/proxycfg/proxycfg.go index aa7bbc2c95039..b712c4de7ee9c 100644 --- a/agent/proxycfg/proxycfg.go +++ b/agent/proxycfg/proxycfg.go @@ -12,43 +12,42 @@ // The following diagram depicts the component relationships on a server, as // this is the more complex mode of operation: // -// +-------+ 1. +------------+ -// | Local | ◀------------▶ | Local | -// | State | | State Sync | -// +-------+ +-----+------+ -// ▲ | -// | +---------------+ | 2. -// 4. | 4a. | Local | | -// | +-▶ | Config Source +-+ | -// | | +---------------+ | | -// | | ▼ ▼ -// +--------+ 3. +-+-+-----------+ 6. +----------+ 2a. +----------+ -// | xDS +---▶ | Catalog +-----▶ | proxycfg +----▶ | proxycfg | -// | Server | ◀---+ Config Source +-----▶ | Manager +--+ | State | -// +--------+ 8. +----+----------+ 7. +----------+ | +----------+ -// 5. | | -// ▼ 7a. | +----------+ -// +-------+ +-▶ | proxycfg | -// | State | | State | -// | Store | +----------+ -// +-------+ -// -// 1. local.Sync watches the agent's local state for changes. -// 2. If any sidecar proxy or gateway services are registered to the local agent -// they are sync'd to the proxycfg.Manager. -// 2a. proxycfg.Manager creates a state object for the service and begins -// pre-fetching data (go to 8). -// 3. Client begins a stream and the xDS server calls Watch on its ConfigSource - -// on a client agent this would be a local config source, on a server it would -// be a catalog config source. -// 4. The catalog config source will check if service is registered locally. -// 4a. If the service *is* registered locally it hands off the the local config -// source, which calls Watch on the proxycfg manager (and serves the pre- -// fetched data). -// 5. Otherwise, it fetches the service from the state store. -// 6. It calls Watch on the proxycfg manager. -// 7. It registers the service with the proxycfg manager. -// 7a. See: 2a. -// 8. xDS server receives snapshots of configuration data whenever it changes. +// +-------+ 1. +------------+ +// | Local | ◀------------▶ | Local | +// | State | | State Sync | +// +-------+ +-----+------+ +// ▲ | +// | +---------------+ | 2. +// 4. | 4a. | Local | | +// | +-▶ | Config Source +-+ | +// | | +---------------+ | | +// | | ▼ ▼ +// +--------+ 3. +-+-+-----------+ 6. +----------+ 2a. +----------+ +// | xDS +---▶ | Catalog +-----▶ | proxycfg +----▶ | proxycfg | +// | Server | ◀---+ Config Source +-----▶ | Manager +--+ | State | +// +--------+ 8. +----+----------+ 7. +----------+ | +----------+ +// 5. | | +// ▼ 7a. | +----------+ +// +-------+ +-▶ | proxycfg | +// | State | | State | +// | Store | +----------+ +// +-------+ // +// 1. local.Sync watches the agent's local state for changes. +// 2. If any sidecar proxy or gateway services are registered to the local agent +// they are sync'd to the proxycfg.Manager. +// 2a. proxycfg.Manager creates a state object for the service and begins +// pre-fetching data (go to 8). +// 3. Client begins a stream and the xDS server calls Watch on its ConfigSource - +// on a client agent this would be a local config source, on a server it would +// be a catalog config source. +// 4. The catalog config source will check if service is registered locally. +// 4a. If the service *is* registered locally it hands off the the local config +// source, which calls Watch on the proxycfg manager (and serves the pre- +// fetched data). +// 5. Otherwise, it fetches the service from the state store. +// 6. It calls Watch on the proxycfg manager. +// 7. It registers the service with the proxycfg manager. +// 7a. See: 2a. +// 8. xDS server receives snapshots of configuration data whenever it changes. package proxycfg diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index 9d884e3014474..2df9fa861e294 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -401,14 +401,14 @@ func upstreamIDForDC2(uid UpstreamID) UpstreamID { // routine. This allows the test to be fully synchronous and deterministic while still being able // to validate the logic of most of the watching and state updating. // -// The general strategy here is to +// The general strategy here is to: // -// 1. Initialize a state with a call to newState + setting some of the extra stuff like the CacheNotifier -// We will not be using the CacheNotifier to send notifications but calling handleUpdate ourselves -// 2. Iterate through a list of verification stages performing validation and updates for each. -// a. Ensure that the required watches are in place and validate they are correct -// b. Process a bunch of UpdateEvents by calling handleUpdate -// c. Validate that the ConfigSnapshot has been updated appropriately +// 1. Initialize a state with a call to newState + setting some of the extra stuff like the CacheNotifier +// We will not be using the CacheNotifier to send notifications but calling handleUpdate ourselves +// 2. Iterate through a list of verification stages performing validation and updates for each. +// a. Ensure that the required watches are in place and validate they are correct +// b. Process a bunch of UpdateEvents by calling handleUpdate +// c. Validate that the ConfigSnapshot has been updated appropriately func TestState_WatchesAndUpdates(t *testing.T) { t.Parallel() diff --git a/agent/router/router_test.go b/agent/router/router_test.go index 83de54fed46f2..8ccdf825e0a28 100644 --- a/agent/router/router_test.go +++ b/agent/router/router_test.go @@ -9,12 +9,13 @@ import ( "testing" "time" + "github.com/hashicorp/serf/coordinate" + "github.com/hashicorp/serf/serf" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/types" - "github.com/hashicorp/serf/coordinate" - "github.com/hashicorp/serf/serf" "github.com/stretchr/testify/require" ) @@ -96,10 +97,10 @@ func (m *mockCluster) AddLANMember(dc, name, role string, coord *coordinate.Coor // // Here's the layout of the nodes: // -// /---- dc1 ----\ /- dc2 -\ /- dc0 -\ -// node2 node1 node3 node1 node0 -// | | | | | | | | | | | -// 0 1 2 3 4 5 6 7 8 9 10 (ms) +// /---- dc1 ----\ /- dc2 -\ /- dc0 -\ +// node2 node1 node3 node1 node0 +// | | | | | | | | | | | +// 0 1 2 3 4 5 6 7 8 9 10 (ms) // // We also include a node4 in dc1 with no known coordinate, as well as a // mysterious dcX with no nodes with known coordinates. diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go index c6eb78dea9727..b6a8e6cfecb2a 100644 --- a/agent/rpc/peering/service.go +++ b/agent/rpc/peering/service.go @@ -310,15 +310,9 @@ func (s *Server) GenerateToken( break } - // ServerExternalAddresses must be formatted as addr:port. - var serverAddrs []string - if len(req.ServerExternalAddresses) > 0 { - serverAddrs = req.ServerExternalAddresses - } else { - serverAddrs, err = s.Backend.GetLocalServerAddresses() - if err != nil { - return nil, err - } + serverAddrs, err := s.Backend.GetLocalServerAddresses() + if err != nil { + return nil, err } tok := structs.PeeringToken{ @@ -562,7 +556,7 @@ func (s *Server) exchangeSecret(ctx context.Context, peering *pbpeering.Peering, // If we got a permission denied error that means out establishment secret is invalid, so we do not retry. grpcErr, ok := grpcstatus.FromError(err) if ok && grpcErr.Code() == codes.PermissionDenied { - return nil, fmt.Errorf("a new peering token must be generated: %w", grpcErr.Err()) + return nil, grpcstatus.Errorf(codes.PermissionDenied, "a new peering token must be generated: %s", grpcErr.Message()) } if err != nil { dialErrors = multierror.Append(dialErrors, fmt.Errorf("failed to exchange peering secret through address %q: %w", addr, err)) diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go index f2db059e7514f..2a576f0ef7e61 100644 --- a/agent/rpc/peering/service_test.go +++ b/agent/rpc/peering/service_test.go @@ -175,45 +175,6 @@ func TestPeeringService_GenerateToken(t *testing.T) { } -func TestPeeringService_GenerateTokenExternalAddress(t *testing.T) { - dir := testutil.TempDir(t, "consul") - - signer, _, _ := tlsutil.GeneratePrivateKey() - ca, _, _ := tlsutil.GenerateCA(tlsutil.CAOpts{Signer: signer}) - cafile := path.Join(dir, "cacert.pem") - require.NoError(t, ioutil.WriteFile(cafile, []byte(ca), 0600)) - - // TODO(peering): see note on newTestServer, refactor to not use this - s := newTestServer(t, func(c *consul.Config) { - c.SerfLANConfig.MemberlistConfig.AdvertiseAddr = "127.0.0.1" - c.TLSConfig.GRPC.CAFile = cafile - c.DataDir = dir - }) - client := pbpeering.NewPeeringServiceClient(s.ClientConn(t)) - ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) - t.Cleanup(cancel) - - externalAddress := "32.1.2.3:8502" - // happy path - req := pbpeering.GenerateTokenRequest{PeerName: "peerB", Meta: map[string]string{"foo": "bar"}, ServerExternalAddresses: []string{externalAddress}} - resp, err := client.GenerateToken(ctx, &req) - require.NoError(t, err) - - tokenJSON, err := base64.StdEncoding.DecodeString(resp.PeeringToken) - require.NoError(t, err) - - token := &structs.PeeringToken{} - require.NoError(t, json.Unmarshal(tokenJSON, token)) - require.Equal(t, "server.dc1.peering.11111111-2222-3333-4444-555555555555.consul", token.ServerName) - require.Len(t, token.ServerAddresses, 1) - require.Equal(t, externalAddress, token.ServerAddresses[0]) - - // The roots utilized should be the ConnectCA roots and not the ones manually configured. - _, roots, err := s.Server.FSM().State().CARoots(nil) - require.NoError(t, err) - require.Equal(t, []string{roots.Active().RootCert}, token.CA) -} - func TestPeeringService_GenerateToken_ACLEnforcement(t *testing.T) { // TODO(peering): see note on newTestServer, refactor to not use this s := newTestServer(t, func(conf *consul.Config) { @@ -549,6 +510,9 @@ func TestPeeringService_Establish_ThroughMeshGateway(t *testing.T) { PeerName: "my-peer-acceptor", PeeringToken: peeringToken, }) + grpcErr, ok := grpcstatus.FromError(err) + require.True(t, ok) + require.Equal(t, codes.PermissionDenied, grpcErr.Code()) testutil.RequireErrorContains(t, err, "a new peering token must be generated") }) @@ -1785,6 +1749,7 @@ func upsertTestACLs(t *testing.T, store *state.Store) { require.NoError(t, store.ACLTokenBatchSet(101, tokens, state.ACLTokenSetOptions{})) } +//nolint:unparam func setupTestPeering(t *testing.T, store *state.Store, name string, index uint64) string { t.Helper() err := store.PeeringWrite(index, &pbpeering.PeeringWriteRequest{ diff --git a/agent/rpcclient/health/health.go b/agent/rpcclient/health/health.go index a4bdae78a9feb..9b24a164dde8f 100644 --- a/agent/rpcclient/health/health.go +++ b/agent/rpcclient/health/health.go @@ -3,6 +3,8 @@ package health import ( "context" + "google.golang.org/grpc/connectivity" + "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/submatview" @@ -34,6 +36,16 @@ type MaterializedViewStore interface { NotifyCallback(ctx context.Context, req submatview.Request, cID string, cb cache.Callback) error } +// IsReadyForStreaming will indicate if the underlying gRPC connection is ready. +func (c *Client) IsReadyForStreaming() bool { + conn := c.MaterializerDeps.Conn + if conn == nil { + return false + } + + return conn.GetState() == connectivity.Ready +} + func (c *Client) ServiceNodes( ctx context.Context, req structs.ServiceSpecificRequest, diff --git a/agent/structs/config_entry_discoverychain.go b/agent/structs/config_entry_discoverychain.go index 69800d9939e84..5c58f1d3941b2 100644 --- a/agent/structs/config_entry_discoverychain.go +++ b/agent/structs/config_entry_discoverychain.go @@ -1297,7 +1297,6 @@ func (r *ServiceResolverRedirect) isEmpty() bool { // - Service, ServiceSubset, Namespace, Datacenters, and Targets cannot all be // empty at once. When Targets is defined, the other fields should not be // populated. -// type ServiceResolverFailover struct { // Service is the service to resolve instead of the default as the failover // group of instances (optional). diff --git a/agent/structs/protobuf_compat.go b/agent/structs/protobuf_compat.go index e3a01cadf5dcf..b2f9cbdcb83fb 100644 --- a/agent/structs/protobuf_compat.go +++ b/agent/structs/protobuf_compat.go @@ -147,7 +147,6 @@ func (q *QueryOptions) SetFilter(filter string) { q.Filter = filter } -// func (m *QueryMeta) GetIndex() uint64 { if m != nil { return m.Index diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index 4c23d07059653..577e3f51b5ae6 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -1235,7 +1235,7 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot } } - err := s.finalizePublicListenerFromConfig(l, cfgSnap, cfg, useHTTPFilter) + err := s.finalizePublicListenerFromConfig(l, cfgSnap, useHTTPFilter) if err != nil { return nil, fmt.Errorf("failed to attach Consul filters and TLS context to custom public listener: %v", err) } @@ -1330,7 +1330,7 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot } } - err = s.finalizePublicListenerFromConfig(l, cfgSnap, cfg, useHTTPFilter) + err = s.finalizePublicListenerFromConfig(l, cfgSnap, useHTTPFilter) if err != nil { return nil, fmt.Errorf("failed to attach Consul filters and TLS context to custom public listener: %v", err) } @@ -1340,7 +1340,7 @@ func (s *ResourceGenerator) makeInboundListener(cfgSnap *proxycfg.ConfigSnapshot // finalizePublicListenerFromConfig is used for best-effort injection of Consul filter-chains onto listeners. // This include L4 authorization filters and TLS context. -func (s *ResourceGenerator) finalizePublicListenerFromConfig(l *envoy_listener_v3.Listener, cfgSnap *proxycfg.ConfigSnapshot, proxyCfg ProxyConfig, useHTTPFilter bool) error { +func (s *ResourceGenerator) finalizePublicListenerFromConfig(l *envoy_listener_v3.Listener, cfgSnap *proxycfg.ConfigSnapshot, useHTTPFilter bool) error { if !useHTTPFilter { // Best-effort injection of L4 intentions if err := s.injectConnectFilters(cfgSnap, l); err != nil { diff --git a/agent/xds/rbac.go b/agent/xds/rbac.go index cd1424ca935fe..f2a50127a821c 100644 --- a/agent/xds/rbac.go +++ b/agent/xds/rbac.go @@ -431,10 +431,10 @@ type rbacLocalInfo struct { // Enterprise). Each intention in this flat list (sorted by precedence) can either // be an allow rule or a deny rule. Here’s a concrete example of this at work: // -// intern/trusted-app => billing/payment-svc : ALLOW (prec=9) -// intern/* => billing/payment-svc : DENY (prec=8) -// */* => billing/payment-svc : ALLOW (prec=7) -// ::: ACL default policy ::: : DENY (prec=N/A) +// intern/trusted-app => billing/payment-svc : ALLOW (prec=9) +// intern/* => billing/payment-svc : DENY (prec=8) +// */* => billing/payment-svc : ALLOW (prec=7) +// ::: ACL default policy ::: : DENY (prec=N/A) // // In contrast, Envoy lets you either configure a filter to be based on an // allow-list or a deny-list based on the action attribute of the RBAC rules @@ -452,25 +452,25 @@ type rbacLocalInfo struct { // models. For clarity I’ll rewrite the earlier example intentions in an // abbreviated form: // -// A : ALLOW -// B : DENY -// C : ALLOW -// : DENY +// A : ALLOW +// B : DENY +// C : ALLOW +// : DENY // -// 1. Given that the overall intention default is set to deny, we start by -// choosing to build an allow-list in Envoy (this is also the variant that I find -// easier to think about). -// 2. Next we traverse the list in precedence order (top down) and any DENY -// intentions are combined with later intentions using logical operations. -// 3. Now that all of the intentions result in the same action (allow) we have -// successfully removed precedence and we can express this in as a set of Envoy -// RBAC policies. +// 1. Given that the overall intention default is set to deny, we start by +// choosing to build an allow-list in Envoy (this is also the variant that I find +// easier to think about). +// 2. Next we traverse the list in precedence order (top down) and any DENY +// intentions are combined with later intentions using logical operations. +// 3. Now that all of the intentions result in the same action (allow) we have +// successfully removed precedence and we can express this in as a set of Envoy +// RBAC policies. // // After this the earlier A/B/C/default list becomes: // -// A : ALLOW -// C AND NOT(B) : ALLOW -// : DENY +// A : ALLOW +// C AND NOT(B) : ALLOW +// : DENY // // Which really is just an allow-list of [A, C AND NOT(B)] func makeRBACRules( diff --git a/api/acl_test.go b/api/acl_test.go index 6177a5c3ffd2c..7f73e5b73d8e6 100644 --- a/api/acl_test.go +++ b/api/acl_test.go @@ -538,7 +538,6 @@ func TestAPI_ACLToken_Clone(t *testing.T) { require.Equal(t, cloned, read) } -// func TestAPI_AuthMethod_List(t *testing.T) { t.Parallel() c, s := makeACLClient(t) diff --git a/api/go.mod b/api/go.mod index 61eedbd2bc29f..f9dc529e6bc12 100644 --- a/api/go.mod +++ b/api/go.mod @@ -5,15 +5,10 @@ go 1.12 replace github.com/hashicorp/consul/sdk => ../sdk require ( - github.com/armon/go-metrics v0.3.10 // indirect - github.com/google/btree v1.0.0 // indirect github.com/google/go-cmp v0.5.7 github.com/hashicorp/consul/sdk v0.11.0 github.com/hashicorp/go-cleanhttp v0.5.1 - github.com/hashicorp/go-hclog v0.14.1 - github.com/hashicorp/go-immutable-radix v1.3.0 // indirect - github.com/hashicorp/go-msgpack v0.5.5 // indirect - github.com/hashicorp/go-multierror v1.1.1 // indirect + github.com/hashicorp/go-hclog v0.12.0 github.com/hashicorp/go-rootcerts v1.0.2 github.com/hashicorp/go-sockaddr v1.0.2 // indirect github.com/hashicorp/go-uuid v1.0.2 diff --git a/api/go.sum b/api/go.sum index 5c271b27b3c27..d2583d1c7a48d 100644 --- a/api/go.sum +++ b/api/go.sum @@ -1,21 +1,9 @@ -github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= +github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da h1:8GUt8eRujhVEGZFFEjBj46YV4rDjvGrNxb0KMWYkL2I= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= -github.com/armon/go-metrics v0.3.10 h1:FR+drcQStOe+32sYyJYyZ7FIdgoGGBnwLl+flodp8Uo= -github.com/armon/go-metrics v0.3.10/go.mod h1:4O98XIr/9W0sxpJ8UaYkvjk10Iff7SnFrb4QAOwNTFc= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= -github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -23,42 +11,23 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0 h1:8xPHl4/q1VyqGIPif1F+1V3Y3lSmrq01EabUW3CoW5s= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= -github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= -github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c h1:964Od4U6p2jUkFxvCydnIczKteheJEzHRToSGK3Bnlw= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-hclog v0.12.0 h1:d4QkX8FRTYaKaCZBoXYY8zJX2BXjWxurN/GA2tkrmZM= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= -github.com/hashicorp/go-hclog v0.14.1 h1:nQcJDQwIAGnmoUWp8ubocEX40cCml/17YkF6csQLReU= -github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-immutable-radix v1.0.0 h1:AKDB1HM5PWEA7i4nhcpwOrO2byshxBjXVn/J/3+z5/0= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-immutable-radix v1.3.0 h1:8exGP7ego3OmkfksihtSouGMZ+hQrhxx+FVELeXpVPE= -github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-msgpack v0.5.3 h1:zKjpN5BK/P5lMYrLmBHdBULWbJ0XpYR+7NGzqkZzoD4= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI= -github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-multierror v1.1.0 h1:B9UzwGQJehnUY1yNrnwREHc3fGbC2xefo8g4TbElacI= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= -github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= -github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= @@ -78,12 +47,6 @@ github.com/hashicorp/memberlist v0.5.0 h1:EtYPN8DpAURiapus508I4n9CzHs2W+8NZGbmmR github.com/hashicorp/memberlist v0.5.0/go.mod h1:yvyXLpo0QaGE59Y7hDTsTzDD25JYBZ4mHgHUZ8lrOI0= github.com/hashicorp/serf v0.10.1 h1:Z1H2J60yRKvfDYAOZLd2MU0ND4AH/WDz7xYHDWQsIPY= github.com/hashicorp/serf v0.10.1/go.mod h1:yL2t6BqATOLGc5HF7qbFkTfXoPIY0WZdWHfEvMqbG+4= -github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= @@ -101,7 +64,6 @@ github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcME github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41 h1:WMszZWJG0XmzbK9FEmzH2TVcqYzFesusSIB41b8KHxY= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= @@ -113,15 +75,8 @@ github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUb github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c h1:Lgl0gzECD8GnQ5QCWA8o6BtfL6mDH5rQgM4/fX3avOs= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= -github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -129,62 +84,36 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= -github.com/prometheus/client_golang v1.4.0/go.mod h1:e9GMxYsXl05ICDXkRhurwBS4Q3OK1iX/F2sw+iXX5zU= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= -github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= -github.com/prometheus/common v0.9.1/go.mod h1:yhUN8i9wzaXS3w1O07YhxHEBxD+W35wd8bs7vj7HSQ4= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= -github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= -github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= +github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.1.1 h1:2vfRuCMp5sSVIDSqO8oNnWJq7mPa6KVP3iPIwFBuy8A= -github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= golang.org/x/net v0.0.0-20211216030914-fe4d6282115f h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM= golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210303074136-134d130e1a04/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -204,14 +133,10 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/api/peering.go b/api/peering.go index 8748b63fcc110..e77a74f089b78 100644 --- a/api/peering.go +++ b/api/peering.go @@ -103,10 +103,6 @@ type PeeringGenerateTokenRequest struct { Partition string `json:",omitempty"` // Meta is a mapping of some string value to any other string value Meta map[string]string `json:",omitempty"` - // ServerExternalAddresses is a list of addresses to put into the generated token. This could be used to specify - // load balancer(s) or external IPs to reach the servers from the dialing side, and will override any server - // addresses obtained from the "consul" service. - ServerExternalAddresses []string `json:",omitempty"` } type PeeringGenerateTokenResponse struct { diff --git a/api/peering_test.go b/api/peering_test.go index 7a45397a445a4..3be26f896cd27 100644 --- a/api/peering_test.go +++ b/api/peering_test.go @@ -2,7 +2,6 @@ package api import ( "context" - "encoding/base64" "reflect" "testing" "time" @@ -225,35 +224,6 @@ func TestAPI_Peering_List(t *testing.T) { }) } -func TestAPI_Peering_GenerateToken_ExternalAddresses(t *testing.T) { - t.Parallel() - - c, s := makeClient(t) // this is "dc1" - defer s.Stop() - s.WaitForSerfCheck(t) - - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - defer cancel() - - externalAddress := "32.1.2.3:8502" - - // Generate a token happy path - p1 := PeeringGenerateTokenRequest{ - PeerName: "peer1", - Meta: map[string]string{"foo": "bar"}, - ServerExternalAddresses: []string{externalAddress}, - } - resp, wm, err := c.Peerings().GenerateToken(ctx, p1, nil) - require.NoError(t, err) - require.NotNil(t, wm) - require.NotNil(t, resp) - - tokenJSON, err := base64.StdEncoding.DecodeString(resp.PeeringToken) - require.NoError(t, err) - - require.Contains(t, string(tokenJSON), externalAddress) -} - // TestAPI_Peering_GenerateToken_Read_Establish_Delete tests the following use case: // a server creates a peering token, reads the token, then another server calls establish peering // finally, we delete the token on the first server diff --git a/api/watch/plan.go b/api/watch/plan.go index f3b7981fb0037..33557808ee208 100644 --- a/api/watch/plan.go +++ b/api/watch/plan.go @@ -8,8 +8,9 @@ import ( "reflect" "time" - consulapi "github.com/hashicorp/consul/api" "github.com/hashicorp/go-hclog" + + consulapi "github.com/hashicorp/consul/api" ) const ( @@ -133,7 +134,7 @@ OUTER: return nil } -//Deprecated: Use RunwithClientAndHclog +// Deprecated: Use RunwithClientAndHclog func (p *Plan) RunWithClientAndLogger(client *consulapi.Client, logger *log.Logger) error { p.client = client diff --git a/build-support/docker/Build-Go.dockerfile b/build-support/docker/Build-Go.dockerfile index 52512a1df448d..cd578b451b788 100644 --- a/build-support/docker/Build-Go.dockerfile +++ b/build-support/docker/Build-Go.dockerfile @@ -1,4 +1,4 @@ -ARG GOLANG_VERSION=1.18.1 +ARG GOLANG_VERSION=1.19.2 FROM golang:${GOLANG_VERSION} WORKDIR /consul diff --git a/command/acl/acl_helpers.go b/command/acl/acl_helpers.go index add5c930c558a..928290f1cd69d 100644 --- a/command/acl/acl_helpers.go +++ b/command/acl/acl_helpers.go @@ -239,14 +239,14 @@ func ExtractNodeIdentities(nodeIdents []string) ([]*api.ACLNodeIdentity, error) // TestKubernetesJWT_A is a valid service account jwt extracted from a minikube setup. // -// { -// "iss": "kubernetes/serviceaccount", -// "kubernetes.io/serviceaccount/namespace": "default", -// "kubernetes.io/serviceaccount/secret.name": "admin-token-qlz42", -// "kubernetes.io/serviceaccount/service-account.name": "admin", -// "kubernetes.io/serviceaccount/service-account.uid": "738bc251-6532-11e9-b67f-48e6c8b8ecb5", -// "sub": "system:serviceaccount:default:admin" -// } +// { +// "iss": "kubernetes/serviceaccount", +// "kubernetes.io/serviceaccount/namespace": "default", +// "kubernetes.io/serviceaccount/secret.name": "admin-token-qlz42", +// "kubernetes.io/serviceaccount/service-account.name": "admin", +// "kubernetes.io/serviceaccount/service-account.uid": "738bc251-6532-11e9-b67f-48e6c8b8ecb5", +// "sub": "system:serviceaccount:default:admin" +// } const TestKubernetesJWT_A = "eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImFkbWluLXRva2VuLXFsejQyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiNzM4YmMyNTEtNjUzMi0xMWU5LWI2N2YtNDhlNmM4YjhlY2I1Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6YWRtaW4ifQ.ixMlnWrAG7NVuTTKu8cdcYfM7gweS3jlKaEsIBNGOVEjPE7rtXtgMkAwjQTdYR08_0QBjkgzy5fQC5ZNyglSwONJ-bPaXGvhoH1cTnRi1dz9H_63CfqOCvQP1sbdkMeRxNTGVAyWZT76rXoCUIfHP4LY2I8aab0KN9FTIcgZRF0XPTtT70UwGIrSmRpxW38zjiy2ymWL01cc5VWGhJqVysmWmYk3wNp0h5N57H_MOrz4apQR4pKaamzskzjLxO55gpbmZFC76qWuUdexAR7DT2fpbHLOw90atN_NlLMY-VrXyW3-Ei5EhYaVreMB9PSpKwkrA4jULITohV-sxpa1LA" // TestKubernetesJWT_B is a valid service account jwt extracted from a minikube setup. diff --git a/command/connect/envoy/bootstrap_tpl.go b/command/connect/envoy/bootstrap_tpl.go index afb56eb777b8c..92a0a614ec6a0 100644 --- a/command/connect/envoy/bootstrap_tpl.go +++ b/command/connect/envoy/bootstrap_tpl.go @@ -111,10 +111,21 @@ type BootstrapTplArgs struct { // the envoy_prometheus_bind_addr listener. PrometheusScrapePath string - PrometheusCAFile string - PrometheusCAPath string + // PrometheusCAFile is the path to a CA file for Envoy to use when serving TLS on the Prometheius metrics + // endpoint. Only applicable when envoy_prometheus_bind_addr is set in the proxy config. + PrometheusCAFile string + + // PrometheusCAPath is the path to a directory of CA certificates for Envoy to use when serving the Prometheus + // metrics endpoint. Only applicable when envoy_prometheus_bind_addr is set in the proxy config. + PrometheusCAPath string + + // PrometheusCertFile is the path to a certificate file for Envoy to use when serving TLS on the Prometheus + // metrics endpoint. Only applicable when envoy_prometheus_bind_addr is set in the proxy config. PrometheusCertFile string - PrometheusKeyFile string + + // PrometheusKeyFile is the path to a private key file Envoy to use when serving TLS on the Prometheus metrics + // endpoint. Only applicable when envoy_prometheus_bind_addr is set in the proxy config. + PrometheusKeyFile string } // GRPC settings used in the bootstrap template. diff --git a/command/connect/proxy/register.go b/command/connect/proxy/register.go index f554719454c6b..62110d9e3ae08 100644 --- a/command/connect/proxy/register.go +++ b/command/connect/proxy/register.go @@ -6,8 +6,9 @@ import ( "sync" "time" - "github.com/hashicorp/consul/api" "github.com/hashicorp/go-hclog" + + "github.com/hashicorp/consul/api" ) const ( @@ -69,11 +70,10 @@ type RegisterMonitor struct { // // This is a basic state machine with the following transitions: // -// * idle => running, stopped -// * running => stopping, stopped -// * stopping => stopped -// * stopped => <> -// +// - idle => running, stopped +// - running => stopping, stopped +// - stopping => stopped +// - stopped => <> type registerRunState uint8 const ( diff --git a/command/connect/redirecttraffic/redirect_traffic.go b/command/connect/redirecttraffic/redirect_traffic.go index 277c12f692043..8b979251fe786 100644 --- a/command/connect/redirecttraffic/redirect_traffic.go +++ b/command/connect/redirecttraffic/redirect_traffic.go @@ -38,6 +38,7 @@ type cmd struct { // Flags. nodeName string consulDNSIP string + consulDNSPort int proxyUID string proxyID string proxyInboundPort int @@ -55,6 +56,7 @@ func (c *cmd) init() { c.flags.StringVar(&c.nodeName, "node-name", "", "The node name where the proxy service is registered. It requires proxy-id to be specified. This is needed if running in an environment without client agents.") c.flags.StringVar(&c.consulDNSIP, "consul-dns-ip", "", "IP used to reach Consul DNS. If provided, DNS queries will be redirected to Consul.") + c.flags.IntVar(&c.consulDNSPort, "consul-dns-port", 0, "Port used to reach Consul DNS. If provided, DNS queries will be redirected to Consul.") c.flags.StringVar(&c.proxyUID, "proxy-uid", "", "The user ID of the proxy to exclude from traffic redirection.") c.flags.StringVar(&c.proxyID, "proxy-id", "", "The service ID of the proxy service registered with Consul.") c.flags.IntVar(&c.proxyInboundPort, "proxy-inbound-port", 0, "The inbound port that the proxy is listening on.") @@ -136,6 +138,7 @@ type trafficRedirectProxyConfig struct { func (c *cmd) generateConfigFromFlags() (iptables.Config, error) { cfg := iptables.Config{ ConsulDNSIP: c.consulDNSIP, + ConsulDNSPort: c.consulDNSPort, ProxyUserID: c.proxyUID, ProxyInboundPort: c.proxyInboundPort, ProxyOutboundPort: c.proxyOutboundPort, diff --git a/command/connect/redirecttraffic/redirect_traffic_test.go b/command/connect/redirecttraffic/redirect_traffic_test.go index d31b0cffea78b..f592d4c739dea 100644 --- a/command/connect/redirecttraffic/redirect_traffic_test.go +++ b/command/connect/redirecttraffic/redirect_traffic_test.go @@ -128,13 +128,14 @@ func TestGenerateConfigFromFlags(t *testing.T) { }, }, { - name: "proxyID with Consul DNS IP provided", + name: "proxyID with Consul DNS IP and port provided", command: func() cmd { var c cmd c.init() c.proxyUID = "1234" c.proxyID = "test-proxy-id" c.consulDNSIP = "10.0.34.16" + c.consulDNSPort = 8600 return c }, consulServices: []api.AgentServiceRegistration{ @@ -151,6 +152,7 @@ func TestGenerateConfigFromFlags(t *testing.T) { }, expCfg: iptables.Config{ ConsulDNSIP: "10.0.34.16", + ConsulDNSPort: 8600, ProxyUserID: "1234", ProxyInboundPort: 20000, ProxyOutboundPort: iptables.DefaultTProxyOutboundPort, diff --git a/command/helpers/decode_shim.go b/command/helpers/decode_shim.go index e7465ed8107b9..b9153dc180063 100644 --- a/command/helpers/decode_shim.go +++ b/command/helpers/decode_shim.go @@ -15,37 +15,37 @@ import ( // // hcl.Decode-s into: // -// map[string]interface {}{ -// "sub":[]map[string]interface {}{ -// map[string]interface {}{ -// "v1":[]map[string]interface {}{ -// map[string]interface {}{ -// "field":"value1" -// } -// } -// }, -// map[string]interface {}{ -// "v2":[]map[string]interface {}{ -// map[string]interface {}{ -// "field":"value2" -// } -// } -// } -// } -// } +// map[string]interface {}{ +// "sub":[]map[string]interface {}{ +// map[string]interface {}{ +// "v1":[]map[string]interface {}{ +// map[string]interface {}{ +// "field":"value1" +// } +// } +// }, +// map[string]interface {}{ +// "v2":[]map[string]interface {}{ +// map[string]interface {}{ +// "field":"value2" +// } +// } +// } +// } +// } // // but json.Unmarshal-s into the more expected: // -// map[string]interface {}{ -// "sub":map[string]interface {}{ -// "v1":map[string]interface {}{ -// "field":"value1" -// }, -// "v2":map[string]interface {}{ -// "field":"value2" -// } -// } -// } +// map[string]interface {}{ +// "sub":map[string]interface {}{ +// "v1":map[string]interface {}{ +// "field":"value1" +// }, +// "v2":map[string]interface {}{ +// "field":"value2" +// } +// } +// } // // The strange part is that the following HCL: // @@ -53,22 +53,22 @@ import ( // // hcl.Decode-s into: // -// map[string]interface {}{ -// "sub":[]map[string]interface {}{ -// map[string]interface {}{ -// "v1":[]map[string]interface {}{ -// map[string]interface {}{ -// "field":"value1" -// } -// }, -// "v2":[]map[string]interface {}{ -// map[string]interface {}{ -// "field":"value2" -// } -// } -// } -// } -// } +// map[string]interface {}{ +// "sub":[]map[string]interface {}{ +// map[string]interface {}{ +// "v1":[]map[string]interface {}{ +// map[string]interface {}{ +// "field":"value1" +// } +// }, +// "v2":[]map[string]interface {}{ +// map[string]interface {}{ +// "field":"value2" +// } +// } +// } +// } +// } // // Which is the "correct" value assuming you did the patch-slice-of-maps correction. // diff --git a/command/peering/generate/generate.go b/command/peering/generate/generate.go index cbbb230098ef0..bdfbabe00f69d 100644 --- a/command/peering/generate/generate.go +++ b/command/peering/generate/generate.go @@ -41,12 +41,6 @@ func (c *cmd) init() { "Metadata to associate with the peering, formatted as key=value. This flag "+ "may be specified multiple times to set multiple metadata fields.") - c.flags.Var((*flags.AppendSliceValue)(&c.externalAddresses), "server-external-addresses", - "A list of addresses to put into the generated token, formatted as a comma-separate list. "+ - "Addresses are the form of :port. "+ - "This could be used to specify load balancer(s) or external IPs to reach the servers from "+ - "the dialing side, and will override any server addresses obtained from the \"consul\" service.") - c.flags.StringVar( &c.format, "format", @@ -84,10 +78,9 @@ func (c *cmd) Run(args []string) int { peerings := client.Peerings() req := api.PeeringGenerateTokenRequest{ - PeerName: c.name, - Partition: c.http.Partition(), - Meta: c.meta, - ServerExternalAddresses: c.externalAddresses, + PeerName: c.name, + Partition: c.http.Partition(), + Meta: c.meta, } res, _, err := peerings.GenerateToken(context.Background(), req, &api.WriteOptions{}) diff --git a/command/peering/generate/generate_test.go b/command/peering/generate/generate_test.go index b23d664d84f3e..8449b3eb09116 100644 --- a/command/peering/generate/generate_test.go +++ b/command/peering/generate/generate_test.go @@ -88,7 +88,6 @@ func TestGenerateCommand(t *testing.T) { args := []string{ "-http-addr=" + a.HTTPAddr(), "-name=bar", - "-server-external-addresses=1.2.3.4,5.6.7.8", "-meta=env=production", "-meta=region=us-east-1", } @@ -99,10 +98,6 @@ func TestGenerateCommand(t *testing.T) { require.NoError(t, err, "error decoding token") require.Contains(t, string(token), "\"ServerName\":\"server.dc1.peering.11111111-2222-3333-4444-555555555555.consul\"") - // ServerExternalAddresses - require.Contains(t, string(token), "1.2.3.4") - require.Contains(t, string(token), "5.6.7.8") - // Meta peering, _, err := client.Peerings().Read(context.Background(), "bar", &api.QueryOptions{}) require.NoError(t, err) diff --git a/command/tls/ca/create/tls_ca_create_test.go b/command/tls/ca/create/tls_ca_create_test.go index 19c5fb965c99d..2f4ae544913ed 100644 --- a/command/tls/ca/create/tls_ca_create_test.go +++ b/command/tls/ca/create/tls_ca_create_test.go @@ -10,10 +10,11 @@ import ( "testing" "time" - "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/sdk/testutil" "github.com/mitchellh/cli" "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/sdk/testutil" ) func TestValidateCommand_noTabs(t *testing.T) { @@ -147,7 +148,7 @@ func expectFiles(t *testing.T, caPath, keyPath string) (*x509.Certificate, crypt // switchToTempDir is meant to be used in a defer statement like: // -// defer switchToTempDir(t, testDir)() +// defer switchToTempDir(t, testDir)() // // This exploits the fact that the body of a defer is evaluated // EXCEPT for the final function call invocation inline with the code diff --git a/command/tls/cert/create/tls_cert_create_test.go b/command/tls/cert/create/tls_cert_create_test.go index 78f75eb11d6f4..63f84c4eec814 100644 --- a/command/tls/cert/create/tls_cert_create_test.go +++ b/command/tls/cert/create/tls_cert_create_test.go @@ -10,11 +10,12 @@ import ( "strings" "testing" - "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/sdk/testutil" "github.com/mitchellh/cli" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/sdk/testutil" + caCreate "github.com/hashicorp/consul/command/tls/ca/create" ) @@ -285,7 +286,7 @@ func createCA(t *testing.T, domain string) { // switchToTempDir is meant to be used in a defer statement like: // -// defer switchToTempDir(t, testDir)() +// defer switchToTempDir(t, testDir)() // // This exploits the fact that the body of a defer is evaluated // EXCEPT for the final function call invocation inline with the code diff --git a/connect/certgen/certgen.go b/connect/certgen/certgen.go index 6767fd9753777..f47e2c4b42478 100644 --- a/connect/certgen/certgen.go +++ b/connect/certgen/certgen.go @@ -3,26 +3,26 @@ // // Example usage: // -// $ go run connect/certgen/certgen.go -out-dir /tmp/connect-certs +// $ go run connect/certgen/certgen.go -out-dir /tmp/connect-certs // // You can verify a given leaf with a given root using: // -// $ openssl verify -verbose -CAfile ca1-ca.cert.pem ca1-svc-db.cert.pem +// $ openssl verify -verbose -CAfile ca1-ca.cert.pem ca1-svc-db.cert.pem // // Note that to verify via the cross-signed intermediate, openssl requires it to // be bundled with the _root_ CA bundle and will ignore the cert if it's passed // with the subject. You can do that with: // -// $ openssl verify -verbose -CAfile \ -// <(cat ca1-ca.cert.pem ca2-xc-by-ca1.cert.pem) \ -// ca2-svc-db.cert.pem -// ca2-svc-db.cert.pem: OK +// $ openssl verify -verbose -CAfile \ +// <(cat ca1-ca.cert.pem ca2-xc-by-ca1.cert.pem) \ +// ca2-svc-db.cert.pem +// ca2-svc-db.cert.pem: OK // // Note that the same leaf and root without the intermediate should fail: // -// $ openssl verify -verbose -CAfile ca1-ca.cert.pem ca2-svc-db.cert.pem -// ca2-svc-db.cert.pem: CN = db -// error 20 at 0 depth lookup:unable to get local issuer certificate +// $ openssl verify -verbose -CAfile ca1-ca.cert.pem ca2-svc-db.cert.pem +// ca2-svc-db.cert.pem: CN = db +// error 20 at 0 depth lookup:unable to get local issuer certificate // // NOTE: THIS IS A QUIRK OF OPENSSL; in Connect we distribute the roots alone // and stable intermediates like the XC cert to the _leaf_. @@ -35,9 +35,10 @@ import ( "log" "os" + "github.com/mitchellh/go-testing-interface" + "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" - "github.com/mitchellh/go-testing-interface" ) func main() { diff --git a/connect/proxy/conn_test.go b/connect/proxy/conn_test.go index 2ca29fab5aff5..ab12ef96df8cd 100644 --- a/connect/proxy/conn_test.go +++ b/connect/proxy/conn_test.go @@ -49,7 +49,7 @@ func testConnPairSetup(t *testing.T) (net.Conn, net.Conn, func()) { // testConnPipelineSetup creates a pipeline consiting of two TCP connection // pairs and a Conn that copies bytes between them. Data flow looks like this: // -// src1 <---> dst1 <== Conn.CopyBytes ==> src2 <---> dst2 +// src1 <---> dst1 <== Conn.CopyBytes ==> src2 <---> dst2 // // The returned values are the src1 and dst2 which should be able to send and // receive to each other via the Conn, the Conn itself (not running), and a diff --git a/go.mod b/go.mod index b81aa8969b80d..89f7589312a5d 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul -go 1.18 +go 1.19 replace github.com/hashicorp/consul/api => ./api @@ -31,7 +31,7 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4 github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706 github.com/hashicorp/consul-net-rpc v0.0.0-20220307172752-3602954411b4 - github.com/hashicorp/consul/api v1.15.2 + github.com/hashicorp/consul/api v1.15.3 github.com/hashicorp/consul/proto-public v0.1.0 github.com/hashicorp/consul/sdk v0.11.0 github.com/hashicorp/go-bexpr v0.1.2 @@ -40,7 +40,7 @@ require ( github.com/hashicorp/go-connlimit v0.3.0 github.com/hashicorp/go-discover v0.0.0-20220411141802-20db45f7f0f9 github.com/hashicorp/go-hclog v1.2.1 - github.com/hashicorp/go-memdb v1.3.2 + github.com/hashicorp/go-memdb v1.3.4 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-raftchunking v0.6.2 github.com/hashicorp/go-sockaddr v1.0.2 diff --git a/go.sum b/go.sum index 3863c254d729f..36fa68acc852f 100644 --- a/go.sum +++ b/go.sum @@ -481,8 +481,8 @@ github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjh github.com/hashicorp/go-immutable-radix v1.3.0 h1:8exGP7ego3OmkfksihtSouGMZ+hQrhxx+FVELeXpVPE= github.com/hashicorp/go-immutable-radix v1.3.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= -github.com/hashicorp/go-memdb v1.3.2 h1:RBKHOsnSszpU6vxq80LzC2BaQjuuvoyaQbkLTf7V7g8= -github.com/hashicorp/go-memdb v1.3.2/go.mod h1:Mluclgwib3R93Hk5fxEfiRhB+6Dar64wWh71LpNSe3g= +github.com/hashicorp/go-memdb v1.3.4 h1:XSL3NR682X/cVk2IeV0d70N4DZ9ljI885xAEU8IoK3c= +github.com/hashicorp/go-memdb v1.3.4/go.mod h1:uBTr1oQbtuMgd1SSGoR8YV27eT3sBHbYiNm53bMpgSg= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v1.1.5 h1:9byZdVjKTe5mce63pRVNP1L7UAmdHOTEMGehn6KvJWs= diff --git a/internal/go-sso/oidcauth/oidcjwt.go b/internal/go-sso/oidcauth/oidcjwt.go index a2942ca7ed5e6..b2df662cd51dc 100644 --- a/internal/go-sso/oidcauth/oidcjwt.go +++ b/internal/go-sso/oidcauth/oidcjwt.go @@ -11,11 +11,12 @@ import ( "strconv" "strings" - "github.com/hashicorp/consul/internal/go-sso/oidcauth/internal/strutil" "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-hclog" "github.com/mitchellh/pointerstructure" "golang.org/x/oauth2" + + "github.com/hashicorp/consul/internal/go-sso/oidcauth/internal/strutil" ) func contextWithHttpClient(ctx context.Context, client *http.Client) context.Context { @@ -63,11 +64,11 @@ func (a *Authenticator) extractClaims(allClaims map[string]interface{}) (*Claims // claims and claims mappings. The referenced claims must be strings and the // claims mappings must be of the structure: // -// { -// "/some/claim/pointer": "metadata_key1", -// "another_claim": "metadata_key2", -// ... -// } +// { +// "/some/claim/pointer": "metadata_key1", +// "another_claim": "metadata_key2", +// ... +// } func extractStringMetadata(logger hclog.Logger, allClaims map[string]interface{}, claimMappings map[string]string) (map[string]string, error) { metadata := make(map[string]string) for source, target := range claimMappings { @@ -90,11 +91,11 @@ func extractStringMetadata(logger hclog.Logger, allClaims map[string]interface{} // of claims and claims mappings. The referenced claims must be strings and // the claims mappings must be of the structure: // -// { -// "/some/claim/pointer": "metadata_key1", -// "another_claim": "metadata_key2", -// ... -// } +// { +// "/some/claim/pointer": "metadata_key1", +// "another_claim": "metadata_key2", +// ... +// } func extractListMetadata(logger hclog.Logger, allClaims map[string]interface{}, listClaimMappings map[string]string) (map[string][]string, error) { out := make(map[string][]string) for source, target := range listClaimMappings { diff --git a/internal/tools/proto-gen-rpc-glue/main.go b/internal/tools/proto-gen-rpc-glue/main.go index a2df2ab8960a4..f66118cfc6050 100644 --- a/internal/tools/proto-gen-rpc-glue/main.go +++ b/internal/tools/proto-gen-rpc-glue/main.go @@ -515,12 +515,6 @@ func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a t return time.Since(start) > rpcHoldTimeout, nil } -// Timeout implements structs.RPCInfo -func (msg *%[1]s) Timeout(rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) time.Duration { - // TODO(peering): figure out read semantics here - return rpcHoldTimeout -} - // SetTokenSecret implements structs.RPCInfo func (msg *%[1]s) SetTokenSecret(s string) { // TODO(peering): figure out read semantics here @@ -558,12 +552,6 @@ func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a t return time.Since(start) > rpcHoldTimeout, nil } -// Timeout implements structs.RPCInfo -func (msg *%[1]s) Timeout(rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) time.Duration { - // TODO(peering): figure out write semantics here - return rpcHoldTimeout -} - // SetTokenSecret implements structs.RPCInfo func (msg *%[1]s) SetTokenSecret(s string) { // TODO(peering): figure out write semantics here @@ -615,14 +603,6 @@ func (msg *%[1]s) HasTimedOut(start time.Time, rpcHoldTimeout time.Duration, a t return msg.%[2]s.HasTimedOut(start, rpcHoldTimeout, a, b) } -// Timeout implements structs.RPCInfo -func (msg *%[1]s) Timeout(rpcHoldTimeout time.Duration, a time.Duration, b time.Duration) time.Duration { - if msg == nil || msg.%[2]s == nil { - return 0 - } - return msg.%[2]s.Timeout(rpcHoldTimeout, a, b) -} - // SetTokenSecret implements structs.RPCInfo func (msg *%[1]s) SetTokenSecret(s string) { // TODO: initialize if nil diff --git a/lib/decode/decode.go b/lib/decode/decode.go index 0461962c3c142..f47b5a4bc368c 100644 --- a/lib/decode/decode.go +++ b/lib/decode/decode.go @@ -19,7 +19,8 @@ import ( // Aliases must be lowercase, as keys are compared case-insensitive. // // Example alias tag: -// MyField []string `alias:"old_field_name,otherfieldname"` +// +// MyField []string `alias:"old_field_name,otherfieldname"` // // This hook should ONLY be used to maintain backwards compatibility with // deprecated keys. For new structures use mapstructure struct tags to set the @@ -143,7 +144,7 @@ type mapstructureFieldTags struct { // the target is a slice. This is necessary because this hook would have converted // the initial slices into single values on the first pass. // -// Background +// # Background // // HCL allows for repeated blocks which forces it to store structures // as []map[string]interface{} instead of map[string]interface{}. This is an diff --git a/lib/map_walker.go b/lib/map_walker.go index ca103806d46f1..8a2929098f10d 100644 --- a/lib/map_walker.go +++ b/lib/map_walker.go @@ -47,12 +47,11 @@ var typByteSlice = reflect.TypeOf([]byte{}) // // In particular we're looking to replace two cases the msgpack codec causes: // -// 1.) String values get turned into byte slices. JSON will base64-encode -// this and we don't want that, so we convert them back to strings. -// -// 2.) Nested maps turn into map[interface{}]interface{}. JSON cannot -// encode this, so we need to turn it back into map[string]interface{}. +// 1.) String values get turned into byte slices. JSON will base64-encode +// this and we don't want that, so we convert them back to strings. // +// 2.) Nested maps turn into map[interface{}]interface{}. JSON cannot +// encode this, so we need to turn it back into map[string]interface{}. type mapWalker struct { lastValue reflect.Value // lastValue of map, required for replacement loc, lastLoc reflectwalk.Location // locations diff --git a/lib/routine/routine.go b/lib/routine/routine.go index cf1ab1c0d918b..4b7277ff996ea 100644 --- a/lib/routine/routine.go +++ b/lib/routine/routine.go @@ -12,7 +12,7 @@ type Routine func(ctx context.Context) error // cancelCh is the ctx.Done() // When cancel() is called, if the routine is running a blocking call (e.g. some ACL replication RPCs), -// stoppedCh won't be closed till the blocking call returns, while cancelCh will be closed immediately. +// stoppedCh won't be closed till the blocking call returns, while cancelCh will be closed immediately. // cancelCh is used to properly detect routine running status between cancel() and close(stoppedCh) type routineTracker struct { cancel context.CancelFunc @@ -110,9 +110,9 @@ func (m *Manager) execute(ctx context.Context, name string, routine Routine, don } // Caveat: The returned stoppedCh indicates that the routine is completed -// It's possible that ctx is canceled, but stoppedCh not yet closed -// Use mgr.IsRunning(name) than this stoppedCh to tell whether the -// instance is still running (not cancelled or completed). +// It's possible that ctx is canceled, but stoppedCh not yet closed +// Use mgr.IsRunning(name) than this stoppedCh to tell whether the +// instance is still running (not cancelled or completed). func (m *Manager) Stop(name string) <-chan struct{} { instance := m.stopInstance(name) if instance == nil { diff --git a/lib/translate.go b/lib/translate.go index 815dd73a439db..3404039a6e5a2 100644 --- a/lib/translate.go +++ b/lib/translate.go @@ -12,7 +12,7 @@ import ( // // Example: // -// m = TranslateKeys(m, map[string]string{"snake_case": "CamelCase"}) +// m = TranslateKeys(m, map[string]string{"snake_case": "CamelCase"}) // // If the canonical string provided is the empty string, the effect is to stop // recursing into any key matching the left hand side. In this case the left @@ -27,13 +27,14 @@ import ( // where the clash with key names in other parts of the definition :sob: // // Example: -// m - TranslateKeys(m, map[string]string{ -// "foo_bar": "FooBar", -// "widget.config": "", -// // Assume widgets is an array, this will prevent recursing into any -// // item's config field -// "widgets.config": "", -// }) +// +// m - TranslateKeys(m, map[string]string{ +// "foo_bar": "FooBar", +// "widget.config": "", +// // Assume widgets is an array, this will prevent recursing into any +// // item's config field +// "widgets.config": "", +// }) // // Deprecated: Use lib/decode.HookTranslateKeys instead. func TranslateKeys(v map[string]interface{}, dict map[string]string) { diff --git a/logging/logfile.go b/logging/logfile.go index 153473482ff3d..fbd1d2b707071 100644 --- a/logging/logfile.go +++ b/logging/logfile.go @@ -15,7 +15,7 @@ var ( now = time.Now ) -//LogFile is used to setup a file based logger that also performs log rotation +// LogFile is used to setup a file based logger that also performs log rotation type LogFile struct { //Name of the log file fileName string diff --git a/proto-public/pbdataplane/dataplane.pb.go b/proto-public/pbdataplane/dataplane.pb.go index 8e8a1000f2534..5cbf59261a023 100644 --- a/proto-public/pbdataplane/dataplane.pb.go +++ b/proto-public/pbdataplane/dataplane.pb.go @@ -296,6 +296,7 @@ type GetEnvoyBootstrapParamsRequest struct { unknownFields protoimpl.UnknownFields // Types that are assignable to NodeSpec: + // // *GetEnvoyBootstrapParamsRequest_NodeId // *GetEnvoyBootstrapParamsRequest_NodeName NodeSpec isGetEnvoyBootstrapParamsRequest_NodeSpec `protobuf_oneof:"node_spec"` diff --git a/proto/pbconfigentry/config_entry.gen.go b/proto/pbconfigentry/config_entry.gen.go index bfdce5e5c0e80..a2386d5158c4e 100644 --- a/proto/pbconfigentry/config_entry.gen.go +++ b/proto/pbconfigentry/config_entry.gen.go @@ -20,6 +20,70 @@ func CookieConfigFromStructs(t *structs.CookieConfig, s *CookieConfig) { s.TTL = structs.DurationToProto(t.TTL) s.Path = t.Path } +func DestinationConfigToStructs(s *DestinationConfig, t *structs.DestinationConfig) { + if s == nil { + return + } + t.Addresses = s.Addresses + t.Port = int(s.Port) +} +func DestinationConfigFromStructs(t *structs.DestinationConfig, s *DestinationConfig) { + if s == nil { + return + } + s.Addresses = t.Addresses + s.Port = int32(t.Port) +} +func ExposeConfigToStructs(s *ExposeConfig, t *structs.ExposeConfig) { + if s == nil { + return + } + t.Checks = s.Checks + { + t.Paths = make([]structs.ExposePath, len(s.Paths)) + for i := range s.Paths { + if s.Paths[i] != nil { + ExposePathToStructs(s.Paths[i], &t.Paths[i]) + } + } + } +} +func ExposeConfigFromStructs(t *structs.ExposeConfig, s *ExposeConfig) { + if s == nil { + return + } + s.Checks = t.Checks + { + s.Paths = make([]*ExposePath, len(t.Paths)) + for i := range t.Paths { + { + var x ExposePath + ExposePathFromStructs(&t.Paths[i], &x) + s.Paths[i] = &x + } + } + } +} +func ExposePathToStructs(s *ExposePath, t *structs.ExposePath) { + if s == nil { + return + } + t.ListenerPort = int(s.ListenerPort) + t.Path = s.Path + t.LocalPathPort = int(s.LocalPathPort) + t.Protocol = s.Protocol + t.ParsedFromCheck = s.ParsedFromCheck +} +func ExposePathFromStructs(t *structs.ExposePath, s *ExposePath) { + if s == nil { + return + } + s.ListenerPort = int32(t.ListenerPort) + s.Path = t.Path + s.LocalPathPort = int32(t.LocalPathPort) + s.Protocol = t.Protocol + s.ParsedFromCheck = t.ParsedFromCheck +} func GatewayServiceTLSConfigToStructs(s *GatewayServiceTLSConfig, t *structs.GatewayServiceTLSConfig) { if s == nil { return @@ -496,6 +560,18 @@ func MeshDirectionalTLSConfigFromStructs(t *structs.MeshDirectionalTLSConfig, s s.TLSMaxVersion = tlsVersionFromStructs(t.TLSMaxVersion) s.CipherSuites = cipherSuitesFromStructs(t.CipherSuites) } +func MeshGatewayConfigToStructs(s *MeshGatewayConfig, t *structs.MeshGatewayConfig) { + if s == nil { + return + } + t.Mode = meshGatewayModeToStructs(s.Mode) +} +func MeshGatewayConfigFromStructs(t *structs.MeshGatewayConfig, s *MeshGatewayConfig) { + if s == nil { + return + } + s.Mode = meshGatewayModeFromStructs(t.Mode) +} func MeshHTTPConfigToStructs(s *MeshHTTPConfig, t *structs.MeshHTTPConfig) { if s == nil { return @@ -538,6 +614,22 @@ func MeshTLSConfigFromStructs(t *structs.MeshTLSConfig, s *MeshTLSConfig) { s.Outgoing = &x } } +func PassiveHealthCheckToStructs(s *PassiveHealthCheck, t *structs.PassiveHealthCheck) { + if s == nil { + return + } + t.Interval = structs.DurationFromProto(s.Interval) + t.MaxFailures = s.MaxFailures + t.EnforcingConsecutive5xx = pointerToUint32FromUint32(s.EnforcingConsecutive5Xx) +} +func PassiveHealthCheckFromStructs(t *structs.PassiveHealthCheck, s *PassiveHealthCheck) { + if s == nil { + return + } + s.Interval = structs.DurationToProto(t.Interval) + s.MaxFailures = t.MaxFailures + s.EnforcingConsecutive5Xx = uint32FromPointerToUint32(t.EnforcingConsecutive5xx) +} func PeeringMeshConfigToStructs(s *PeeringMeshConfig, t *structs.PeeringMeshConfig) { if s == nil { return @@ -564,6 +656,76 @@ func RingHashConfigFromStructs(t *structs.RingHashConfig, s *RingHashConfig) { s.MinimumRingSize = t.MinimumRingSize s.MaximumRingSize = t.MaximumRingSize } +func ServiceDefaultsToStructs(s *ServiceDefaults, t *structs.ServiceConfigEntry) { + if s == nil { + return + } + t.Protocol = s.Protocol + t.Mode = proxyModeToStructs(s.Mode) + if s.TransparentProxy != nil { + TransparentProxyConfigToStructs(s.TransparentProxy, &t.TransparentProxy) + } + if s.MeshGateway != nil { + MeshGatewayConfigToStructs(s.MeshGateway, &t.MeshGateway) + } + if s.Expose != nil { + ExposeConfigToStructs(s.Expose, &t.Expose) + } + t.ExternalSNI = s.ExternalSNI + if s.UpstreamConfig != nil { + var x structs.UpstreamConfiguration + UpstreamConfigurationToStructs(s.UpstreamConfig, &x) + t.UpstreamConfig = &x + } + if s.Destination != nil { + var x structs.DestinationConfig + DestinationConfigToStructs(s.Destination, &x) + t.Destination = &x + } + t.MaxInboundConnections = int(s.MaxInboundConnections) + t.LocalConnectTimeoutMs = int(s.LocalConnectTimeoutMs) + t.LocalRequestTimeoutMs = int(s.LocalRequestTimeoutMs) + t.BalanceInboundConnections = s.BalanceInboundConnections + t.Meta = s.Meta +} +func ServiceDefaultsFromStructs(t *structs.ServiceConfigEntry, s *ServiceDefaults) { + if s == nil { + return + } + s.Protocol = t.Protocol + s.Mode = proxyModeFromStructs(t.Mode) + { + var x TransparentProxyConfig + TransparentProxyConfigFromStructs(&t.TransparentProxy, &x) + s.TransparentProxy = &x + } + { + var x MeshGatewayConfig + MeshGatewayConfigFromStructs(&t.MeshGateway, &x) + s.MeshGateway = &x + } + { + var x ExposeConfig + ExposeConfigFromStructs(&t.Expose, &x) + s.Expose = &x + } + s.ExternalSNI = t.ExternalSNI + if t.UpstreamConfig != nil { + var x UpstreamConfiguration + UpstreamConfigurationFromStructs(t.UpstreamConfig, &x) + s.UpstreamConfig = &x + } + if t.Destination != nil { + var x DestinationConfig + DestinationConfigFromStructs(t.Destination, &x) + s.Destination = &x + } + s.MaxInboundConnections = int32(t.MaxInboundConnections) + s.LocalConnectTimeoutMs = int32(t.LocalConnectTimeoutMs) + s.LocalRequestTimeoutMs = int32(t.LocalRequestTimeoutMs) + s.BalanceInboundConnections = t.BalanceInboundConnections + s.Meta = t.Meta +} func ServiceIntentionsToStructs(s *ServiceIntentions, t *structs.ServiceIntentionsConfigEntry) { if s == nil { return @@ -822,6 +984,20 @@ func SourceIntentionFromStructs(t *structs.SourceIntention, s *SourceIntention) s.EnterpriseMeta = enterpriseMetaFromStructs(t.EnterpriseMeta) s.Peer = t.Peer } +func TransparentProxyConfigToStructs(s *TransparentProxyConfig, t *structs.TransparentProxyConfig) { + if s == nil { + return + } + t.OutboundListenerPort = int(s.OutboundListenerPort) + t.DialedDirectly = s.DialedDirectly +} +func TransparentProxyConfigFromStructs(t *structs.TransparentProxyConfig, s *TransparentProxyConfig) { + if s == nil { + return + } + s.OutboundListenerPort = int32(t.OutboundListenerPort) + s.DialedDirectly = t.DialedDirectly +} func TransparentProxyMeshConfigToStructs(s *TransparentProxyMeshConfig, t *structs.TransparentProxyMeshConfig) { if s == nil { return @@ -834,3 +1010,111 @@ func TransparentProxyMeshConfigFromStructs(t *structs.TransparentProxyMeshConfig } s.MeshDestinationsOnly = t.MeshDestinationsOnly } +func UpstreamConfigToStructs(s *UpstreamConfig, t *structs.UpstreamConfig) { + if s == nil { + return + } + t.Name = s.Name + t.EnterpriseMeta = enterpriseMetaToStructs(s.EnterpriseMeta) + t.EnvoyListenerJSON = s.EnvoyListenerJSON + t.EnvoyClusterJSON = s.EnvoyClusterJSON + t.Protocol = s.Protocol + t.ConnectTimeoutMs = int(s.ConnectTimeoutMs) + if s.Limits != nil { + var x structs.UpstreamLimits + UpstreamLimitsToStructs(s.Limits, &x) + t.Limits = &x + } + if s.PassiveHealthCheck != nil { + var x structs.PassiveHealthCheck + PassiveHealthCheckToStructs(s.PassiveHealthCheck, &x) + t.PassiveHealthCheck = &x + } + if s.MeshGateway != nil { + MeshGatewayConfigToStructs(s.MeshGateway, &t.MeshGateway) + } + t.BalanceOutboundConnections = s.BalanceOutboundConnections +} +func UpstreamConfigFromStructs(t *structs.UpstreamConfig, s *UpstreamConfig) { + if s == nil { + return + } + s.Name = t.Name + s.EnterpriseMeta = enterpriseMetaFromStructs(t.EnterpriseMeta) + s.EnvoyListenerJSON = t.EnvoyListenerJSON + s.EnvoyClusterJSON = t.EnvoyClusterJSON + s.Protocol = t.Protocol + s.ConnectTimeoutMs = int32(t.ConnectTimeoutMs) + if t.Limits != nil { + var x UpstreamLimits + UpstreamLimitsFromStructs(t.Limits, &x) + s.Limits = &x + } + if t.PassiveHealthCheck != nil { + var x PassiveHealthCheck + PassiveHealthCheckFromStructs(t.PassiveHealthCheck, &x) + s.PassiveHealthCheck = &x + } + { + var x MeshGatewayConfig + MeshGatewayConfigFromStructs(&t.MeshGateway, &x) + s.MeshGateway = &x + } + s.BalanceOutboundConnections = t.BalanceOutboundConnections +} +func UpstreamConfigurationToStructs(s *UpstreamConfiguration, t *structs.UpstreamConfiguration) { + if s == nil { + return + } + { + t.Overrides = make([]*structs.UpstreamConfig, len(s.Overrides)) + for i := range s.Overrides { + if s.Overrides[i] != nil { + var x structs.UpstreamConfig + UpstreamConfigToStructs(s.Overrides[i], &x) + t.Overrides[i] = &x + } + } + } + if s.Defaults != nil { + var x structs.UpstreamConfig + UpstreamConfigToStructs(s.Defaults, &x) + t.Defaults = &x + } +} +func UpstreamConfigurationFromStructs(t *structs.UpstreamConfiguration, s *UpstreamConfiguration) { + if s == nil { + return + } + { + s.Overrides = make([]*UpstreamConfig, len(t.Overrides)) + for i := range t.Overrides { + if t.Overrides[i] != nil { + var x UpstreamConfig + UpstreamConfigFromStructs(t.Overrides[i], &x) + s.Overrides[i] = &x + } + } + } + if t.Defaults != nil { + var x UpstreamConfig + UpstreamConfigFromStructs(t.Defaults, &x) + s.Defaults = &x + } +} +func UpstreamLimitsToStructs(s *UpstreamLimits, t *structs.UpstreamLimits) { + if s == nil { + return + } + t.MaxConnections = pointerToIntFromInt32(s.MaxConnections) + t.MaxPendingRequests = pointerToIntFromInt32(s.MaxPendingRequests) + t.MaxConcurrentRequests = pointerToIntFromInt32(s.MaxConcurrentRequests) +} +func UpstreamLimitsFromStructs(t *structs.UpstreamLimits, s *UpstreamLimits) { + if s == nil { + return + } + s.MaxConnections = int32FromPointerToInt(t.MaxConnections) + s.MaxPendingRequests = int32FromPointerToInt(t.MaxPendingRequests) + s.MaxConcurrentRequests = int32FromPointerToInt(t.MaxConcurrentRequests) +} diff --git a/proto/pbconfigentry/config_entry.go b/proto/pbconfigentry/config_entry.go index 7553bd82fe7e8..a864a3a3b68f4 100644 --- a/proto/pbconfigentry/config_entry.go +++ b/proto/pbconfigentry/config_entry.go @@ -5,7 +5,7 @@ import ( "time" "github.com/golang/protobuf/ptypes/timestamp" - timestamppb "google.golang.org/protobuf/types/known/timestamppb" + "google.golang.org/protobuf/types/known/timestamppb" "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" @@ -45,6 +45,14 @@ func ConfigEntryToStructs(s *ConfigEntry) structs.ConfigEntry { pbcommon.RaftIndexToStructs(s.RaftIndex, &target.RaftIndex) pbcommon.EnterpriseMetaToStructs(s.EnterpriseMeta, &target.EnterpriseMeta) return &target + case Kind_KindServiceDefaults: + var target structs.ServiceConfigEntry + target.Name = s.Name + + ServiceDefaultsToStructs(s.GetServiceDefaults(), &target) + pbcommon.RaftIndexToStructs(s.RaftIndex, &target.RaftIndex) + pbcommon.EnterpriseMetaToStructs(s.EnterpriseMeta, &target.EnterpriseMeta) + return &target default: panic(fmt.Sprintf("unable to convert ConfigEntry of kind %s to structs", s.Kind)) } @@ -93,6 +101,14 @@ func ConfigEntryFromStructs(s structs.ConfigEntry) *ConfigEntry { configEntry.Entry = &ConfigEntry_ServiceIntentions{ ServiceIntentions: &serviceIntentions, } + case *structs.ServiceConfigEntry: + var serviceDefaults ServiceDefaults + ServiceDefaultsFromStructs(v, &serviceDefaults) + + configEntry.Kind = Kind_KindServiceDefaults + configEntry.Entry = &ConfigEntry_ServiceDefaults{ + ServiceDefaults: &serviceDefaults, + } default: panic(fmt.Sprintf("unable to convert %T to proto", s)) } @@ -170,3 +186,83 @@ func intentionSourceTypeFromStructs(structs.IntentionSourceType) IntentionSource func intentionSourceTypeToStructs(IntentionSourceType) structs.IntentionSourceType { return structs.IntentionSourceConsul } + +func pointerToIntFromInt32(i32 int32) *int { + i := int(i32) + return &i +} + +func int32FromPointerToInt(i *int) int32 { + if i != nil { + return int32(*i) + } + return 0 +} + +func pointerToUint32FromUint32(ui32 uint32) *uint32 { + i := ui32 + return &i +} + +func uint32FromPointerToUint32(i *uint32) uint32 { + if i != nil { + return *i + } + return 0 +} + +func proxyModeFromStructs(a structs.ProxyMode) ProxyMode { + switch a { + case structs.ProxyModeDefault: + return ProxyMode_ProxyModeDefault + case structs.ProxyModeTransparent: + return ProxyMode_ProxyModeTransparent + case structs.ProxyModeDirect: + return ProxyMode_ProxyModeDirect + default: + return ProxyMode_ProxyModeDefault + } +} + +func proxyModeToStructs(a ProxyMode) structs.ProxyMode { + switch a { + case ProxyMode_ProxyModeDefault: + return structs.ProxyModeDefault + case ProxyMode_ProxyModeTransparent: + return structs.ProxyModeTransparent + case ProxyMode_ProxyModeDirect: + return structs.ProxyModeDirect + default: + return structs.ProxyModeDefault + } +} + +func meshGatewayModeFromStructs(a structs.MeshGatewayMode) MeshGatewayMode { + switch a { + case structs.MeshGatewayModeDefault: + return MeshGatewayMode_MeshGatewayModeDefault + case structs.MeshGatewayModeNone: + return MeshGatewayMode_MeshGatewayModeNone + case structs.MeshGatewayModeLocal: + return MeshGatewayMode_MeshGatewayModeLocal + case structs.MeshGatewayModeRemote: + return MeshGatewayMode_MeshGatewayModeRemote + default: + return MeshGatewayMode_MeshGatewayModeDefault + } +} + +func meshGatewayModeToStructs(a MeshGatewayMode) structs.MeshGatewayMode { + switch a { + case MeshGatewayMode_MeshGatewayModeDefault: + return structs.MeshGatewayModeDefault + case MeshGatewayMode_MeshGatewayModeNone: + return structs.MeshGatewayModeNone + case MeshGatewayMode_MeshGatewayModeLocal: + return structs.MeshGatewayModeLocal + case MeshGatewayMode_MeshGatewayModeRemote: + return structs.MeshGatewayModeRemote + default: + return structs.MeshGatewayModeDefault + } +} diff --git a/proto/pbconfigentry/config_entry.pb.binary.go b/proto/pbconfigentry/config_entry.pb.binary.go index af897e925bf6c..5d69a6320fc3f 100644 --- a/proto/pbconfigentry/config_entry.pb.binary.go +++ b/proto/pbconfigentry/config_entry.pb.binary.go @@ -306,3 +306,103 @@ func (msg *IntentionHTTPHeaderPermission) MarshalBinary() ([]byte, error) { func (msg *IntentionHTTPHeaderPermission) UnmarshalBinary(b []byte) error { return proto.Unmarshal(b, msg) } + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ServiceDefaults) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ServiceDefaults) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *TransparentProxyConfig) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *TransparentProxyConfig) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *MeshGatewayConfig) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *MeshGatewayConfig) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ExposeConfig) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ExposeConfig) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ExposePath) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ExposePath) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *UpstreamConfiguration) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *UpstreamConfiguration) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *UpstreamConfig) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *UpstreamConfig) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *UpstreamLimits) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *UpstreamLimits) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *PassiveHealthCheck) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *PassiveHealthCheck) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *DestinationConfig) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *DestinationConfig) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto/pbconfigentry/config_entry.pb.go b/proto/pbconfigentry/config_entry.pb.go index aaeb6ce9f25c5..cc53e83e3a15f 100644 --- a/proto/pbconfigentry/config_entry.pb.go +++ b/proto/pbconfigentry/config_entry.pb.go @@ -31,6 +31,7 @@ const ( Kind_KindServiceResolver Kind = 2 Kind_KindIngressGateway Kind = 3 Kind_KindServiceIntentions Kind = 4 + Kind_KindServiceDefaults Kind = 5 ) // Enum value maps for Kind. @@ -41,6 +42,7 @@ var ( 2: "KindServiceResolver", 3: "KindIngressGateway", 4: "KindServiceIntentions", + 5: "KindServiceDefaults", } Kind_value = map[string]int32{ "KindUnknown": 0, @@ -48,6 +50,7 @@ var ( "KindServiceResolver": 2, "KindIngressGateway": 3, "KindServiceIntentions": 4, + "KindServiceDefaults": 5, } ) @@ -167,6 +170,107 @@ func (IntentionSourceType) EnumDescriptor() ([]byte, []int) { return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{2} } +type ProxyMode int32 + +const ( + ProxyMode_ProxyModeDefault ProxyMode = 0 + ProxyMode_ProxyModeTransparent ProxyMode = 1 + ProxyMode_ProxyModeDirect ProxyMode = 2 +) + +// Enum value maps for ProxyMode. +var ( + ProxyMode_name = map[int32]string{ + 0: "ProxyModeDefault", + 1: "ProxyModeTransparent", + 2: "ProxyModeDirect", + } + ProxyMode_value = map[string]int32{ + "ProxyModeDefault": 0, + "ProxyModeTransparent": 1, + "ProxyModeDirect": 2, + } +) + +func (x ProxyMode) Enum() *ProxyMode { + p := new(ProxyMode) + *p = x + return p +} + +func (x ProxyMode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ProxyMode) Descriptor() protoreflect.EnumDescriptor { + return file_proto_pbconfigentry_config_entry_proto_enumTypes[3].Descriptor() +} + +func (ProxyMode) Type() protoreflect.EnumType { + return &file_proto_pbconfigentry_config_entry_proto_enumTypes[3] +} + +func (x ProxyMode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ProxyMode.Descriptor instead. +func (ProxyMode) EnumDescriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{3} +} + +type MeshGatewayMode int32 + +const ( + MeshGatewayMode_MeshGatewayModeDefault MeshGatewayMode = 0 + MeshGatewayMode_MeshGatewayModeNone MeshGatewayMode = 1 + MeshGatewayMode_MeshGatewayModeLocal MeshGatewayMode = 2 + MeshGatewayMode_MeshGatewayModeRemote MeshGatewayMode = 3 +) + +// Enum value maps for MeshGatewayMode. +var ( + MeshGatewayMode_name = map[int32]string{ + 0: "MeshGatewayModeDefault", + 1: "MeshGatewayModeNone", + 2: "MeshGatewayModeLocal", + 3: "MeshGatewayModeRemote", + } + MeshGatewayMode_value = map[string]int32{ + "MeshGatewayModeDefault": 0, + "MeshGatewayModeNone": 1, + "MeshGatewayModeLocal": 2, + "MeshGatewayModeRemote": 3, + } +) + +func (x MeshGatewayMode) Enum() *MeshGatewayMode { + p := new(MeshGatewayMode) + *p = x + return p +} + +func (x MeshGatewayMode) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (MeshGatewayMode) Descriptor() protoreflect.EnumDescriptor { + return file_proto_pbconfigentry_config_entry_proto_enumTypes[4].Descriptor() +} + +func (MeshGatewayMode) Type() protoreflect.EnumType { + return &file_proto_pbconfigentry_config_entry_proto_enumTypes[4] +} + +func (x MeshGatewayMode) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use MeshGatewayMode.Descriptor instead. +func (MeshGatewayMode) EnumDescriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{4} +} + type ConfigEntry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -177,10 +281,12 @@ type ConfigEntry struct { EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,3,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,4,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"` // Types that are assignable to Entry: + // // *ConfigEntry_MeshConfig // *ConfigEntry_ServiceResolver // *ConfigEntry_IngressGateway // *ConfigEntry_ServiceIntentions + // *ConfigEntry_ServiceDefaults Entry isConfigEntry_Entry `protobuf_oneof:"Entry"` } @@ -279,6 +385,13 @@ func (x *ConfigEntry) GetServiceIntentions() *ServiceIntentions { return nil } +func (x *ConfigEntry) GetServiceDefaults() *ServiceDefaults { + if x, ok := x.GetEntry().(*ConfigEntry_ServiceDefaults); ok { + return x.ServiceDefaults + } + return nil +} + type isConfigEntry_Entry interface { isConfigEntry_Entry() } @@ -299,6 +412,10 @@ type ConfigEntry_ServiceIntentions struct { ServiceIntentions *ServiceIntentions `protobuf:"bytes,8,opt,name=ServiceIntentions,proto3,oneof"` } +type ConfigEntry_ServiceDefaults struct { + ServiceDefaults *ServiceDefaults `protobuf:"bytes,9,opt,name=ServiceDefaults,proto3,oneof"` +} + func (*ConfigEntry_MeshConfig) isConfigEntry_Entry() {} func (*ConfigEntry_ServiceResolver) isConfigEntry_Entry() {} @@ -307,6 +424,8 @@ func (*ConfigEntry_IngressGateway) isConfigEntry_Entry() {} func (*ConfigEntry_ServiceIntentions) isConfigEntry_Entry() {} +func (*ConfigEntry_ServiceDefaults) isConfigEntry_Entry() {} + // mog annotation: // // target=github.com/hashicorp/consul/agent/structs.MeshConfigEntry @@ -2516,699 +2635,1721 @@ func (x *IntentionHTTPHeaderPermission) GetInvert() bool { return false } -var File_proto_pbconfigentry_config_entry_proto protoreflect.FileDescriptor +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.ServiceConfigEntry +// output=config_entry.gen.go +// name=Structs +// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta +type ServiceDefaults struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields -var file_proto_pbconfigentry_config_entry_proto_rawDesc = []byte{ - 0x0a, 0x26, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x25, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x1a, - 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x94, 0x05, - 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3f, 0x0a, - 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x68, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x69, 0x6e, 0x64, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, - 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, - 0x4d, 0x65, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, - 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, - 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x49, 0x0a, 0x09, - 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, - 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x53, 0x0a, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, - 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, - 0x52, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x62, 0x0a, 0x0f, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, - 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, - 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x48, 0x00, 0x52, - 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, - 0x12, 0x5f, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, - 0x61, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x48, - 0x00, 0x52, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, - 0x79, 0x12, 0x68, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, - 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, - 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x00, 0x52, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0x07, 0x0a, 0x05, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x22, 0xec, 0x03, 0x0a, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x12, 0x6d, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, - 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x41, 0x2e, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, - 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x52, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, - 0x78, 0x79, 0x12, 0x46, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, 0x53, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x49, 0x0a, 0x04, 0x48, 0x54, - 0x54, 0x50, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, - 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x4f, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x52, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, - 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x22, 0x50, 0x0a, 0x1a, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, - 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x12, 0x32, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4f, 0x6e, 0x6c, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x14, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0xc9, 0x01, 0x0a, 0x0d, 0x4d, 0x65, 0x73, 0x68, 0x54, 0x4c, - 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5b, 0x0a, 0x08, 0x49, 0x6e, 0x63, 0x6f, 0x6d, - 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, - 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, - 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x61, - 0x6c, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, 0x49, 0x6e, 0x63, 0x6f, - 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x5b, 0x0a, 0x08, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, 0x67, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, - 0x65, 0x73, 0x68, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x54, 0x4c, - 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, 0x4f, 0x75, 0x74, 0x67, 0x6f, 0x69, 0x6e, - 0x67, 0x22, 0x8a, 0x01, 0x0a, 0x18, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x24, - 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, - 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, - 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x54, - 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x68, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x12, 0x42, 0x0a, 0x1c, 0x53, 0x61, 0x6e, 0x69, 0x74, 0x69, 0x7a, 0x65, 0x58, 0x46, 0x6f, 0x72, - 0x77, 0x61, 0x72, 0x64, 0x65, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1c, 0x53, 0x61, 0x6e, 0x69, 0x74, 0x69, 0x7a, 0x65, - 0x58, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x65, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x43, 0x65, 0x72, 0x74, 0x22, 0x4d, 0x0a, 0x11, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4d, - 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x38, 0x0a, 0x17, 0x50, 0x65, 0x65, - 0x72, 0x54, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, - 0x77, 0x61, 0x79, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x17, 0x50, 0x65, 0x65, 0x72, - 0x54, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, - 0x61, 0x79, 0x73, 0x22, 0xf6, 0x06, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, - 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, 0x65, 0x66, 0x61, 0x75, - 0x6c, 0x74, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, - 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x5d, 0x0a, - 0x07, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, - 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, - 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x07, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x12, 0x5a, 0x0a, 0x08, - 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, - 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, - 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x08, - 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x60, 0x0a, 0x08, 0x46, 0x61, 0x69, 0x6c, - 0x6f, 0x76, 0x65, 0x72, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, - 0x65, 0x72, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x08, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x41, 0x0a, 0x0e, 0x43, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x43, - 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x57, 0x0a, - 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f, 0x61, 0x64, - 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x52, 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, - 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, - 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x78, 0x0a, 0x0c, - 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x52, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, - 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x7b, 0x0a, 0x0d, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, - 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x54, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, - 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x51, 0x0a, 0x15, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x53, - 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x20, 0x0a, - 0x0b, 0x4f, 0x6e, 0x6c, 0x79, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0b, 0x4f, 0x6e, 0x6c, 0x79, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x22, - 0xc9, 0x01, 0x0a, 0x17, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, - 0x76, 0x65, 0x72, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x4e, - 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, - 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, - 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, - 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, - 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, - 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x22, 0xf9, 0x01, 0x0a, 0x17, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x46, - 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, - 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, - 0x74, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x44, 0x61, 0x74, 0x61, - 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5e, 0x0a, 0x07, 0x54, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, - 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x07, - 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x22, 0xcf, 0x01, 0x0a, 0x1d, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, - 0x76, 0x65, 0x72, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, - 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, - 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, - 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, - 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, - 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x06, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x22, 0xc7, 0x02, 0x0a, 0x0c, 0x4c, 0x6f, - 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x12, 0x5d, 0x0a, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x52, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x12, 0x69, 0x0a, 0x12, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x12, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x55, 0x0a, 0x0c, - 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x50, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0c, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x69, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x28, 0x0a, 0x0f, 0x4d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, - 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, - 0x4d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x12, - 0x28, 0x0a, 0x0f, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, - 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75, - 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x36, 0x0a, 0x12, 0x4c, 0x65, 0x61, - 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, - 0x20, 0x0a, 0x0b, 0x43, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x43, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, 0x6e, - 0x74, 0x22, 0xd3, 0x01, 0x0a, 0x0a, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x46, 0x69, 0x65, 0x6c, - 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x57, 0x0a, 0x0c, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x52, 0x0c, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, - 0x1a, 0x0a, 0x08, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x50, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x08, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x50, 0x12, 0x1a, 0x0a, 0x08, 0x54, - 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x54, - 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x69, 0x0a, 0x0c, 0x43, 0x6f, 0x6f, 0x6b, 0x69, - 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, - 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, - 0x6e, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, 0x54, 0x4c, 0x12, 0x12, - 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, - 0x74, 0x68, 0x22, 0x98, 0x03, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, - 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x49, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, - 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, - 0x12, 0x54, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, - 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x09, 0x4c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x53, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, - 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x4d, 0x65, 0x74, 0x61, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x57, 0x0a, 0x08, 0x44, - 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3b, 0x2e, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, 0x44, 0x65, 0x66, 0x61, - 0x75, 0x6c, 0x74, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa4, 0x01, - 0x0a, 0x14, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x26, 0x0a, 0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, - 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0e, - 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2e, - 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12, 0x4d, 0x61, 0x78, 0x50, - 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x34, - 0x0a, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x15, 0x4d, - 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x73, 0x22, 0xea, 0x01, 0x0a, 0x10, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x45, 0x6e, 0x61, - 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x45, 0x6e, 0x61, 0x62, - 0x6c, 0x65, 0x64, 0x12, 0x4c, 0x0a, 0x03, 0x53, 0x44, 0x53, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x54, 0x4c, 0x53, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x53, 0x44, - 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, - 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x61, - 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, - 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, - 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, - 0x73, 0x22, 0x5b, 0x0a, 0x13, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x53, - 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x6c, 0x75, 0x73, - 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x43, - 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x65, - 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0xdf, - 0x01, 0x0a, 0x0f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, - 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x12, 0x51, 0x0a, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, - 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x08, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x49, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, - 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, - 0x22, 0xcc, 0x05, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x48, 0x6f, 0x73, 0x74, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x48, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x50, 0x0a, - 0x03, 0x54, 0x4c, 0x53, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, - 0x62, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, - 0x65, 0x72, 0x73, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x12, 0x64, 0x0a, 0x0f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, - 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x53, 0x0a, 0x04, 0x4d, 0x65, 0x74, - 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x4d, - 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x58, - 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, - 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, - 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x26, 0x0a, 0x0e, 0x4d, 0x61, 0x78, 0x43, - 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x12, 0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12, 0x4d, 0x61, - 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, - 0x12, 0x34, 0x0a, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, - 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, - 0x67, 0x0a, 0x17, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4c, 0x0a, 0x03, 0x53, 0x44, - 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x52, 0x03, 0x53, 0x44, 0x53, 0x22, 0xcb, 0x02, 0x0a, 0x13, 0x48, 0x54, 0x54, - 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, - 0x12, 0x55, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x2e, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x55, 0x0a, 0x03, 0x53, 0x65, 0x74, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, - 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, - 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x53, 0x65, 0x74, 0x12, 0x16, - 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, - 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, - 0x0a, 0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf6, 0x01, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x50, 0x0a, 0x07, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, - 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x56, - 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, - 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, - 0xa6, 0x06, 0x0a, 0x0f, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x4e, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5c, 0x0a, 0x0b, 0x50, 0x65, 0x72, 0x6d, 0x69, - 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, - 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, - 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x72, 0x65, 0x63, 0x65, 0x64, 0x65, - 0x6e, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x50, 0x72, 0x65, 0x63, 0x65, - 0x64, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x49, - 0x44, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x49, - 0x44, 0x12, 0x4e, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, - 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, - 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x54, 0x79, 0x70, - 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x66, 0x0a, 0x0a, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, 0x74, - 0x61, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x46, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x2e, - 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x0a, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x46, 0x0a, 0x10, 0x4c, - 0x65, 0x67, 0x61, 0x63, 0x79, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x52, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, - 0x69, 0x6d, 0x65, 0x12, 0x46, 0x0a, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x55, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, - 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, - 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x0b, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, - 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, - 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, 0x72, 0x18, 0x0c, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x1a, 0x3d, 0x0a, 0x0f, 0x4c, 0x65, 0x67, - 0x61, 0x63, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb9, 0x01, 0x0a, 0x13, 0x49, 0x6e, 0x74, - 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, - 0x12, 0x4e, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, - 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x52, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, - 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, - 0x48, 0x54, 0x54, 0x50, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x04, - 0x48, 0x54, 0x54, 0x50, 0x22, 0xed, 0x01, 0x0a, 0x17, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, - 0x6f, 0x6e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, - 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x74, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x12, 0x1e, - 0x0a, 0x0a, 0x50, 0x61, 0x74, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0a, 0x50, 0x61, 0x74, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1c, - 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68, 0x52, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x09, 0x50, 0x61, 0x74, 0x68, 0x52, 0x65, 0x67, 0x65, 0x78, 0x12, 0x5c, 0x0a, 0x06, - 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, - 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x54, - 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, - 0x6f, 0x6e, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x4d, 0x65, - 0x74, 0x68, 0x6f, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x4d, 0x65, 0x74, - 0x68, 0x6f, 0x64, 0x73, 0x22, 0xc1, 0x01, 0x0a, 0x1d, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, - 0x6f, 0x6e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x65, 0x72, 0x6d, - 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x50, 0x72, - 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x50, 0x72, 0x65, - 0x73, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x45, 0x78, 0x61, 0x63, 0x74, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x45, 0x78, 0x61, 0x63, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x50, 0x72, - 0x65, 0x66, 0x69, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x50, 0x72, 0x65, 0x66, - 0x69, 0x78, 0x12, 0x16, 0x0a, 0x06, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x18, 0x05, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x06, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x12, 0x14, 0x0a, 0x05, 0x52, 0x65, - 0x67, 0x65, 0x78, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x52, 0x65, 0x67, 0x65, 0x78, - 0x12, 0x16, 0x0a, 0x06, 0x49, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x06, 0x49, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x2a, 0x77, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, - 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69, 0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, - 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b, 0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x10, 0x01, 0x12, 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, - 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, - 0x65, 0x77, 0x61, 0x79, 0x10, 0x03, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, - 0x04, 0x2a, 0x26, 0x0a, 0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, 0x00, 0x12, 0x09, - 0x0a, 0x05, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, 0x49, 0x6e, 0x74, - 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x42, 0xa6, 0x02, 0x0a, - 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x10, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2f, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, - 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xa2, - 0x02, 0x04, 0x48, 0x43, 0x49, 0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xca, 0x02, - 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, - 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x5c, 0x47, - 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, - 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, - 0x65, 0x6e, 0x74, 0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + Protocol string `protobuf:"bytes,1,opt,name=Protocol,proto3" json:"Protocol,omitempty"` + // mog: func-to=proxyModeToStructs func-from=proxyModeFromStructs + Mode ProxyMode `protobuf:"varint,2,opt,name=Mode,proto3,enum=hashicorp.consul.internal.configentry.ProxyMode" json:"Mode,omitempty"` + TransparentProxy *TransparentProxyConfig `protobuf:"bytes,3,opt,name=TransparentProxy,proto3" json:"TransparentProxy,omitempty"` + MeshGateway *MeshGatewayConfig `protobuf:"bytes,4,opt,name=MeshGateway,proto3" json:"MeshGateway,omitempty"` + Expose *ExposeConfig `protobuf:"bytes,5,opt,name=Expose,proto3" json:"Expose,omitempty"` + ExternalSNI string `protobuf:"bytes,6,opt,name=ExternalSNI,proto3" json:"ExternalSNI,omitempty"` + UpstreamConfig *UpstreamConfiguration `protobuf:"bytes,7,opt,name=UpstreamConfig,proto3" json:"UpstreamConfig,omitempty"` + Destination *DestinationConfig `protobuf:"bytes,8,opt,name=Destination,proto3" json:"Destination,omitempty"` + // mog: func-to=int func-from=int32 + MaxInboundConnections int32 `protobuf:"varint,9,opt,name=MaxInboundConnections,proto3" json:"MaxInboundConnections,omitempty"` + // mog: func-to=int func-from=int32 + LocalConnectTimeoutMs int32 `protobuf:"varint,10,opt,name=LocalConnectTimeoutMs,proto3" json:"LocalConnectTimeoutMs,omitempty"` + // mog: func-to=int func-from=int32 + LocalRequestTimeoutMs int32 `protobuf:"varint,11,opt,name=LocalRequestTimeoutMs,proto3" json:"LocalRequestTimeoutMs,omitempty"` + BalanceInboundConnections string `protobuf:"bytes,12,opt,name=BalanceInboundConnections,proto3" json:"BalanceInboundConnections,omitempty"` + Meta map[string]string `protobuf:"bytes,13,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } -var ( - file_proto_pbconfigentry_config_entry_proto_rawDescOnce sync.Once - file_proto_pbconfigentry_config_entry_proto_rawDescData = file_proto_pbconfigentry_config_entry_proto_rawDesc -) +func (x *ServiceDefaults) Reset() { + *x = ServiceDefaults{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[30] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} -func file_proto_pbconfigentry_config_entry_proto_rawDescGZIP() []byte { - file_proto_pbconfigentry_config_entry_proto_rawDescOnce.Do(func() { - file_proto_pbconfigentry_config_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbconfigentry_config_entry_proto_rawDescData) - }) - return file_proto_pbconfigentry_config_entry_proto_rawDescData +func (x *ServiceDefaults) String() string { + return protoimpl.X.MessageStringOf(x) } -var file_proto_pbconfigentry_config_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_proto_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 40) -var file_proto_pbconfigentry_config_entry_proto_goTypes = []interface{}{ - (Kind)(0), // 0: hashicorp.consul.internal.configentry.Kind - (IntentionAction)(0), // 1: hashicorp.consul.internal.configentry.IntentionAction - (IntentionSourceType)(0), // 2: hashicorp.consul.internal.configentry.IntentionSourceType - (*ConfigEntry)(nil), // 3: hashicorp.consul.internal.configentry.ConfigEntry - (*MeshConfig)(nil), // 4: hashicorp.consul.internal.configentry.MeshConfig - (*TransparentProxyMeshConfig)(nil), // 5: hashicorp.consul.internal.configentry.TransparentProxyMeshConfig - (*MeshTLSConfig)(nil), // 6: hashicorp.consul.internal.configentry.MeshTLSConfig - (*MeshDirectionalTLSConfig)(nil), // 7: hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig - (*MeshHTTPConfig)(nil), // 8: hashicorp.consul.internal.configentry.MeshHTTPConfig - (*PeeringMeshConfig)(nil), // 9: hashicorp.consul.internal.configentry.PeeringMeshConfig - (*ServiceResolver)(nil), // 10: hashicorp.consul.internal.configentry.ServiceResolver - (*ServiceResolverSubset)(nil), // 11: hashicorp.consul.internal.configentry.ServiceResolverSubset - (*ServiceResolverRedirect)(nil), // 12: hashicorp.consul.internal.configentry.ServiceResolverRedirect - (*ServiceResolverFailover)(nil), // 13: hashicorp.consul.internal.configentry.ServiceResolverFailover - (*ServiceResolverFailoverTarget)(nil), // 14: hashicorp.consul.internal.configentry.ServiceResolverFailoverTarget - (*LoadBalancer)(nil), // 15: hashicorp.consul.internal.configentry.LoadBalancer - (*RingHashConfig)(nil), // 16: hashicorp.consul.internal.configentry.RingHashConfig - (*LeastRequestConfig)(nil), // 17: hashicorp.consul.internal.configentry.LeastRequestConfig - (*HashPolicy)(nil), // 18: hashicorp.consul.internal.configentry.HashPolicy - (*CookieConfig)(nil), // 19: hashicorp.consul.internal.configentry.CookieConfig - (*IngressGateway)(nil), // 20: hashicorp.consul.internal.configentry.IngressGateway - (*IngressServiceConfig)(nil), // 21: hashicorp.consul.internal.configentry.IngressServiceConfig - (*GatewayTLSConfig)(nil), // 22: hashicorp.consul.internal.configentry.GatewayTLSConfig - (*GatewayTLSSDSConfig)(nil), // 23: hashicorp.consul.internal.configentry.GatewayTLSSDSConfig - (*IngressListener)(nil), // 24: hashicorp.consul.internal.configentry.IngressListener - (*IngressService)(nil), // 25: hashicorp.consul.internal.configentry.IngressService - (*GatewayServiceTLSConfig)(nil), // 26: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig - (*HTTPHeaderModifiers)(nil), // 27: hashicorp.consul.internal.configentry.HTTPHeaderModifiers - (*ServiceIntentions)(nil), // 28: hashicorp.consul.internal.configentry.ServiceIntentions - (*SourceIntention)(nil), // 29: hashicorp.consul.internal.configentry.SourceIntention - (*IntentionPermission)(nil), // 30: hashicorp.consul.internal.configentry.IntentionPermission - (*IntentionHTTPPermission)(nil), // 31: hashicorp.consul.internal.configentry.IntentionHTTPPermission - (*IntentionHTTPHeaderPermission)(nil), // 32: hashicorp.consul.internal.configentry.IntentionHTTPHeaderPermission - nil, // 33: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry - nil, // 34: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry - nil, // 35: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry - nil, // 36: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry - nil, // 37: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry - nil, // 38: hashicorp.consul.internal.configentry.IngressService.MetaEntry - nil, // 39: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry - nil, // 40: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry - nil, // 41: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry - nil, // 42: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry - (*pbcommon.EnterpriseMeta)(nil), // 43: hashicorp.consul.internal.common.EnterpriseMeta - (*pbcommon.RaftIndex)(nil), // 44: hashicorp.consul.internal.common.RaftIndex - (*durationpb.Duration)(nil), // 45: google.protobuf.Duration - (*timestamppb.Timestamp)(nil), // 46: google.protobuf.Timestamp +func (*ServiceDefaults) ProtoMessage() {} + +func (x *ServiceDefaults) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[30] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) } -var file_proto_pbconfigentry_config_entry_proto_depIdxs = []int32{ - 0, // 0: hashicorp.consul.internal.configentry.ConfigEntry.Kind:type_name -> hashicorp.consul.internal.configentry.Kind - 43, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta - 44, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex - 4, // 3: hashicorp.consul.internal.configentry.ConfigEntry.MeshConfig:type_name -> hashicorp.consul.internal.configentry.MeshConfig - 10, // 4: hashicorp.consul.internal.configentry.ConfigEntry.ServiceResolver:type_name -> hashicorp.consul.internal.configentry.ServiceResolver - 20, // 5: hashicorp.consul.internal.configentry.ConfigEntry.IngressGateway:type_name -> hashicorp.consul.internal.configentry.IngressGateway - 28, // 6: hashicorp.consul.internal.configentry.ConfigEntry.ServiceIntentions:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions - 5, // 7: hashicorp.consul.internal.configentry.MeshConfig.TransparentProxy:type_name -> hashicorp.consul.internal.configentry.TransparentProxyMeshConfig - 6, // 8: hashicorp.consul.internal.configentry.MeshConfig.TLS:type_name -> hashicorp.consul.internal.configentry.MeshTLSConfig - 8, // 9: hashicorp.consul.internal.configentry.MeshConfig.HTTP:type_name -> hashicorp.consul.internal.configentry.MeshHTTPConfig - 33, // 10: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry - 9, // 11: hashicorp.consul.internal.configentry.MeshConfig.Peering:type_name -> hashicorp.consul.internal.configentry.PeeringMeshConfig - 7, // 12: hashicorp.consul.internal.configentry.MeshTLSConfig.Incoming:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig - 7, // 13: hashicorp.consul.internal.configentry.MeshTLSConfig.Outgoing:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig - 34, // 14: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry - 12, // 15: hashicorp.consul.internal.configentry.ServiceResolver.Redirect:type_name -> hashicorp.consul.internal.configentry.ServiceResolverRedirect - 35, // 16: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry - 45, // 17: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration - 15, // 18: hashicorp.consul.internal.configentry.ServiceResolver.LoadBalancer:type_name -> hashicorp.consul.internal.configentry.LoadBalancer - 36, // 19: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry - 14, // 20: hashicorp.consul.internal.configentry.ServiceResolverFailover.Targets:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverTarget - 16, // 21: hashicorp.consul.internal.configentry.LoadBalancer.RingHashConfig:type_name -> hashicorp.consul.internal.configentry.RingHashConfig - 17, // 22: hashicorp.consul.internal.configentry.LoadBalancer.LeastRequestConfig:type_name -> hashicorp.consul.internal.configentry.LeastRequestConfig - 18, // 23: hashicorp.consul.internal.configentry.LoadBalancer.HashPolicies:type_name -> hashicorp.consul.internal.configentry.HashPolicy - 19, // 24: hashicorp.consul.internal.configentry.HashPolicy.CookieConfig:type_name -> hashicorp.consul.internal.configentry.CookieConfig - 45, // 25: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration - 22, // 26: hashicorp.consul.internal.configentry.IngressGateway.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig - 24, // 27: hashicorp.consul.internal.configentry.IngressGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.IngressListener - 37, // 28: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry - 21, // 29: hashicorp.consul.internal.configentry.IngressGateway.Defaults:type_name -> hashicorp.consul.internal.configentry.IngressServiceConfig - 23, // 30: hashicorp.consul.internal.configentry.GatewayTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig - 25, // 31: hashicorp.consul.internal.configentry.IngressListener.Services:type_name -> hashicorp.consul.internal.configentry.IngressService - 22, // 32: hashicorp.consul.internal.configentry.IngressListener.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig - 26, // 33: hashicorp.consul.internal.configentry.IngressService.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayServiceTLSConfig - 27, // 34: hashicorp.consul.internal.configentry.IngressService.RequestHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers - 27, // 35: hashicorp.consul.internal.configentry.IngressService.ResponseHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers - 38, // 36: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry - 43, // 37: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta - 23, // 38: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig - 39, // 39: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry - 40, // 40: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry - 29, // 41: hashicorp.consul.internal.configentry.ServiceIntentions.Sources:type_name -> hashicorp.consul.internal.configentry.SourceIntention - 41, // 42: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry - 1, // 43: hashicorp.consul.internal.configentry.SourceIntention.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction - 30, // 44: hashicorp.consul.internal.configentry.SourceIntention.Permissions:type_name -> hashicorp.consul.internal.configentry.IntentionPermission - 2, // 45: hashicorp.consul.internal.configentry.SourceIntention.Type:type_name -> hashicorp.consul.internal.configentry.IntentionSourceType - 42, // 46: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry - 46, // 47: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp - 46, // 48: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp - 43, // 49: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta - 1, // 50: hashicorp.consul.internal.configentry.IntentionPermission.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction - 31, // 51: hashicorp.consul.internal.configentry.IntentionPermission.HTTP:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPPermission - 32, // 52: hashicorp.consul.internal.configentry.IntentionHTTPPermission.Header:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPHeaderPermission - 11, // 53: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset - 13, // 54: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover - 55, // [55:55] is the sub-list for method output_type - 55, // [55:55] is the sub-list for method input_type - 55, // [55:55] is the sub-list for extension type_name - 55, // [55:55] is the sub-list for extension extendee - 0, // [0:55] is the sub-list for field type_name + +// Deprecated: Use ServiceDefaults.ProtoReflect.Descriptor instead. +func (*ServiceDefaults) Descriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{30} } -func init() { file_proto_pbconfigentry_config_entry_proto_init() } -func file_proto_pbconfigentry_config_entry_proto_init() { - if File_proto_pbconfigentry_config_entry_proto != nil { - return +func (x *ServiceDefaults) GetProtocol() string { + if x != nil { + return x.Protocol } - if !protoimpl.UnsafeEnabled { - file_proto_pbconfigentry_config_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConfigEntry); i { - case 0: + return "" +} + +func (x *ServiceDefaults) GetMode() ProxyMode { + if x != nil { + return x.Mode + } + return ProxyMode_ProxyModeDefault +} + +func (x *ServiceDefaults) GetTransparentProxy() *TransparentProxyConfig { + if x != nil { + return x.TransparentProxy + } + return nil +} + +func (x *ServiceDefaults) GetMeshGateway() *MeshGatewayConfig { + if x != nil { + return x.MeshGateway + } + return nil +} + +func (x *ServiceDefaults) GetExpose() *ExposeConfig { + if x != nil { + return x.Expose + } + return nil +} + +func (x *ServiceDefaults) GetExternalSNI() string { + if x != nil { + return x.ExternalSNI + } + return "" +} + +func (x *ServiceDefaults) GetUpstreamConfig() *UpstreamConfiguration { + if x != nil { + return x.UpstreamConfig + } + return nil +} + +func (x *ServiceDefaults) GetDestination() *DestinationConfig { + if x != nil { + return x.Destination + } + return nil +} + +func (x *ServiceDefaults) GetMaxInboundConnections() int32 { + if x != nil { + return x.MaxInboundConnections + } + return 0 +} + +func (x *ServiceDefaults) GetLocalConnectTimeoutMs() int32 { + if x != nil { + return x.LocalConnectTimeoutMs + } + return 0 +} + +func (x *ServiceDefaults) GetLocalRequestTimeoutMs() int32 { + if x != nil { + return x.LocalRequestTimeoutMs + } + return 0 +} + +func (x *ServiceDefaults) GetBalanceInboundConnections() string { + if x != nil { + return x.BalanceInboundConnections + } + return "" +} + +func (x *ServiceDefaults) GetMeta() map[string]string { + if x != nil { + return x.Meta + } + return nil +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.TransparentProxyConfig +// output=config_entry.gen.go +// name=Structs +type TransparentProxyConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // mog: func-to=int func-from=int32 + OutboundListenerPort int32 `protobuf:"varint,1,opt,name=OutboundListenerPort,proto3" json:"OutboundListenerPort,omitempty"` + DialedDirectly bool `protobuf:"varint,2,opt,name=DialedDirectly,proto3" json:"DialedDirectly,omitempty"` +} + +func (x *TransparentProxyConfig) Reset() { + *x = TransparentProxyConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[31] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TransparentProxyConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TransparentProxyConfig) ProtoMessage() {} + +func (x *TransparentProxyConfig) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[31] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TransparentProxyConfig.ProtoReflect.Descriptor instead. +func (*TransparentProxyConfig) Descriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{31} +} + +func (x *TransparentProxyConfig) GetOutboundListenerPort() int32 { + if x != nil { + return x.OutboundListenerPort + } + return 0 +} + +func (x *TransparentProxyConfig) GetDialedDirectly() bool { + if x != nil { + return x.DialedDirectly + } + return false +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.MeshGatewayConfig +// output=config_entry.gen.go +// name=Structs +type MeshGatewayConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // mog: func-to=meshGatewayModeToStructs func-from=meshGatewayModeFromStructs + Mode MeshGatewayMode `protobuf:"varint,1,opt,name=Mode,proto3,enum=hashicorp.consul.internal.configentry.MeshGatewayMode" json:"Mode,omitempty"` +} + +func (x *MeshGatewayConfig) Reset() { + *x = MeshGatewayConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[32] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *MeshGatewayConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MeshGatewayConfig) ProtoMessage() {} + +func (x *MeshGatewayConfig) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[32] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MeshGatewayConfig.ProtoReflect.Descriptor instead. +func (*MeshGatewayConfig) Descriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{32} +} + +func (x *MeshGatewayConfig) GetMode() MeshGatewayMode { + if x != nil { + return x.Mode + } + return MeshGatewayMode_MeshGatewayModeDefault +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.ExposeConfig +// output=config_entry.gen.go +// name=Structs +type ExposeConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Checks bool `protobuf:"varint,1,opt,name=Checks,proto3" json:"Checks,omitempty"` + Paths []*ExposePath `protobuf:"bytes,2,rep,name=Paths,proto3" json:"Paths,omitempty"` +} + +func (x *ExposeConfig) Reset() { + *x = ExposeConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[33] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExposeConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExposeConfig) ProtoMessage() {} + +func (x *ExposeConfig) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[33] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExposeConfig.ProtoReflect.Descriptor instead. +func (*ExposeConfig) Descriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{33} +} + +func (x *ExposeConfig) GetChecks() bool { + if x != nil { + return x.Checks + } + return false +} + +func (x *ExposeConfig) GetPaths() []*ExposePath { + if x != nil { + return x.Paths + } + return nil +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.ExposePath +// output=config_entry.gen.go +// name=Structs +type ExposePath struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // mog: func-to=int func-from=int32 + ListenerPort int32 `protobuf:"varint,1,opt,name=ListenerPort,proto3" json:"ListenerPort,omitempty"` + Path string `protobuf:"bytes,2,opt,name=Path,proto3" json:"Path,omitempty"` + // mog: func-to=int func-from=int32 + LocalPathPort int32 `protobuf:"varint,3,opt,name=LocalPathPort,proto3" json:"LocalPathPort,omitempty"` + Protocol string `protobuf:"bytes,4,opt,name=Protocol,proto3" json:"Protocol,omitempty"` + ParsedFromCheck bool `protobuf:"varint,5,opt,name=ParsedFromCheck,proto3" json:"ParsedFromCheck,omitempty"` +} + +func (x *ExposePath) Reset() { + *x = ExposePath{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[34] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExposePath) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExposePath) ProtoMessage() {} + +func (x *ExposePath) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[34] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExposePath.ProtoReflect.Descriptor instead. +func (*ExposePath) Descriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{34} +} + +func (x *ExposePath) GetListenerPort() int32 { + if x != nil { + return x.ListenerPort + } + return 0 +} + +func (x *ExposePath) GetPath() string { + if x != nil { + return x.Path + } + return "" +} + +func (x *ExposePath) GetLocalPathPort() int32 { + if x != nil { + return x.LocalPathPort + } + return 0 +} + +func (x *ExposePath) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +func (x *ExposePath) GetParsedFromCheck() bool { + if x != nil { + return x.ParsedFromCheck + } + return false +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.UpstreamConfiguration +// output=config_entry.gen.go +// name=Structs +type UpstreamConfiguration struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Overrides []*UpstreamConfig `protobuf:"bytes,1,rep,name=Overrides,proto3" json:"Overrides,omitempty"` + Defaults *UpstreamConfig `protobuf:"bytes,2,opt,name=Defaults,proto3" json:"Defaults,omitempty"` +} + +func (x *UpstreamConfiguration) Reset() { + *x = UpstreamConfiguration{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[35] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpstreamConfiguration) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpstreamConfiguration) ProtoMessage() {} + +func (x *UpstreamConfiguration) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[35] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpstreamConfiguration.ProtoReflect.Descriptor instead. +func (*UpstreamConfiguration) Descriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{35} +} + +func (x *UpstreamConfiguration) GetOverrides() []*UpstreamConfig { + if x != nil { + return x.Overrides + } + return nil +} + +func (x *UpstreamConfiguration) GetDefaults() *UpstreamConfig { + if x != nil { + return x.Defaults + } + return nil +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.UpstreamConfig +// output=config_entry.gen.go +// name=Structs +type UpstreamConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"` + // mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs + EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,2,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"` + EnvoyListenerJSON string `protobuf:"bytes,3,opt,name=EnvoyListenerJSON,proto3" json:"EnvoyListenerJSON,omitempty"` + EnvoyClusterJSON string `protobuf:"bytes,4,opt,name=EnvoyClusterJSON,proto3" json:"EnvoyClusterJSON,omitempty"` + Protocol string `protobuf:"bytes,5,opt,name=Protocol,proto3" json:"Protocol,omitempty"` + // mog: func-to=int func-from=int32 + ConnectTimeoutMs int32 `protobuf:"varint,6,opt,name=ConnectTimeoutMs,proto3" json:"ConnectTimeoutMs,omitempty"` + Limits *UpstreamLimits `protobuf:"bytes,7,opt,name=Limits,proto3" json:"Limits,omitempty"` + PassiveHealthCheck *PassiveHealthCheck `protobuf:"bytes,8,opt,name=PassiveHealthCheck,proto3" json:"PassiveHealthCheck,omitempty"` + MeshGateway *MeshGatewayConfig `protobuf:"bytes,9,opt,name=MeshGateway,proto3" json:"MeshGateway,omitempty"` + BalanceOutboundConnections string `protobuf:"bytes,10,opt,name=BalanceOutboundConnections,proto3" json:"BalanceOutboundConnections,omitempty"` +} + +func (x *UpstreamConfig) Reset() { + *x = UpstreamConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[36] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpstreamConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpstreamConfig) ProtoMessage() {} + +func (x *UpstreamConfig) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[36] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpstreamConfig.ProtoReflect.Descriptor instead. +func (*UpstreamConfig) Descriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{36} +} + +func (x *UpstreamConfig) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *UpstreamConfig) GetEnterpriseMeta() *pbcommon.EnterpriseMeta { + if x != nil { + return x.EnterpriseMeta + } + return nil +} + +func (x *UpstreamConfig) GetEnvoyListenerJSON() string { + if x != nil { + return x.EnvoyListenerJSON + } + return "" +} + +func (x *UpstreamConfig) GetEnvoyClusterJSON() string { + if x != nil { + return x.EnvoyClusterJSON + } + return "" +} + +func (x *UpstreamConfig) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +func (x *UpstreamConfig) GetConnectTimeoutMs() int32 { + if x != nil { + return x.ConnectTimeoutMs + } + return 0 +} + +func (x *UpstreamConfig) GetLimits() *UpstreamLimits { + if x != nil { + return x.Limits + } + return nil +} + +func (x *UpstreamConfig) GetPassiveHealthCheck() *PassiveHealthCheck { + if x != nil { + return x.PassiveHealthCheck + } + return nil +} + +func (x *UpstreamConfig) GetMeshGateway() *MeshGatewayConfig { + if x != nil { + return x.MeshGateway + } + return nil +} + +func (x *UpstreamConfig) GetBalanceOutboundConnections() string { + if x != nil { + return x.BalanceOutboundConnections + } + return "" +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.UpstreamLimits +// output=config_entry.gen.go +// name=Structs +type UpstreamLimits struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt + MaxConnections int32 `protobuf:"varint,1,opt,name=MaxConnections,proto3" json:"MaxConnections,omitempty"` + // mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt + MaxPendingRequests int32 `protobuf:"varint,2,opt,name=MaxPendingRequests,proto3" json:"MaxPendingRequests,omitempty"` + // mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt + MaxConcurrentRequests int32 `protobuf:"varint,3,opt,name=MaxConcurrentRequests,proto3" json:"MaxConcurrentRequests,omitempty"` +} + +func (x *UpstreamLimits) Reset() { + *x = UpstreamLimits{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[37] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpstreamLimits) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpstreamLimits) ProtoMessage() {} + +func (x *UpstreamLimits) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[37] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpstreamLimits.ProtoReflect.Descriptor instead. +func (*UpstreamLimits) Descriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{37} +} + +func (x *UpstreamLimits) GetMaxConnections() int32 { + if x != nil { + return x.MaxConnections + } + return 0 +} + +func (x *UpstreamLimits) GetMaxPendingRequests() int32 { + if x != nil { + return x.MaxPendingRequests + } + return 0 +} + +func (x *UpstreamLimits) GetMaxConcurrentRequests() int32 { + if x != nil { + return x.MaxConcurrentRequests + } + return 0 +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.PassiveHealthCheck +// output=config_entry.gen.go +// name=Structs +type PassiveHealthCheck struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + Interval *durationpb.Duration `protobuf:"bytes,1,opt,name=Interval,proto3" json:"Interval,omitempty"` + MaxFailures uint32 `protobuf:"varint,2,opt,name=MaxFailures,proto3" json:"MaxFailures,omitempty"` + // mog: target=EnforcingConsecutive5xx func-to=pointerToUint32FromUint32 func-from=uint32FromPointerToUint32 + EnforcingConsecutive5Xx uint32 `protobuf:"varint,3,opt,name=EnforcingConsecutive5xx,proto3" json:"EnforcingConsecutive5xx,omitempty"` +} + +func (x *PassiveHealthCheck) Reset() { + *x = PassiveHealthCheck{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[38] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PassiveHealthCheck) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PassiveHealthCheck) ProtoMessage() {} + +func (x *PassiveHealthCheck) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[38] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PassiveHealthCheck.ProtoReflect.Descriptor instead. +func (*PassiveHealthCheck) Descriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{38} +} + +func (x *PassiveHealthCheck) GetInterval() *durationpb.Duration { + if x != nil { + return x.Interval + } + return nil +} + +func (x *PassiveHealthCheck) GetMaxFailures() uint32 { + if x != nil { + return x.MaxFailures + } + return 0 +} + +func (x *PassiveHealthCheck) GetEnforcingConsecutive5Xx() uint32 { + if x != nil { + return x.EnforcingConsecutive5Xx + } + return 0 +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.DestinationConfig +// output=config_entry.gen.go +// name=Structs +type DestinationConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Addresses []string `protobuf:"bytes,1,rep,name=Addresses,proto3" json:"Addresses,omitempty"` + // mog: func-to=int func-from=int32 + Port int32 `protobuf:"varint,2,opt,name=Port,proto3" json:"Port,omitempty"` +} + +func (x *DestinationConfig) Reset() { + *x = DestinationConfig{} + if protoimpl.UnsafeEnabled { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[39] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DestinationConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DestinationConfig) ProtoMessage() {} + +func (x *DestinationConfig) ProtoReflect() protoreflect.Message { + mi := &file_proto_pbconfigentry_config_entry_proto_msgTypes[39] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DestinationConfig.ProtoReflect.Descriptor instead. +func (*DestinationConfig) Descriptor() ([]byte, []int) { + return file_proto_pbconfigentry_config_entry_proto_rawDescGZIP(), []int{39} +} + +func (x *DestinationConfig) GetAddresses() []string { + if x != nil { + return x.Addresses + } + return nil +} + +func (x *DestinationConfig) GetPort() int32 { + if x != nil { + return x.Port + } + return 0 +} + +var File_proto_pbconfigentry_config_entry_proto protoreflect.FileDescriptor + +var file_proto_pbconfigentry_config_entry_proto_rawDesc = []byte{ + 0x0a, 0x26, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x25, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x1a, + 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x1a, 0x1b, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, + 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf8, 0x05, + 0x0a, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x3f, 0x0a, + 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x4b, 0x69, 0x6e, 0x64, 0x52, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x12, + 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, + 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, + 0x4d, 0x65, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x49, 0x0a, 0x09, + 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x2e, 0x52, 0x61, 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x52, 0x09, 0x52, 0x61, + 0x66, 0x74, 0x49, 0x6e, 0x64, 0x65, 0x78, 0x12, 0x53, 0x0a, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, + 0x52, 0x0a, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x62, 0x0a, 0x0f, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x48, 0x00, 0x52, + 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, + 0x12, 0x5f, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, + 0x61, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x48, + 0x00, 0x52, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, + 0x79, 0x12, 0x68, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, + 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, + 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x00, 0x52, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x62, 0x0a, 0x0f, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x09, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x48, 0x00, 0x52, 0x0f, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x42, + 0x07, 0x0a, 0x05, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x22, 0xec, 0x03, 0x0a, 0x0a, 0x4d, 0x65, 0x73, + 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x6d, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, + 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x41, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, + 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x52, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, + 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x46, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, + 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x54, 0x4c, 0x53, 0x12, 0x49, + 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x4f, 0x0a, 0x04, 0x4d, 0x65, 0x74, + 0x61, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x52, 0x0a, 0x07, 0x50, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x65, 0x73, 0x68, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x07, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x1a, 0x37, + 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x50, 0x0a, 0x1a, 0x54, 0x72, 0x61, 0x6e, 0x73, + 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x65, 0x73, 0x68, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x65, 0x73, + 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4f, 0x6e, 0x6c, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x14, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x4f, 0x6e, 0x6c, 0x79, 0x22, 0xc9, 0x01, 0x0a, 0x0d, 0x4d, 0x65, + 0x73, 0x68, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5b, 0x0a, 0x08, 0x49, + 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, + 0x49, 0x6e, 0x63, 0x6f, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x5b, 0x0a, 0x08, 0x4f, 0x75, 0x74, 0x67, + 0x6f, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, + 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, 0x4f, 0x75, 0x74, + 0x67, 0x6f, 0x69, 0x6e, 0x67, 0x22, 0x8a, 0x01, 0x0a, 0x18, 0x4d, 0x65, 0x73, 0x68, 0x44, 0x69, + 0x72, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, + 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, + 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x22, + 0x0a, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x03, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, + 0x65, 0x73, 0x22, 0x54, 0x0a, 0x0e, 0x4d, 0x65, 0x73, 0x68, 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x12, 0x42, 0x0a, 0x1c, 0x53, 0x61, 0x6e, 0x69, 0x74, 0x69, 0x7a, 0x65, + 0x58, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x65, 0x64, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, + 0x43, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1c, 0x53, 0x61, 0x6e, 0x69, + 0x74, 0x69, 0x7a, 0x65, 0x58, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x65, 0x64, 0x43, 0x6c, + 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x22, 0x4d, 0x0a, 0x11, 0x50, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x38, 0x0a, + 0x17, 0x50, 0x65, 0x65, 0x72, 0x54, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x4d, 0x65, 0x73, 0x68, + 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x17, + 0x50, 0x65, 0x65, 0x72, 0x54, 0x68, 0x72, 0x6f, 0x75, 0x67, 0x68, 0x4d, 0x65, 0x73, 0x68, 0x47, + 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x22, 0xf6, 0x06, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x24, 0x0a, 0x0d, 0x44, + 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0d, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x53, 0x75, 0x62, 0x73, 0x65, + 0x74, 0x12, 0x5d, 0x0a, 0x07, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, + 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, + 0x12, 0x5a, 0x0a, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, + 0x63, 0x74, 0x52, 0x08, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x60, 0x0a, 0x08, + 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x44, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, + 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x41, + 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x0e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, + 0x74, 0x12, 0x57, 0x0a, 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, + 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x52, 0x0c, 0x4c, 0x6f, + 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65, + 0x74, 0x61, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, + 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, + 0x1a, 0x78, 0x0a, 0x0c, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x52, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x7b, 0x0a, 0x0d, 0x46, 0x61, + 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x54, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, + 0x6c, 0x76, 0x65, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x22, 0x51, 0x0a, 0x15, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, + 0x76, 0x65, 0x72, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x46, 0x69, 0x6c, + 0x74, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x46, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x4f, 0x6e, 0x6c, 0x79, 0x50, 0x61, 0x73, 0x73, 0x69, 0x6e, 0x67, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x4f, 0x6e, 0x6c, 0x79, 0x50, 0x61, 0x73, 0x73, + 0x69, 0x6e, 0x67, 0x22, 0xc9, 0x01, 0x0a, 0x17, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, + 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, + 0x18, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, + 0x1c, 0x0a, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, + 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1e, 0x0a, 0x0a, 0x44, + 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x50, + 0x65, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x22, + 0xf9, 0x01, 0x0a, 0x17, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, + 0x76, 0x65, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x4e, + 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, + 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x44, 0x61, 0x74, + 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, + 0x44, 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5e, 0x0a, 0x07, 0x54, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, + 0x6c, 0x76, 0x65, 0x72, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x54, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x52, 0x07, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x73, 0x22, 0xcf, 0x01, 0x0a, 0x1d, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x46, + 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x12, 0x18, 0x0a, + 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x1c, 0x0a, + 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x4e, + 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, + 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1e, 0x0a, 0x0a, 0x44, 0x61, 0x74, + 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x44, + 0x61, 0x74, 0x61, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, + 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x22, 0xc7, 0x02, + 0x0a, 0x0c, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x12, 0x16, + 0x0a, 0x06, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x5d, 0x0a, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, + 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x69, 0x0a, 0x12, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x12, 0x4c, 0x65, + 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x12, 0x55, 0x0a, 0x0c, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, + 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, + 0x61, 0x73, 0x68, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0c, 0x48, 0x61, 0x73, 0x68, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x69, 0x65, 0x73, 0x22, 0x64, 0x0a, 0x0e, 0x52, 0x69, 0x6e, 0x67, 0x48, + 0x61, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x28, 0x0a, 0x0f, 0x4d, 0x69, 0x6e, + 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x04, 0x52, 0x0f, 0x4d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, + 0x69, 0x7a, 0x65, 0x12, 0x28, 0x0a, 0x0f, 0x4d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, + 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x4d, 0x61, + 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x36, 0x0a, + 0x12, 0x4c, 0x65, 0x61, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x20, 0x0a, 0x0b, 0x43, 0x68, 0x6f, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x75, + 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x43, 0x68, 0x6f, 0x69, 0x63, 0x65, + 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x22, 0xd3, 0x01, 0x0a, 0x0a, 0x48, 0x61, 0x73, 0x68, 0x50, 0x6f, + 0x6c, 0x69, 0x63, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x05, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x12, 0x1e, 0x0a, 0x0a, 0x46, 0x69, + 0x65, 0x6c, 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, + 0x46, 0x69, 0x65, 0x6c, 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x57, 0x0a, 0x0c, 0x43, 0x6f, + 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x1a, 0x0a, 0x08, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x50, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x50, 0x12, + 0x1a, 0x0a, 0x08, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x08, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x22, 0x69, 0x0a, 0x0c, 0x43, + 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, 0x07, 0x53, + 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x53, 0x65, + 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x03, 0x54, 0x54, 0x4c, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x54, + 0x54, 0x4c, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x22, 0x98, 0x03, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, + 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x49, 0x0a, 0x03, 0x54, 0x4c, 0x53, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, + 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, + 0x03, 0x54, 0x4c, 0x53, 0x12, 0x54, 0x0a, 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, + 0x09, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x73, 0x12, 0x53, 0x0a, 0x04, 0x4d, 0x65, + 0x74, 0x61, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, + 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, + 0x57, 0x0a, 0x08, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x3b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, + 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, + 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, + 0x01, 0x22, 0xa4, 0x01, 0x0a, 0x14, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x26, 0x0a, 0x0e, 0x4d, 0x61, + 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12, + 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x73, 0x12, 0x34, 0x0a, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, + 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x22, 0xea, 0x01, 0x0a, 0x10, 0x47, 0x61, 0x74, + 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, 0x0a, + 0x07, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, + 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x4c, 0x0a, 0x03, 0x53, 0x44, 0x53, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, + 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x52, 0x03, 0x53, 0x44, 0x53, 0x12, 0x24, 0x0a, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x69, 0x6e, 0x56, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, + 0x53, 0x4d, 0x69, 0x6e, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x24, 0x0a, 0x0d, 0x54, + 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0d, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x78, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x12, 0x22, 0x0a, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, + 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, + 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x5b, 0x0a, 0x13, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, + 0x54, 0x4c, 0x53, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x20, 0x0a, 0x0b, + 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0b, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, + 0x0a, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x22, 0xdf, 0x01, 0x0a, 0x0f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, + 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x51, 0x0a, 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, + 0x08, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x49, 0x0a, 0x03, 0x54, 0x4c, 0x53, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, + 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, + 0x03, 0x54, 0x4c, 0x53, 0x22, 0xcc, 0x05, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x48, + 0x6f, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x48, 0x6f, 0x73, 0x74, + 0x73, 0x12, 0x50, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, + 0x54, 0x4c, 0x53, 0x12, 0x62, 0x0a, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, + 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x52, 0x0e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x64, 0x0a, 0x0f, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x53, 0x0a, + 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, + 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, + 0x4d, 0x65, 0x74, 0x61, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, + 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x26, 0x0a, 0x0e, + 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x08, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x12, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, + 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x12, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x73, 0x12, 0x34, 0x0a, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, + 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x0a, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, + 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, + 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x22, 0x67, 0x0a, 0x17, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4c, + 0x0a, 0x03, 0x53, 0x44, 0x53, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x54, 0x4c, 0x53, 0x53, 0x44, + 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x03, 0x53, 0x44, 0x53, 0x22, 0xcb, 0x02, 0x0a, + 0x13, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x73, 0x12, 0x55, 0x0a, 0x03, 0x41, 0x64, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, 0x69, 0x65, 0x72, 0x73, 0x2e, 0x41, 0x64, + 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x41, 0x64, 0x64, 0x12, 0x55, 0x0a, 0x03, 0x53, + 0x65, 0x74, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x6f, 0x64, 0x69, 0x66, + 0x69, 0x65, 0x72, 0x73, 0x2e, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x53, + 0x65, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x06, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x41, 0x64, + 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, + 0x38, 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf6, 0x01, 0x0a, 0x11, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x12, 0x50, 0x0a, 0x07, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x53, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x73, 0x12, 0x56, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, + 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x22, 0xa6, 0x06, 0x0a, 0x0f, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, + 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x4e, 0x0a, 0x06, 0x41, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x5c, 0x0a, 0x0b, 0x50, + 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, + 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x50, 0x65, + 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x72, 0x65, + 0x63, 0x65, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x50, + 0x72, 0x65, 0x63, 0x65, 0x64, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x4c, 0x65, 0x67, + 0x61, 0x63, 0x79, 0x49, 0x44, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x4c, 0x65, 0x67, + 0x61, 0x63, 0x79, 0x49, 0x44, 0x12, 0x4e, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x18, 0x06, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, + 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, + 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x44, 0x65, 0x73, 0x63, + 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x66, 0x0a, 0x0a, 0x4c, 0x65, 0x67, 0x61, 0x63, + 0x79, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x46, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, + 0x69, 0x6f, 0x6e, 0x2e, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x0a, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x12, + 0x46, 0x0a, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x54, + 0x69, 0x6d, 0x65, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x43, 0x72, 0x65, + 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x46, 0x0a, 0x10, 0x4c, 0x65, 0x67, 0x61, 0x63, + 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x10, 0x4c, + 0x65, 0x67, 0x61, 0x63, 0x79, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, + 0x58, 0x0a, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, + 0x61, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, + 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x65, 0x65, + 0x72, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x50, 0x65, 0x65, 0x72, 0x1a, 0x3d, 0x0a, + 0x0f, 0x4c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb9, 0x01, 0x0a, + 0x13, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, + 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, + 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x41, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x52, 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, + 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, + 0x6f, 0x6e, 0x52, 0x04, 0x48, 0x54, 0x54, 0x50, 0x22, 0xed, 0x01, 0x0a, 0x17, 0x49, 0x6e, 0x74, + 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x54, 0x54, 0x50, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, + 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68, 0x45, 0x78, 0x61, 0x63, + 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x74, 0x68, 0x45, 0x78, 0x61, + 0x63, 0x74, 0x12, 0x1e, 0x0a, 0x0a, 0x50, 0x61, 0x74, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x50, 0x61, 0x74, 0x68, 0x50, 0x72, 0x65, 0x66, + 0x69, 0x78, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x74, 0x68, 0x52, 0x65, 0x67, 0x65, 0x78, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x74, 0x68, 0x52, 0x65, 0x67, 0x65, 0x78, + 0x12, 0x5c, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x44, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, + 0x6f, 0x6e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x50, 0x65, 0x72, 0x6d, + 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x18, + 0x0a, 0x07, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x07, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x22, 0xc1, 0x01, 0x0a, 0x1d, 0x49, 0x6e, 0x74, + 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, + 0x0a, 0x07, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x07, 0x50, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x45, 0x78, 0x61, 0x63, + 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x45, 0x78, 0x61, 0x63, 0x74, 0x12, 0x16, + 0x0a, 0x06, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x06, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x53, 0x75, 0x66, 0x66, 0x69, 0x78, 0x12, 0x14, + 0x0a, 0x05, 0x52, 0x65, 0x67, 0x65, 0x78, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x52, + 0x65, 0x67, 0x65, 0x78, 0x12, 0x16, 0x0a, 0x06, 0x49, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x18, 0x07, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x49, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x22, 0xda, 0x07, 0x0a, + 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, + 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x44, 0x0a, 0x04, + 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x4d, 0x6f, + 0x64, 0x65, 0x12, 0x69, 0x0a, 0x10, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, + 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, + 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x10, 0x54, 0x72, 0x61, + 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x5a, 0x0a, + 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, + 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, + 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x4b, 0x0a, 0x06, 0x45, 0x78, 0x70, + 0x6f, 0x73, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x2e, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, + 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x53, 0x4e, 0x49, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x45, 0x78, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x53, 0x4e, 0x49, 0x12, 0x64, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, + 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x3c, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, + 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, + 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x5a, + 0x0a, 0x0b, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x44, 0x65, 0x73, 0x74, + 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x44, + 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x34, 0x0a, 0x15, 0x4d, 0x61, + 0x78, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x4d, 0x61, 0x78, 0x49, 0x6e, + 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x12, 0x34, 0x0a, 0x15, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x15, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, + 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x34, 0x0a, 0x15, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x18, + 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x3c, 0x0a, 0x19, + 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x19, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x54, 0x0a, 0x04, 0x4d, 0x65, + 0x74, 0x61, 0x18, 0x0d, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, + 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, + 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x74, 0x0a, 0x16, 0x54, 0x72, 0x61, + 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x12, 0x32, 0x0a, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x14, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x26, 0x0a, 0x0e, 0x44, 0x69, 0x61, 0x6c, 0x65, + 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x0e, 0x44, 0x69, 0x61, 0x6c, 0x65, 0x64, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6c, 0x79, 0x22, + 0x5f, 0x0a, 0x11, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x12, 0x4a, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, + 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x4d, 0x6f, 0x64, 0x65, + 0x22, 0x6f, 0x0a, 0x0c, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x12, 0x16, 0x0a, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x06, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x73, 0x12, 0x47, 0x0a, 0x05, 0x50, 0x61, 0x74, 0x68, + 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, 0x52, 0x05, 0x50, 0x61, 0x74, 0x68, + 0x73, 0x22, 0xb0, 0x01, 0x0a, 0x0a, 0x45, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x50, 0x61, 0x74, 0x68, + 0x12, 0x22, 0x0a, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x50, 0x6f, 0x72, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x50, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x50, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x50, 0x61, 0x74, 0x68, 0x12, 0x24, 0x0a, 0x0d, 0x4c, 0x6f, 0x63, 0x61, + 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x0d, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x61, 0x74, 0x68, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1a, + 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x28, 0x0a, 0x0f, 0x50, 0x61, + 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x0f, 0x50, 0x61, 0x72, 0x73, 0x65, 0x64, 0x46, 0x72, 0x6f, 0x6d, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x22, 0xbf, 0x01, 0x0a, 0x15, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, + 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x53, + 0x0a, 0x09, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, + 0x64, 0x65, 0x73, 0x12, 0x51, 0x0a, 0x08, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x08, 0x44, 0x65, + 0x66, 0x61, 0x75, 0x6c, 0x74, 0x73, 0x22, 0xf6, 0x04, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x4e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x58, 0x0a, + 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, + 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, + 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x2c, 0x0a, 0x11, 0x45, 0x6e, 0x76, 0x6f, 0x79, + 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x11, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x12, 0x2a, 0x0a, 0x10, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6c, + 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x53, 0x4f, 0x4e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x10, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4a, 0x53, 0x4f, + 0x4e, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x2a, 0x0a, + 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, + 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x4d, 0x73, 0x12, 0x4d, 0x0a, 0x06, 0x4c, 0x69, 0x6d, + 0x69, 0x74, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0x2e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, + 0x52, 0x06, 0x4c, 0x69, 0x6d, 0x69, 0x74, 0x73, 0x12, 0x69, 0x0a, 0x12, 0x50, 0x61, 0x73, 0x73, + 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x08, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x50, 0x61, 0x73, + 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, + 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, + 0x65, 0x63, 0x6b, 0x12, 0x5a, 0x0a, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, + 0x61, 0x79, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x52, 0x0b, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, + 0x3e, 0x0a, 0x1a, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, + 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0a, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x1a, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x4f, 0x75, 0x74, 0x62, + 0x6f, 0x75, 0x6e, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, + 0x9e, 0x01, 0x0a, 0x0e, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4c, 0x69, 0x6d, 0x69, + 0x74, 0x73, 0x12, 0x26, 0x0a, 0x0e, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x4d, 0x61, 0x78, 0x43, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x2e, 0x0a, 0x12, 0x4d, 0x61, + 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x12, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, + 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x34, 0x0a, 0x15, 0x4d, 0x61, + 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x15, 0x4d, 0x61, 0x78, 0x43, 0x6f, + 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, + 0x22, 0xa7, 0x01, 0x0a, 0x12, 0x50, 0x61, 0x73, 0x73, 0x69, 0x76, 0x65, 0x48, 0x65, 0x61, 0x6c, + 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x35, 0x0a, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, + 0x76, 0x61, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x20, + 0x0a, 0x0b, 0x4d, 0x61, 0x78, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x0b, 0x4d, 0x61, 0x78, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, + 0x12, 0x38, 0x0a, 0x17, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, + 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0d, 0x52, 0x17, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x69, 0x6e, 0x67, 0x43, 0x6f, 0x6e, 0x73, + 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x22, 0x45, 0x0a, 0x11, 0x44, 0x65, + 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, + 0x1c, 0x0a, 0x09, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x09, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x12, 0x0a, + 0x04, 0x50, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x50, 0x6f, 0x72, + 0x74, 0x2a, 0x90, 0x01, 0x0a, 0x04, 0x4b, 0x69, 0x6e, 0x64, 0x12, 0x0f, 0x0a, 0x0b, 0x4b, 0x69, + 0x6e, 0x64, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x4b, + 0x69, 0x6e, 0x64, 0x4d, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x10, 0x01, 0x12, + 0x17, 0x0a, 0x13, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, + 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x10, 0x02, 0x12, 0x16, 0x0a, 0x12, 0x4b, 0x69, 0x6e, 0x64, + 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x03, + 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, + 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x04, 0x12, 0x17, 0x0a, 0x13, 0x4b, + 0x69, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, + 0x74, 0x73, 0x10, 0x05, 0x2a, 0x26, 0x0a, 0x0f, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, + 0x6e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x65, 0x6e, 0x79, 0x10, + 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x6c, 0x6c, 0x6f, 0x77, 0x10, 0x01, 0x2a, 0x21, 0x0a, 0x13, + 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x54, + 0x79, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x10, 0x00, 0x2a, + 0x50, 0x0a, 0x09, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x14, 0x0a, 0x10, + 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, + 0x10, 0x00, 0x12, 0x18, 0x0a, 0x14, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x54, + 0x72, 0x61, 0x6e, 0x73, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, + 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x10, + 0x02, 0x2a, 0x7b, 0x0a, 0x0f, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, + 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, + 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x10, 0x00, + 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, + 0x6f, 0x64, 0x65, 0x4e, 0x6f, 0x6e, 0x65, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x4d, 0x65, 0x73, + 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x4c, 0x6f, 0x63, 0x61, + 0x6c, 0x10, 0x02, 0x12, 0x19, 0x0a, 0x15, 0x4d, 0x65, 0x73, 0x68, 0x47, 0x61, 0x74, 0x65, 0x77, + 0x61, 0x79, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x10, 0x03, 0x42, 0xa6, + 0x02, 0x0a, 0x29, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x10, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, + 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, + 0x79, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x43, 0xaa, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0xca, 0x02, 0x25, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x31, 0x48, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x28, 0x48, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_proto_pbconfigentry_config_entry_proto_rawDescOnce sync.Once + file_proto_pbconfigentry_config_entry_proto_rawDescData = file_proto_pbconfigentry_config_entry_proto_rawDesc +) + +func file_proto_pbconfigentry_config_entry_proto_rawDescGZIP() []byte { + file_proto_pbconfigentry_config_entry_proto_rawDescOnce.Do(func() { + file_proto_pbconfigentry_config_entry_proto_rawDescData = protoimpl.X.CompressGZIP(file_proto_pbconfigentry_config_entry_proto_rawDescData) + }) + return file_proto_pbconfigentry_config_entry_proto_rawDescData +} + +var file_proto_pbconfigentry_config_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 5) +var file_proto_pbconfigentry_config_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 51) +var file_proto_pbconfigentry_config_entry_proto_goTypes = []interface{}{ + (Kind)(0), // 0: hashicorp.consul.internal.configentry.Kind + (IntentionAction)(0), // 1: hashicorp.consul.internal.configentry.IntentionAction + (IntentionSourceType)(0), // 2: hashicorp.consul.internal.configentry.IntentionSourceType + (ProxyMode)(0), // 3: hashicorp.consul.internal.configentry.ProxyMode + (MeshGatewayMode)(0), // 4: hashicorp.consul.internal.configentry.MeshGatewayMode + (*ConfigEntry)(nil), // 5: hashicorp.consul.internal.configentry.ConfigEntry + (*MeshConfig)(nil), // 6: hashicorp.consul.internal.configentry.MeshConfig + (*TransparentProxyMeshConfig)(nil), // 7: hashicorp.consul.internal.configentry.TransparentProxyMeshConfig + (*MeshTLSConfig)(nil), // 8: hashicorp.consul.internal.configentry.MeshTLSConfig + (*MeshDirectionalTLSConfig)(nil), // 9: hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig + (*MeshHTTPConfig)(nil), // 10: hashicorp.consul.internal.configentry.MeshHTTPConfig + (*PeeringMeshConfig)(nil), // 11: hashicorp.consul.internal.configentry.PeeringMeshConfig + (*ServiceResolver)(nil), // 12: hashicorp.consul.internal.configentry.ServiceResolver + (*ServiceResolverSubset)(nil), // 13: hashicorp.consul.internal.configentry.ServiceResolverSubset + (*ServiceResolverRedirect)(nil), // 14: hashicorp.consul.internal.configentry.ServiceResolverRedirect + (*ServiceResolverFailover)(nil), // 15: hashicorp.consul.internal.configentry.ServiceResolverFailover + (*ServiceResolverFailoverTarget)(nil), // 16: hashicorp.consul.internal.configentry.ServiceResolverFailoverTarget + (*LoadBalancer)(nil), // 17: hashicorp.consul.internal.configentry.LoadBalancer + (*RingHashConfig)(nil), // 18: hashicorp.consul.internal.configentry.RingHashConfig + (*LeastRequestConfig)(nil), // 19: hashicorp.consul.internal.configentry.LeastRequestConfig + (*HashPolicy)(nil), // 20: hashicorp.consul.internal.configentry.HashPolicy + (*CookieConfig)(nil), // 21: hashicorp.consul.internal.configentry.CookieConfig + (*IngressGateway)(nil), // 22: hashicorp.consul.internal.configentry.IngressGateway + (*IngressServiceConfig)(nil), // 23: hashicorp.consul.internal.configentry.IngressServiceConfig + (*GatewayTLSConfig)(nil), // 24: hashicorp.consul.internal.configentry.GatewayTLSConfig + (*GatewayTLSSDSConfig)(nil), // 25: hashicorp.consul.internal.configentry.GatewayTLSSDSConfig + (*IngressListener)(nil), // 26: hashicorp.consul.internal.configentry.IngressListener + (*IngressService)(nil), // 27: hashicorp.consul.internal.configentry.IngressService + (*GatewayServiceTLSConfig)(nil), // 28: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig + (*HTTPHeaderModifiers)(nil), // 29: hashicorp.consul.internal.configentry.HTTPHeaderModifiers + (*ServiceIntentions)(nil), // 30: hashicorp.consul.internal.configentry.ServiceIntentions + (*SourceIntention)(nil), // 31: hashicorp.consul.internal.configentry.SourceIntention + (*IntentionPermission)(nil), // 32: hashicorp.consul.internal.configentry.IntentionPermission + (*IntentionHTTPPermission)(nil), // 33: hashicorp.consul.internal.configentry.IntentionHTTPPermission + (*IntentionHTTPHeaderPermission)(nil), // 34: hashicorp.consul.internal.configentry.IntentionHTTPHeaderPermission + (*ServiceDefaults)(nil), // 35: hashicorp.consul.internal.configentry.ServiceDefaults + (*TransparentProxyConfig)(nil), // 36: hashicorp.consul.internal.configentry.TransparentProxyConfig + (*MeshGatewayConfig)(nil), // 37: hashicorp.consul.internal.configentry.MeshGatewayConfig + (*ExposeConfig)(nil), // 38: hashicorp.consul.internal.configentry.ExposeConfig + (*ExposePath)(nil), // 39: hashicorp.consul.internal.configentry.ExposePath + (*UpstreamConfiguration)(nil), // 40: hashicorp.consul.internal.configentry.UpstreamConfiguration + (*UpstreamConfig)(nil), // 41: hashicorp.consul.internal.configentry.UpstreamConfig + (*UpstreamLimits)(nil), // 42: hashicorp.consul.internal.configentry.UpstreamLimits + (*PassiveHealthCheck)(nil), // 43: hashicorp.consul.internal.configentry.PassiveHealthCheck + (*DestinationConfig)(nil), // 44: hashicorp.consul.internal.configentry.DestinationConfig + nil, // 45: hashicorp.consul.internal.configentry.MeshConfig.MetaEntry + nil, // 46: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry + nil, // 47: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry + nil, // 48: hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry + nil, // 49: hashicorp.consul.internal.configentry.IngressGateway.MetaEntry + nil, // 50: hashicorp.consul.internal.configentry.IngressService.MetaEntry + nil, // 51: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry + nil, // 52: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry + nil, // 53: hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry + nil, // 54: hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry + nil, // 55: hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry + (*pbcommon.EnterpriseMeta)(nil), // 56: hashicorp.consul.internal.common.EnterpriseMeta + (*pbcommon.RaftIndex)(nil), // 57: hashicorp.consul.internal.common.RaftIndex + (*durationpb.Duration)(nil), // 58: google.protobuf.Duration + (*timestamppb.Timestamp)(nil), // 59: google.protobuf.Timestamp +} +var file_proto_pbconfigentry_config_entry_proto_depIdxs = []int32{ + 0, // 0: hashicorp.consul.internal.configentry.ConfigEntry.Kind:type_name -> hashicorp.consul.internal.configentry.Kind + 56, // 1: hashicorp.consul.internal.configentry.ConfigEntry.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 57, // 2: hashicorp.consul.internal.configentry.ConfigEntry.RaftIndex:type_name -> hashicorp.consul.internal.common.RaftIndex + 6, // 3: hashicorp.consul.internal.configentry.ConfigEntry.MeshConfig:type_name -> hashicorp.consul.internal.configentry.MeshConfig + 12, // 4: hashicorp.consul.internal.configentry.ConfigEntry.ServiceResolver:type_name -> hashicorp.consul.internal.configentry.ServiceResolver + 22, // 5: hashicorp.consul.internal.configentry.ConfigEntry.IngressGateway:type_name -> hashicorp.consul.internal.configentry.IngressGateway + 30, // 6: hashicorp.consul.internal.configentry.ConfigEntry.ServiceIntentions:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions + 35, // 7: hashicorp.consul.internal.configentry.ConfigEntry.ServiceDefaults:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults + 7, // 8: hashicorp.consul.internal.configentry.MeshConfig.TransparentProxy:type_name -> hashicorp.consul.internal.configentry.TransparentProxyMeshConfig + 8, // 9: hashicorp.consul.internal.configentry.MeshConfig.TLS:type_name -> hashicorp.consul.internal.configentry.MeshTLSConfig + 10, // 10: hashicorp.consul.internal.configentry.MeshConfig.HTTP:type_name -> hashicorp.consul.internal.configentry.MeshHTTPConfig + 45, // 11: hashicorp.consul.internal.configentry.MeshConfig.Meta:type_name -> hashicorp.consul.internal.configentry.MeshConfig.MetaEntry + 11, // 12: hashicorp.consul.internal.configentry.MeshConfig.Peering:type_name -> hashicorp.consul.internal.configentry.PeeringMeshConfig + 9, // 13: hashicorp.consul.internal.configentry.MeshTLSConfig.Incoming:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig + 9, // 14: hashicorp.consul.internal.configentry.MeshTLSConfig.Outgoing:type_name -> hashicorp.consul.internal.configentry.MeshDirectionalTLSConfig + 46, // 15: hashicorp.consul.internal.configentry.ServiceResolver.Subsets:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry + 14, // 16: hashicorp.consul.internal.configentry.ServiceResolver.Redirect:type_name -> hashicorp.consul.internal.configentry.ServiceResolverRedirect + 47, // 17: hashicorp.consul.internal.configentry.ServiceResolver.Failover:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry + 58, // 18: hashicorp.consul.internal.configentry.ServiceResolver.ConnectTimeout:type_name -> google.protobuf.Duration + 17, // 19: hashicorp.consul.internal.configentry.ServiceResolver.LoadBalancer:type_name -> hashicorp.consul.internal.configentry.LoadBalancer + 48, // 20: hashicorp.consul.internal.configentry.ServiceResolver.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceResolver.MetaEntry + 16, // 21: hashicorp.consul.internal.configentry.ServiceResolverFailover.Targets:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailoverTarget + 18, // 22: hashicorp.consul.internal.configentry.LoadBalancer.RingHashConfig:type_name -> hashicorp.consul.internal.configentry.RingHashConfig + 19, // 23: hashicorp.consul.internal.configentry.LoadBalancer.LeastRequestConfig:type_name -> hashicorp.consul.internal.configentry.LeastRequestConfig + 20, // 24: hashicorp.consul.internal.configentry.LoadBalancer.HashPolicies:type_name -> hashicorp.consul.internal.configentry.HashPolicy + 21, // 25: hashicorp.consul.internal.configentry.HashPolicy.CookieConfig:type_name -> hashicorp.consul.internal.configentry.CookieConfig + 58, // 26: hashicorp.consul.internal.configentry.CookieConfig.TTL:type_name -> google.protobuf.Duration + 24, // 27: hashicorp.consul.internal.configentry.IngressGateway.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig + 26, // 28: hashicorp.consul.internal.configentry.IngressGateway.Listeners:type_name -> hashicorp.consul.internal.configentry.IngressListener + 49, // 29: hashicorp.consul.internal.configentry.IngressGateway.Meta:type_name -> hashicorp.consul.internal.configentry.IngressGateway.MetaEntry + 23, // 30: hashicorp.consul.internal.configentry.IngressGateway.Defaults:type_name -> hashicorp.consul.internal.configentry.IngressServiceConfig + 25, // 31: hashicorp.consul.internal.configentry.GatewayTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig + 27, // 32: hashicorp.consul.internal.configentry.IngressListener.Services:type_name -> hashicorp.consul.internal.configentry.IngressService + 24, // 33: hashicorp.consul.internal.configentry.IngressListener.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSConfig + 28, // 34: hashicorp.consul.internal.configentry.IngressService.TLS:type_name -> hashicorp.consul.internal.configentry.GatewayServiceTLSConfig + 29, // 35: hashicorp.consul.internal.configentry.IngressService.RequestHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers + 29, // 36: hashicorp.consul.internal.configentry.IngressService.ResponseHeaders:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers + 50, // 37: hashicorp.consul.internal.configentry.IngressService.Meta:type_name -> hashicorp.consul.internal.configentry.IngressService.MetaEntry + 56, // 38: hashicorp.consul.internal.configentry.IngressService.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 25, // 39: hashicorp.consul.internal.configentry.GatewayServiceTLSConfig.SDS:type_name -> hashicorp.consul.internal.configentry.GatewayTLSSDSConfig + 51, // 40: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Add:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.AddEntry + 52, // 41: hashicorp.consul.internal.configentry.HTTPHeaderModifiers.Set:type_name -> hashicorp.consul.internal.configentry.HTTPHeaderModifiers.SetEntry + 31, // 42: hashicorp.consul.internal.configentry.ServiceIntentions.Sources:type_name -> hashicorp.consul.internal.configentry.SourceIntention + 53, // 43: hashicorp.consul.internal.configentry.ServiceIntentions.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceIntentions.MetaEntry + 1, // 44: hashicorp.consul.internal.configentry.SourceIntention.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction + 32, // 45: hashicorp.consul.internal.configentry.SourceIntention.Permissions:type_name -> hashicorp.consul.internal.configentry.IntentionPermission + 2, // 46: hashicorp.consul.internal.configentry.SourceIntention.Type:type_name -> hashicorp.consul.internal.configentry.IntentionSourceType + 54, // 47: hashicorp.consul.internal.configentry.SourceIntention.LegacyMeta:type_name -> hashicorp.consul.internal.configentry.SourceIntention.LegacyMetaEntry + 59, // 48: hashicorp.consul.internal.configentry.SourceIntention.LegacyCreateTime:type_name -> google.protobuf.Timestamp + 59, // 49: hashicorp.consul.internal.configentry.SourceIntention.LegacyUpdateTime:type_name -> google.protobuf.Timestamp + 56, // 50: hashicorp.consul.internal.configentry.SourceIntention.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 1, // 51: hashicorp.consul.internal.configentry.IntentionPermission.Action:type_name -> hashicorp.consul.internal.configentry.IntentionAction + 33, // 52: hashicorp.consul.internal.configentry.IntentionPermission.HTTP:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPPermission + 34, // 53: hashicorp.consul.internal.configentry.IntentionHTTPPermission.Header:type_name -> hashicorp.consul.internal.configentry.IntentionHTTPHeaderPermission + 3, // 54: hashicorp.consul.internal.configentry.ServiceDefaults.Mode:type_name -> hashicorp.consul.internal.configentry.ProxyMode + 36, // 55: hashicorp.consul.internal.configentry.ServiceDefaults.TransparentProxy:type_name -> hashicorp.consul.internal.configentry.TransparentProxyConfig + 37, // 56: hashicorp.consul.internal.configentry.ServiceDefaults.MeshGateway:type_name -> hashicorp.consul.internal.configentry.MeshGatewayConfig + 38, // 57: hashicorp.consul.internal.configentry.ServiceDefaults.Expose:type_name -> hashicorp.consul.internal.configentry.ExposeConfig + 40, // 58: hashicorp.consul.internal.configentry.ServiceDefaults.UpstreamConfig:type_name -> hashicorp.consul.internal.configentry.UpstreamConfiguration + 44, // 59: hashicorp.consul.internal.configentry.ServiceDefaults.Destination:type_name -> hashicorp.consul.internal.configentry.DestinationConfig + 55, // 60: hashicorp.consul.internal.configentry.ServiceDefaults.Meta:type_name -> hashicorp.consul.internal.configentry.ServiceDefaults.MetaEntry + 4, // 61: hashicorp.consul.internal.configentry.MeshGatewayConfig.Mode:type_name -> hashicorp.consul.internal.configentry.MeshGatewayMode + 39, // 62: hashicorp.consul.internal.configentry.ExposeConfig.Paths:type_name -> hashicorp.consul.internal.configentry.ExposePath + 41, // 63: hashicorp.consul.internal.configentry.UpstreamConfiguration.Overrides:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig + 41, // 64: hashicorp.consul.internal.configentry.UpstreamConfiguration.Defaults:type_name -> hashicorp.consul.internal.configentry.UpstreamConfig + 56, // 65: hashicorp.consul.internal.configentry.UpstreamConfig.EnterpriseMeta:type_name -> hashicorp.consul.internal.common.EnterpriseMeta + 42, // 66: hashicorp.consul.internal.configentry.UpstreamConfig.Limits:type_name -> hashicorp.consul.internal.configentry.UpstreamLimits + 43, // 67: hashicorp.consul.internal.configentry.UpstreamConfig.PassiveHealthCheck:type_name -> hashicorp.consul.internal.configentry.PassiveHealthCheck + 37, // 68: hashicorp.consul.internal.configentry.UpstreamConfig.MeshGateway:type_name -> hashicorp.consul.internal.configentry.MeshGatewayConfig + 58, // 69: hashicorp.consul.internal.configentry.PassiveHealthCheck.Interval:type_name -> google.protobuf.Duration + 13, // 70: hashicorp.consul.internal.configentry.ServiceResolver.SubsetsEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverSubset + 15, // 71: hashicorp.consul.internal.configentry.ServiceResolver.FailoverEntry.value:type_name -> hashicorp.consul.internal.configentry.ServiceResolverFailover + 72, // [72:72] is the sub-list for method output_type + 72, // [72:72] is the sub-list for method input_type + 72, // [72:72] is the sub-list for extension type_name + 72, // [72:72] is the sub-list for extension extendee + 0, // [0:72] is the sub-list for field type_name +} + +func init() { file_proto_pbconfigentry_config_entry_proto_init() } +func file_proto_pbconfigentry_config_entry_proto_init() { + if File_proto_pbconfigentry_config_entry_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_proto_pbconfigentry_config_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ConfigEntry); i { + case 0: return &v.state case 1: return &v.sizeCache @@ -3566,20 +4707,141 @@ func file_proto_pbconfigentry_config_entry_proto_init() { return nil } } + file_proto_pbconfigentry_config_entry_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ServiceDefaults); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfigentry_config_entry_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TransparentProxyConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfigentry_config_entry_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*MeshGatewayConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfigentry_config_entry_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ExposeConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfigentry_config_entry_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ExposePath); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfigentry_config_entry_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpstreamConfiguration); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfigentry_config_entry_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpstreamConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfigentry_config_entry_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpstreamLimits); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfigentry_config_entry_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PassiveHealthCheck); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_proto_pbconfigentry_config_entry_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DestinationConfig); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } file_proto_pbconfigentry_config_entry_proto_msgTypes[0].OneofWrappers = []interface{}{ (*ConfigEntry_MeshConfig)(nil), (*ConfigEntry_ServiceResolver)(nil), (*ConfigEntry_IngressGateway)(nil), (*ConfigEntry_ServiceIntentions)(nil), + (*ConfigEntry_ServiceDefaults)(nil), } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_proto_pbconfigentry_config_entry_proto_rawDesc, - NumEnums: 3, - NumMessages: 40, + NumEnums: 5, + NumMessages: 51, NumExtensions: 0, NumServices: 0, }, diff --git a/proto/pbconfigentry/config_entry.proto b/proto/pbconfigentry/config_entry.proto index fba12fb150295..b20a7dd45439e 100644 --- a/proto/pbconfigentry/config_entry.proto +++ b/proto/pbconfigentry/config_entry.proto @@ -12,6 +12,7 @@ enum Kind { KindServiceResolver = 2; KindIngressGateway = 3; KindServiceIntentions = 4; + KindServiceDefaults = 5; } message ConfigEntry { @@ -26,6 +27,7 @@ message ConfigEntry { ServiceResolver ServiceResolver = 6; IngressGateway IngressGateway = 7; ServiceIntentions ServiceIntentions = 8; + ServiceDefaults ServiceDefaults = 9; } } @@ -404,3 +406,156 @@ message IntentionHTTPHeaderPermission { string Regex = 6; bool Invert = 7; } + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.ServiceConfigEntry +// output=config_entry.gen.go +// name=Structs +// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta +message ServiceDefaults { + string Protocol = 1; + // mog: func-to=proxyModeToStructs func-from=proxyModeFromStructs + ProxyMode Mode = 2; + TransparentProxyConfig TransparentProxy = 3; + MeshGatewayConfig MeshGateway = 4; + ExposeConfig Expose = 5; + string ExternalSNI = 6; + UpstreamConfiguration UpstreamConfig = 7; + DestinationConfig Destination = 8; + // mog: func-to=int func-from=int32 + int32 MaxInboundConnections = 9; + // mog: func-to=int func-from=int32 + int32 LocalConnectTimeoutMs = 10; + // mog: func-to=int func-from=int32 + int32 LocalRequestTimeoutMs = 11; + string BalanceInboundConnections = 12; + map Meta = 13; +} + +enum ProxyMode { + ProxyModeDefault = 0; + ProxyModeTransparent = 1; + ProxyModeDirect = 2; +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.TransparentProxyConfig +// output=config_entry.gen.go +// name=Structs +message TransparentProxyConfig { + // mog: func-to=int func-from=int32 + int32 OutboundListenerPort = 1; + bool DialedDirectly = 2; +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.MeshGatewayConfig +// output=config_entry.gen.go +// name=Structs +message MeshGatewayConfig { + // mog: func-to=meshGatewayModeToStructs func-from=meshGatewayModeFromStructs + MeshGatewayMode Mode = 1; +} + +enum MeshGatewayMode { + MeshGatewayModeDefault = 0; + MeshGatewayModeNone = 1; + MeshGatewayModeLocal = 2; + MeshGatewayModeRemote = 3; +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.ExposeConfig +// output=config_entry.gen.go +// name=Structs +message ExposeConfig { + bool Checks = 1; + repeated ExposePath Paths = 2; +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.ExposePath +// output=config_entry.gen.go +// name=Structs +message ExposePath { + // mog: func-to=int func-from=int32 + int32 ListenerPort = 1; + string Path = 2; + // mog: func-to=int func-from=int32 + int32 LocalPathPort = 3; + string Protocol = 4; + bool ParsedFromCheck = 5; +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.UpstreamConfiguration +// output=config_entry.gen.go +// name=Structs +message UpstreamConfiguration { + repeated UpstreamConfig Overrides = 1; + UpstreamConfig Defaults = 2; +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.UpstreamConfig +// output=config_entry.gen.go +// name=Structs +message UpstreamConfig { + string Name = 1; + // mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs + common.EnterpriseMeta EnterpriseMeta = 2; + string EnvoyListenerJSON = 3; + string EnvoyClusterJSON = 4; + string Protocol = 5; + // mog: func-to=int func-from=int32 + int32 ConnectTimeoutMs = 6; + UpstreamLimits Limits = 7; + PassiveHealthCheck PassiveHealthCheck = 8; + MeshGatewayConfig MeshGateway = 9; + string BalanceOutboundConnections = 10; +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.UpstreamLimits +// output=config_entry.gen.go +// name=Structs +message UpstreamLimits { + // mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt + int32 MaxConnections = 1; + // mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt + int32 MaxPendingRequests = 2; + // mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt + int32 MaxConcurrentRequests = 3; +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.PassiveHealthCheck +// output=config_entry.gen.go +// name=Structs +message PassiveHealthCheck { + // mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto + google.protobuf.Duration Interval = 1; + uint32 MaxFailures = 2; + // mog: target=EnforcingConsecutive5xx func-to=pointerToUint32FromUint32 func-from=uint32FromPointerToUint32 + uint32 EnforcingConsecutive5xx = 3; +} + +// mog annotation: +// +// target=github.com/hashicorp/consul/agent/structs.DestinationConfig +// output=config_entry.gen.go +// name=Structs +message DestinationConfig { + repeated string Addresses = 1; + // mog: func-to=int func-from=int32 + int32 Port = 2; +} diff --git a/proto/pbpeering/peering.gen.go b/proto/pbpeering/peering.gen.go index b5b3436d4ce04..94cf1daa01611 100644 --- a/proto/pbpeering/peering.gen.go +++ b/proto/pbpeering/peering.gen.go @@ -39,7 +39,6 @@ func GenerateTokenRequestToAPI(s *GenerateTokenRequest, t *api.PeeringGenerateTo t.PeerName = s.PeerName t.Partition = s.Partition t.Meta = s.Meta - t.ServerExternalAddresses = s.ServerExternalAddresses } func GenerateTokenRequestFromAPI(t *api.PeeringGenerateTokenRequest, s *GenerateTokenRequest) { if s == nil { @@ -48,7 +47,6 @@ func GenerateTokenRequestFromAPI(t *api.PeeringGenerateTokenRequest, s *Generate s.PeerName = t.PeerName s.Partition = t.Partition s.Meta = t.Meta - s.ServerExternalAddresses = t.ServerExternalAddresses } func GenerateTokenResponseToAPI(s *GenerateTokenResponse, t *api.PeeringGenerateTokenResponse) { if s == nil { diff --git a/proto/pbpeering/peering.pb.go b/proto/pbpeering/peering.pb.go index a3f118e4edfa6..173b6a53cbc84 100644 --- a/proto/pbpeering/peering.pb.go +++ b/proto/pbpeering/peering.pb.go @@ -107,6 +107,7 @@ type SecretsWriteRequest struct { // PeerID is the local UUID of the peering this request applies to. PeerID string `protobuf:"bytes,1,opt,name=PeerID,proto3" json:"PeerID,omitempty"` // Types that are assignable to Request: + // // *SecretsWriteRequest_GenerateToken // *SecretsWriteRequest_ExchangeSecret // *SecretsWriteRequest_PromotePending @@ -1687,10 +1688,6 @@ type GenerateTokenRequest struct { Partition string `protobuf:"bytes,2,opt,name=Partition,proto3" json:"Partition,omitempty"` // Meta is a mapping of some string value to any other string value Meta map[string]string `protobuf:"bytes,5,rep,name=Meta,proto3" json:"Meta,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - // ServerExternalAddresses is a list of addresses to put into the generated token. This could be used to specify - // load balancer(s) or external IPs to reach the servers from the dialing side, and will override any server - // addresses obtained from the "consul" service. - ServerExternalAddresses []string `protobuf:"bytes,6,rep,name=ServerExternalAddresses,proto3" json:"ServerExternalAddresses,omitempty"` } func (x *GenerateTokenRequest) Reset() { @@ -1746,13 +1743,6 @@ func (x *GenerateTokenRequest) GetMeta() map[string]string { return nil } -func (x *GenerateTokenRequest) GetServerExternalAddresses() []string { - if x != nil { - return x.ServerExternalAddresses - } - return nil -} - // mog annotation: // // target=github.com/hashicorp/consul/api.PeeringGenerateTokenResponse @@ -2536,7 +2526,7 @@ var file_proto_pbpeering_peering_proto_rawDesc = []byte{ 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x22, 0x0a, 0x20, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x44, 0x65, 0x6c, - 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x9a, 0x02, 0x0a, 0x14, + 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xe0, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, @@ -2547,128 +2537,124 @@ var file_proto_pbpeering_peering_proto_rawDesc = []byte{ 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x04, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x38, 0x0a, 0x17, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, - 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, - 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x78, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x1a, - 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x3b, 0x0a, 0x15, 0x47, 0x65, 0x6e, 0x65, - 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xfc, 0x01, 0x0a, 0x10, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, - 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, - 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, - 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x50, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, - 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, - 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x51, 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, - 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, - 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, - 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, - 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x22, 0x13, 0x0a, 0x11, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, - 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2a, 0x73, 0x0a, 0x0c, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, - 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x50, 0x45, 0x4e, 0x44, - 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x45, 0x53, 0x54, 0x41, 0x42, 0x4c, 0x49, - 0x53, 0x48, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x43, 0x54, 0x49, 0x56, - 0x45, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, 0x4c, 0x49, 0x4e, 0x47, 0x10, 0x04, - 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x0e, - 0x0a, 0x0a, 0x54, 0x45, 0x52, 0x4d, 0x49, 0x4e, 0x41, 0x54, 0x45, 0x44, 0x10, 0x06, 0x32, 0xc0, - 0x08, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x12, 0x82, 0x01, 0x0a, 0x0d, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, - 0x6b, 0x65, 0x6e, 0x12, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, - 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x68, + 0x04, 0x4d, 0x65, 0x74, 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x3b, + 0x0a, 0x15, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x22, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x50, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xfc, 0x01, 0x0a, 0x10, + 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x22, 0x0a, 0x0c, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x54, 0x6f, 0x6b, 0x65, 0x6e, + 0x12, 0x1c, 0x0a, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x51, + 0x0a, 0x04, 0x4d, 0x65, 0x74, 0x61, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x76, 0x0a, 0x09, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, - 0x69, 0x73, 0x68, 0x12, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x04, 0x4d, 0x65, 0x74, + 0x61, 0x1a, 0x37, 0x0a, 0x09, 0x4d, 0x65, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x13, 0x0a, 0x11, 0x45, 0x73, + 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2a, + 0x73, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, + 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, + 0x0a, 0x07, 0x50, 0x45, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x45, + 0x53, 0x54, 0x41, 0x42, 0x4c, 0x49, 0x53, 0x48, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x0a, 0x0a, + 0x06, 0x41, 0x43, 0x54, 0x49, 0x56, 0x45, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x41, 0x49, + 0x4c, 0x49, 0x4e, 0x47, 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x49, + 0x4e, 0x47, 0x10, 0x05, 0x12, 0x0e, 0x0a, 0x0a, 0x54, 0x45, 0x52, 0x4d, 0x49, 0x4e, 0x41, 0x54, + 0x45, 0x44, 0x10, 0x06, 0x32, 0xc0, 0x08, 0x0a, 0x0e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x82, 0x01, 0x0a, 0x0d, 0x47, 0x65, 0x6e, 0x65, + 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, + 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x54, + 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x76, 0x0a, 0x09, + 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x12, 0x33, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, + 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, + 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7c, 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, + 0x65, 0x61, 0x64, 0x12, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, - 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, 0x61, 0x62, 0x6c, 0x69, 0x73, - 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, + 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x36, 0x2e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x7c, 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, + 0x74, 0x12, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, + 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, + 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x45, 0x73, 0x74, - 0x61, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7c, - 0x0a, 0x0b, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x12, 0x35, 0x2e, - 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7c, 0x0a, 0x0b, - 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x35, 0x2e, 0x68, 0x61, + 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x82, 0x01, 0x0a, 0x0d, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x12, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, - 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x69, - 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x82, 0x01, 0x0a, 0x0d, 0x50, - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x37, 0x2e, 0x68, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, - 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, - 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7f, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, - 0x7f, 0x0a, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x12, - 0x36, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0xa3, 0x01, 0x0a, 0x18, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, - 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x42, 0x2e, + 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, - 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, - 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, - 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, - 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x88, 0x01, 0x0a, 0x0f, 0x54, 0x72, 0x75, 0x73, 0x74, - 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x12, 0x39, 0x2e, 0x68, 0x61, 0x73, - 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, - 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, - 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, - 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x42, 0x8a, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x67, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x57, 0x72, 0x69, 0x74, 0x65, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xa3, 0x01, 0x0a, 0x18, 0x54, 0x72, 0x75, 0x73, 0x74, + 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x12, 0x42, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, + 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, + 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x43, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x42, 0x0c, 0x50, 0x65, 0x65, - 0x72, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, - 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, - 0x62, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xa2, 0x02, 0x04, 0x48, 0x43, 0x49, 0x50, 0xaa, - 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x50, 0x65, 0x65, 0x72, - 0x69, 0x6e, 0x67, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, - 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, - 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xe2, 0x02, 0x2d, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, - 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, + 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x42, 0x79, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x88, 0x01, 0x0a, + 0x0f, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, + 0x12, 0x39, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, + 0x73, 0x75, 0x6c, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, + 0x52, 0x65, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3a, 0x2e, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x2e, + 0x54, 0x72, 0x75, 0x73, 0x74, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x65, 0x61, 0x64, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x8a, 0x02, 0x0a, 0x25, 0x63, 0x6f, 0x6d, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2e, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x42, 0x0c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, + 0x01, 0x5a, 0x2b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x70, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xa2, 0x02, + 0x04, 0x48, 0x43, 0x49, 0x50, 0xaa, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xca, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x49, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0xe2, 0x02, 0x2d, + 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x5c, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5c, 0x50, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x24, + 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x3a, 0x3a, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x3a, 0x3a, 0x50, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/pbpeering/peering.proto b/proto/pbpeering/peering.proto index a7d9e347be424..a2318319721b6 100644 --- a/proto/pbpeering/peering.proto +++ b/proto/pbpeering/peering.proto @@ -365,11 +365,6 @@ message GenerateTokenRequest { // Meta is a mapping of some string value to any other string value map Meta = 5; - - // ServerExternalAddresses is a list of addresses to put into the generated token. This could be used to specify - // load balancer(s) or external IPs to reach the servers from the dialing side, and will override any server - // addresses obtained from the "consul" service. - repeated string ServerExternalAddresses = 6; } // mog annotation: diff --git a/proto/pbpeerstream/peerstream.pb.go b/proto/pbpeerstream/peerstream.pb.go index d45ca33979062..cb1b831670638 100644 --- a/proto/pbpeerstream/peerstream.pb.go +++ b/proto/pbpeerstream/peerstream.pb.go @@ -78,6 +78,7 @@ type ReplicationMessage struct { unknownFields protoimpl.UnknownFields // Types that are assignable to Payload: + // // *ReplicationMessage_Open_ // *ReplicationMessage_Request_ // *ReplicationMessage_Response_ diff --git a/proto/pbsubscribe/subscribe.pb.go b/proto/pbsubscribe/subscribe.pb.go index 5d209df9a8f59..4f2ce839d1fa5 100644 --- a/proto/pbsubscribe/subscribe.pb.go +++ b/proto/pbsubscribe/subscribe.pb.go @@ -46,7 +46,7 @@ const ( Topic_MeshConfig Topic = 3 // ServiceResolver topic contains events for changes to a service resolver. Topic_ServiceResolver Topic = 4 - // ServiceResolver topic contains events for changes to an ingress gateway. + // IngressGateway topic contains events for changes to an ingress gateway. Topic_IngressGateway Topic = 5 // ServiceIntentions topic contains events for changes to service intentions. Topic_ServiceIntentions Topic = 6 @@ -56,6 +56,8 @@ const ( // // Note: WildcardSubject is the only supported Subject on this topic. Topic_ServiceList Topic = 7 + // ServiceDefaults topic contains events for changes to service-defaults. + Topic_ServiceDefaults Topic = 8 ) // Enum value maps for Topic. @@ -69,6 +71,7 @@ var ( 5: "IngressGateway", 6: "ServiceIntentions", 7: "ServiceList", + 8: "ServiceDefaults", } Topic_value = map[string]int32{ "Unknown": 0, @@ -79,6 +82,7 @@ var ( "IngressGateway": 5, "ServiceIntentions": 6, "ServiceList": 7, + "ServiceDefaults": 8, } ) @@ -320,6 +324,7 @@ type SubscribeRequest struct { // receive events (e.g. health events for a particular service). // // Types that are assignable to Subject: + // // *SubscribeRequest_WildcardSubject // *SubscribeRequest_NamedSubject Subject isSubscribeRequest_Subject `protobuf_oneof:"Subject"` @@ -471,6 +476,7 @@ type Event struct { // Payload is the actual event content. // // Types that are assignable to Payload: + // // *Event_EndOfSnapshot // *Event_NewSnapshotToFollow // *Event_EventBatch @@ -955,7 +961,7 @@ var file_proto_pbsubscribe_subscribe_proto_rawDesc = []byte{ 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x0e, 0x45, 0x6e, 0x74, 0x65, 0x72, 0x70, 0x72, 0x69, 0x73, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x1a, 0x0a, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x2a, 0xa2, 0x01, 0x0a, 0x05, 0x54, + 0x52, 0x08, 0x50, 0x65, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x2a, 0xb7, 0x01, 0x0a, 0x05, 0x54, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x10, 0x01, 0x12, 0x18, 0x0a, 0x14, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, @@ -965,26 +971,27 @@ var file_proto_pbsubscribe_subscribe_proto_rawDesc = []byte{ 0x72, 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x10, 0x05, 0x12, 0x15, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x10, 0x06, 0x12, 0x0f, - 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x10, 0x07, 0x2a, - 0x29, 0x0a, 0x09, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, 0x70, 0x12, 0x0c, 0x0a, 0x08, - 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x44, 0x65, - 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x01, 0x32, 0x59, 0x0a, 0x17, 0x53, 0x74, - 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, - 0x62, 0x65, 0x12, 0x1b, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x53, - 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x10, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x2e, 0x45, 0x76, 0x65, 0x6e, - 0x74, 0x22, 0x00, 0x30, 0x01, 0x42, 0x92, 0x01, 0x0a, 0x0d, 0x63, 0x6f, 0x6d, 0x2e, 0x73, 0x75, - 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x42, 0x0e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, - 0x62, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, - 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x62, 0x73, - 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xa2, 0x02, 0x03, 0x53, 0x58, 0x58, 0xaa, 0x02, - 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xca, 0x02, 0x09, 0x53, 0x75, 0x62, - 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xe2, 0x02, 0x15, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, - 0x62, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, - 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x10, 0x07, 0x12, + 0x13, 0x0a, 0x0f, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x44, 0x65, 0x66, 0x61, 0x75, 0x6c, + 0x74, 0x73, 0x10, 0x08, 0x2a, 0x29, 0x0a, 0x09, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x4f, + 0x70, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x00, 0x12, + 0x0e, 0x0a, 0x0a, 0x44, 0x65, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x10, 0x01, 0x32, + 0x59, 0x0a, 0x17, 0x53, 0x74, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x53, 0x75, + 0x62, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x09, 0x53, 0x75, + 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12, 0x1b, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, + 0x69, 0x62, 0x65, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x10, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, + 0x2e, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x22, 0x00, 0x30, 0x01, 0x42, 0x92, 0x01, 0x0a, 0x0d, 0x63, + 0x6f, 0x6d, 0x2e, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x42, 0x0e, 0x53, 0x75, + 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x2d, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x2f, 0x70, 0x62, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xa2, 0x02, 0x03, + 0x53, 0x58, 0x58, 0xaa, 0x02, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xca, + 0x02, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0xe2, 0x02, 0x15, 0x53, 0x75, + 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0xea, 0x02, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/pbsubscribe/subscribe.proto b/proto/pbsubscribe/subscribe.proto index e68a0cecc3ab4..c1b3e82ebb20b 100644 --- a/proto/pbsubscribe/subscribe.proto +++ b/proto/pbsubscribe/subscribe.proto @@ -58,7 +58,7 @@ enum Topic { // ServiceResolver topic contains events for changes to a service resolver. ServiceResolver = 4; - // ServiceResolver topic contains events for changes to an ingress gateway. + // IngressGateway topic contains events for changes to an ingress gateway. IngressGateway = 5; // ServiceIntentions topic contains events for changes to service intentions. @@ -70,6 +70,9 @@ enum Topic { // // Note: WildcardSubject is the only supported Subject on this topic. ServiceList = 7; + + // ServiceDefaults topic contains events for changes to service-defaults. + ServiceDefaults = 8; } message NamedSubject { diff --git a/sdk/iptables/iptables.go b/sdk/iptables/iptables.go index 83b5c03a1b26b..653fd02b9b54b 100644 --- a/sdk/iptables/iptables.go +++ b/sdk/iptables/iptables.go @@ -2,6 +2,7 @@ package iptables import ( "errors" + "fmt" "strconv" ) @@ -30,6 +31,9 @@ type Config struct { // ConsulDNSIP is the IP for Consul DNS to direct DNS queries to. ConsulDNSIP string + // ConsulDNSPort is the port for Consul DNS to direct DNS queries to. + ConsulDNSPort int + // ProxyUserID is the user ID of the proxy process. ProxyUserID string @@ -107,7 +111,7 @@ func Setup(cfg Config) error { cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", ProxyOutputRedirectChain, "-p", "tcp", "-j", "REDIRECT", "--to-port", strconv.Itoa(cfg.ProxyOutboundPort)) // The DNS rules are applied before the rules that directs all TCP traffic, so that the traffic going to port 53 goes through this rule first. - if cfg.ConsulDNSIP != "" { + if cfg.ConsulDNSIP != "" && cfg.ConsulDNSPort == 0 { // Traffic in the DNSChain is directed to the Consul DNS Service IP. cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", DNSChain, "-p", "udp", "--dport", "53", "-j", "DNAT", "--to-destination", cfg.ConsulDNSIP) cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", DNSChain, "-p", "tcp", "--dport", "53", "-j", "DNAT", "--to-destination", cfg.ConsulDNSIP) @@ -115,6 +119,19 @@ func Setup(cfg Config) error { // For outbound TCP and UDP traffic going to port 53 (DNS), jump to the DNSChain. cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", "OUTPUT", "-p", "udp", "--dport", "53", "-j", DNSChain) cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", "OUTPUT", "-p", "tcp", "--dport", "53", "-j", DNSChain) + } else if cfg.ConsulDNSPort != 0 { + consulDNSIP := "127.0.0.1" + if cfg.ConsulDNSIP != "" { + consulDNSIP = cfg.ConsulDNSIP + } + consulDNSHostPort := fmt.Sprintf("%s:%d", consulDNSIP, cfg.ConsulDNSPort) + // Traffic in the DNSChain is directed to the Consul DNS Service IP. + cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", DNSChain, "-p", "udp", "-d", consulDNSIP, "--dport", "53", "-j", "DNAT", "--to-destination", consulDNSHostPort) + cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", DNSChain, "-p", "tcp", "-d", consulDNSIP, "--dport", "53", "-j", "DNAT", "--to-destination", consulDNSHostPort) + + // For outbound TCP and UDP traffic going to port 53 (DNS), jump to the DNSChain. Only redirect traffic that's going to consul's DNS IP. + cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", "OUTPUT", "-p", "udp", "-d", consulDNSIP, "--dport", "53", "-j", DNSChain) + cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", "OUTPUT", "-p", "tcp", "-d", consulDNSIP, "--dport", "53", "-j", DNSChain) } // For outbound TCP traffic jump from OUTPUT chain to PROXY_OUTPUT chain. diff --git a/sdk/iptables/iptables_test.go b/sdk/iptables/iptables_test.go index 1de3122e5527d..1c79fdf057b8a 100644 --- a/sdk/iptables/iptables_test.go +++ b/sdk/iptables/iptables_test.go @@ -64,6 +64,63 @@ func TestSetup(t *testing.T) { "iptables -t nat -A CONSUL_PROXY_INBOUND -p tcp -j CONSUL_PROXY_IN_REDIRECT", }, }, + { + "Consul DNS port provided", + Config{ + ProxyUserID: "123", + ProxyInboundPort: 20000, + ConsulDNSPort: 8600, + IptablesProvider: &fakeIptablesProvider{}, + }, + []string{ + "iptables -t nat -N CONSUL_PROXY_INBOUND", + "iptables -t nat -N CONSUL_PROXY_IN_REDIRECT", + "iptables -t nat -N CONSUL_PROXY_OUTPUT", + "iptables -t nat -N CONSUL_PROXY_REDIRECT", + "iptables -t nat -N CONSUL_DNS_REDIRECT", + "iptables -t nat -A CONSUL_PROXY_REDIRECT -p tcp -j REDIRECT --to-port 15001", + "iptables -t nat -A CONSUL_DNS_REDIRECT -p udp -d 127.0.0.1 --dport 53 -j DNAT --to-destination 127.0.0.1:8600", + "iptables -t nat -A CONSUL_DNS_REDIRECT -p tcp -d 127.0.0.1 --dport 53 -j DNAT --to-destination 127.0.0.1:8600", + "iptables -t nat -A OUTPUT -p udp -d 127.0.0.1 --dport 53 -j CONSUL_DNS_REDIRECT", + "iptables -t nat -A OUTPUT -p tcp -d 127.0.0.1 --dport 53 -j CONSUL_DNS_REDIRECT", + "iptables -t nat -A OUTPUT -p tcp -j CONSUL_PROXY_OUTPUT", + "iptables -t nat -A CONSUL_PROXY_OUTPUT -m owner --uid-owner 123 -j RETURN", + "iptables -t nat -A CONSUL_PROXY_OUTPUT -d 127.0.0.1/32 -j RETURN", + "iptables -t nat -A CONSUL_PROXY_OUTPUT -j CONSUL_PROXY_REDIRECT", + "iptables -t nat -A CONSUL_PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 20000", + "iptables -t nat -A PREROUTING -p tcp -j CONSUL_PROXY_INBOUND", + "iptables -t nat -A CONSUL_PROXY_INBOUND -p tcp -j CONSUL_PROXY_IN_REDIRECT", + }, + }, + { + "Consul DNS IP and port provided", + Config{ + ProxyUserID: "123", + ProxyInboundPort: 20000, + ConsulDNSIP: "10.0.34.16", + ConsulDNSPort: 8600, + IptablesProvider: &fakeIptablesProvider{}, + }, + []string{ + "iptables -t nat -N CONSUL_PROXY_INBOUND", + "iptables -t nat -N CONSUL_PROXY_IN_REDIRECT", + "iptables -t nat -N CONSUL_PROXY_OUTPUT", + "iptables -t nat -N CONSUL_PROXY_REDIRECT", + "iptables -t nat -N CONSUL_DNS_REDIRECT", + "iptables -t nat -A CONSUL_PROXY_REDIRECT -p tcp -j REDIRECT --to-port 15001", + "iptables -t nat -A CONSUL_DNS_REDIRECT -p udp -d 10.0.34.16 --dport 53 -j DNAT --to-destination 10.0.34.16:8600", + "iptables -t nat -A CONSUL_DNS_REDIRECT -p tcp -d 10.0.34.16 --dport 53 -j DNAT --to-destination 10.0.34.16:8600", + "iptables -t nat -A OUTPUT -p udp -d 10.0.34.16 --dport 53 -j CONSUL_DNS_REDIRECT", + "iptables -t nat -A OUTPUT -p tcp -d 10.0.34.16 --dport 53 -j CONSUL_DNS_REDIRECT", + "iptables -t nat -A OUTPUT -p tcp -j CONSUL_PROXY_OUTPUT", + "iptables -t nat -A CONSUL_PROXY_OUTPUT -m owner --uid-owner 123 -j RETURN", + "iptables -t nat -A CONSUL_PROXY_OUTPUT -d 127.0.0.1/32 -j RETURN", + "iptables -t nat -A CONSUL_PROXY_OUTPUT -j CONSUL_PROXY_REDIRECT", + "iptables -t nat -A CONSUL_PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 20000", + "iptables -t nat -A PREROUTING -p tcp -j CONSUL_PROXY_INBOUND", + "iptables -t nat -A CONSUL_PROXY_INBOUND -p tcp -j CONSUL_PROXY_IN_REDIRECT", + }, + }, { "proxy outbound port is provided", Config{ diff --git a/sdk/testutil/retry/retry.go b/sdk/testutil/retry/retry.go index 8be5c0f0e43e9..23d6b558f34a0 100644 --- a/sdk/testutil/retry/retry.go +++ b/sdk/testutil/retry/retry.go @@ -2,14 +2,13 @@ // // A sample retry operation looks like this: // -// func TestX(t *testing.T) { -// retry.Run(t, func(r *retry.R) { -// if err := foo(); err != nil { -// r.Fatal("f: ", err) -// } -// }) -// } -// +// func TestX(t *testing.T) { +// retry.Run(t, func(r *retry.R) { +// if err := foo(); err != nil { +// r.Fatal("f: ", err) +// } +// }) +// } package retry import ( diff --git a/sdk/testutil/server_wrapper.go b/sdk/testutil/server_wrapper.go index 5d963a2736fec..6d847f60c1317 100644 --- a/sdk/testutil/server_wrapper.go +++ b/sdk/testutil/server_wrapper.go @@ -11,8 +11,8 @@ type WrappedServer struct { // // For example, the following code snippets are equivalent. // -// server.JoinLAN(t, "1.2.3.4") -// server.Wrap(t).JoinLAN("1.2.3.4") +// server.JoinLAN(t, "1.2.3.4") +// server.Wrap(t).JoinLAN("1.2.3.4") // // This is useful when you are calling multiple functions and save the wrapped // value as another variable to reduce the inclusion of "t". diff --git a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/verify.bats b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/verify.bats index 97c712a7f9149..fd9ebc9496773 100644 --- a/test/integration/connect/envoy/case-ingress-gateway-multiple-services/verify.bats +++ b/test/integration/connect/envoy/case-ingress-gateway-multiple-services/verify.bats @@ -22,6 +22,14 @@ load helpers assert_proxy_presents_cert_uri localhost:21001 s2 } +@test "s1 proxies should be healthy" { + assert_service_has_healthy_instances s1 1 +} + +@test "s2 proxies should be healthy" { + assert_service_has_healthy_instances s2 1 +} + @test "ingress-gateway should have healthy endpoints for s1" { assert_upstream_has_endpoints_in_status 127.0.0.1:20000 s1 HEALTHY 1 } diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod index 917e708e05fa1..9536901cfb7a3 100644 --- a/test/integration/consul-container/go.mod +++ b/test/integration/consul-container/go.mod @@ -1,6 +1,6 @@ -module github.com/hashicorp/consul/integration/consul-container +module github.com/hashicorp/consul/test/integration/consul-container -go 1.18 +go 1.19 require ( github.com/docker/docker v20.10.11+incompatible diff --git a/test/integration/consul-container/libs/cluster/cluster.go b/test/integration/consul-container/libs/cluster/cluster.go index 46fd18d6c6f67..89b7fac9ef224 100644 --- a/test/integration/consul-container/libs/cluster/cluster.go +++ b/test/integration/consul-container/libs/cluster/cluster.go @@ -10,8 +10,8 @@ import ( "time" "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/integration/consul-container/libs/node" "github.com/hashicorp/consul/sdk/testutil/retry" + "github.com/hashicorp/consul/test/integration/consul-container/libs/node" "github.com/stretchr/testify/require" ) diff --git a/test/integration/consul-container/libs/node/consul-container.go b/test/integration/consul-container/libs/node/consul-container.go index 182f2451e9aab..4185308433120 100644 --- a/test/integration/consul-container/libs/node/consul-container.go +++ b/test/integration/consul-container/libs/node/consul-container.go @@ -14,7 +14,7 @@ import ( "github.com/testcontainers/testcontainers-go" "github.com/testcontainers/testcontainers-go/wait" - "github.com/hashicorp/consul/integration/consul-container/libs/utils" + "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" ) const bootLogLine = "Consul agent running" @@ -144,7 +144,7 @@ func newContainerRequest(config Config, name, configFile, dataDir, license strin app := testcontainers.ContainerRequest{ NetworkMode: dockercontainer.NetworkMode("container:" + name + "-pod"), - Image: consulImage + ":" + config.Version, + Image: config.Image + ":" + config.Version, WaitingFor: wait.ForLog(bootLogLine).WithStartupTimeout(10 * time.Second), AutoRemove: false, Name: name, diff --git a/test/integration/consul-container/libs/node/consul-container_oss.go b/test/integration/consul-container/libs/node/consul-container_oss.go index 63d335393af60..515e9dbbb55d5 100644 --- a/test/integration/consul-container/libs/node/consul-container_oss.go +++ b/test/integration/consul-container/libs/node/consul-container_oss.go @@ -2,5 +2,3 @@ // +build !consulent package node - -const consulImage = "consul" diff --git a/test/integration/consul-container/libs/node/node.go b/test/integration/consul-container/libs/node/node.go index 6f02a446c2df5..14cf3ab8d4669 100644 --- a/test/integration/consul-container/libs/node/node.go +++ b/test/integration/consul-container/libs/node/node.go @@ -18,6 +18,7 @@ type Node interface { // Config is a set of configurations required to create a Node type Config struct { HCL string + Image string Version string Cmd []string } diff --git a/test/integration/consul-container/libs/utils/version_oss.go b/test/integration/consul-container/libs/utils/version_oss.go index 7a8450e7d4728..5f65ebc9ae7c5 100644 --- a/test/integration/consul-container/libs/utils/version_oss.go +++ b/test/integration/consul-container/libs/utils/version_oss.go @@ -5,5 +5,10 @@ package utils import "flag" -var TargetImage = flag.String("target-version", "local", "docker image to be used as UUT (unit under test)") -var LatestImage = flag.String("latest-version", "1.11", "docker image to be used as latest") +// TODO: need a better way to abstract the container creation and configuration; +// please refer to the discussion in github PR + +var TargetImage = flag.String("target-image", "consul", "docker image name to be used under test (Default: consul)") +var TargetVersion = flag.String("target-version", "local", "docker image version to be used as UUT (unit under test)") +var LatestImage = flag.String("latest-image", "consul", "docker image name to be used under test (Default: consul)") +var LatestVersion = flag.String("latest-version", "1.11", "docker image to be used as latest") diff --git a/test/integration/consul-container/metrics/leader_test.go b/test/integration/consul-container/metrics/leader_test.go index 08cf0e392db15..96a9e8d99c00c 100644 --- a/test/integration/consul-container/metrics/leader_test.go +++ b/test/integration/consul-container/metrics/leader_test.go @@ -12,9 +12,9 @@ import ( "github.com/stretchr/testify/require" - libcluster "github.com/hashicorp/consul/integration/consul-container/libs/cluster" - "github.com/hashicorp/consul/integration/consul-container/libs/node" - "github.com/hashicorp/consul/integration/consul-container/libs/utils" + libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster" + "github.com/hashicorp/consul/test/integration/consul-container/libs/node" + "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" ) // Given a 3-server cluster, when the leader is elected, then leader's isLeader is 1 and non-leader's 0 @@ -29,7 +29,8 @@ func TestLeadershipMetrics(t *testing.T) { statsite_address = "127.0.0.1:2180" }`, Cmd: []string{"agent", "-client=0.0.0.0"}, - Version: *utils.TargetImage, + Version: *utils.TargetVersion, + Image: *utils.TargetImage, }) numServer := 3 @@ -41,7 +42,8 @@ func TestLeadershipMetrics(t *testing.T) { bootstrap_expect=3 server=true`, Cmd: []string{"agent", "-client=0.0.0.0"}, - Version: *utils.TargetImage, + Version: *utils.TargetVersion, + Image: *utils.TargetImage, }) } diff --git a/test/integration/consul-container/upgrade/README.md b/test/integration/consul-container/upgrade/README.md index 9d2e52f46c419..f552ca1db217f 100644 --- a/test/integration/consul-container/upgrade/README.md +++ b/test/integration/consul-container/upgrade/README.md @@ -3,4 +3,6 @@ - run `make dev-docker` - run the tests. -To specify targets and latest image pass `target-version` and `latest-version` to the tests. By default, it uses the `consul` docker image with respectively `local` and `latest` tags. \ No newline at end of file +To specify targets and latest image pass `target-version` and `latest-version` to the tests. By default, it uses the `consul` docker image with respectively `local` and `latest` tags. + +To use dev consul image, pass `target-image` and `target-version`, `-target-image hashicorppreview/consul -target-version 1.14-dev`. \ No newline at end of file diff --git a/test/integration/consul-container/upgrade/healthcheck_test.go b/test/integration/consul-container/upgrade/healthcheck_test.go index 7cc88ad6e6bb0..e3d298c17bbd9 100644 --- a/test/integration/consul-container/upgrade/healthcheck_test.go +++ b/test/integration/consul-container/upgrade/healthcheck_test.go @@ -10,9 +10,9 @@ import ( "github.com/hashicorp/consul/api" - libcluster "github.com/hashicorp/consul/integration/consul-container/libs/cluster" - "github.com/hashicorp/consul/integration/consul-container/libs/node" - "github.com/hashicorp/consul/integration/consul-container/libs/utils" + libcluster "github.com/hashicorp/consul/test/integration/consul-container/libs/cluster" + "github.com/hashicorp/consul/test/integration/consul-container/libs/node" + "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" ) // Test health check GRPC call using Target Servers and Latest GA Clients @@ -22,10 +22,10 @@ func TestTargetServersWithLatestGAClients(t *testing.T) { numClients = 1 ) - cluster := serversCluster(t, numServers, *utils.TargetImage) + cluster := serversCluster(t, numServers, *utils.TargetVersion, *utils.TargetImage) defer terminate(t, cluster) - clients := clientsCreate(t, numClients, *utils.LatestImage, cluster.EncryptKey) + clients := clientsCreate(t, numClients, *utils.LatestImage, *utils.LatestVersion, cluster.EncryptKey) require.NoError(t, cluster.AddNodes(clients)) @@ -78,7 +78,8 @@ func TestMixedServersMajorityLatestGAClient(t *testing.T) { log_level="DEBUG" server=true`, Cmd: []string{"agent", "-client=0.0.0.0"}, - Version: *utils.TargetImage, + Version: *utils.TargetVersion, + Image: *utils.TargetImage, }) for i := 1; i < 3; i++ { @@ -89,7 +90,8 @@ func TestMixedServersMajorityLatestGAClient(t *testing.T) { bootstrap_expect=3 server=true`, Cmd: []string{"agent", "-client=0.0.0.0"}, - Version: *utils.LatestImage, + Version: *utils.LatestVersion, + Image: *utils.LatestImage, }) } @@ -102,7 +104,7 @@ func TestMixedServersMajorityLatestGAClient(t *testing.T) { numClients = 1 ) - clients := clientsCreate(t, numClients, *utils.LatestImage, cluster.EncryptKey) + clients := clientsCreate(t, numClients, *utils.LatestImage, *utils.LatestVersion, cluster.EncryptKey) require.NoError(t, cluster.AddNodes(clients)) @@ -156,7 +158,8 @@ func TestMixedServersMajorityTargetGAClient(t *testing.T) { bootstrap_expect=3 server=true`, Cmd: []string{"agent", "-client=0.0.0.0"}, - Version: *utils.TargetImage, + Version: *utils.TargetVersion, + Image: *utils.TargetImage, }) } @@ -166,7 +169,8 @@ func TestMixedServersMajorityTargetGAClient(t *testing.T) { log_level="DEBUG" server=true`, Cmd: []string{"agent", "-client=0.0.0.0"}, - Version: *utils.LatestImage, + Version: *utils.LatestVersion, + Image: *utils.LatestImage, }) cluster, err := libcluster.New(configs) @@ -177,7 +181,7 @@ func TestMixedServersMajorityTargetGAClient(t *testing.T) { numClients = 1 ) - clients := clientsCreate(t, numClients, *utils.LatestImage, cluster.EncryptKey) + clients := clientsCreate(t, numClients, *utils.LatestImage, *utils.LatestVersion, cluster.EncryptKey) require.NoError(t, cluster.AddNodes(clients)) @@ -220,7 +224,7 @@ func TestMixedServersMajorityTargetGAClient(t *testing.T) { } } -func clientsCreate(t *testing.T, numClients int, version string, serfKey string) []node.Node { +func clientsCreate(t *testing.T, numClients int, image string, version string, serfKey string) []node.Node { clients := make([]node.Node, numClients) for i := 0; i < numClients; i++ { var err error @@ -232,6 +236,7 @@ func clientsCreate(t *testing.T, numClients int, version string, serfKey string) encrypt = %q`, utils.RandName("consul-client"), serfKey), Cmd: []string{"agent", "-client=0.0.0.0"}, Version: version, + Image: image, }) require.NoError(t, err) } @@ -251,7 +256,7 @@ func serviceCreate(t *testing.T, client *api.Client, serviceName string) uint64 return meta.LastIndex } -func serversCluster(t *testing.T, numServers int, version string) *libcluster.Cluster { +func serversCluster(t *testing.T, numServers int, version string, image string) *libcluster.Cluster { var configs []node.Config for i := 0; i < numServers; i++ { configs = append(configs, node.Config{ @@ -261,6 +266,7 @@ func serversCluster(t *testing.T, numServers int, version string) *libcluster.Cl server=true`, Cmd: []string{"agent", "-client=0.0.0.0"}, Version: version, + Image: image, }) } cluster, err := libcluster.New(configs) diff --git a/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs b/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs index dd372e95c8f3a..599aeae6cb602 100644 --- a/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs +++ b/ui/packages/consul-acls/app/components/consul/token/selector/index.hbs @@ -53,6 +53,7 @@ -{{#let - (hash - State=State - Guard=Guard - Action=ChartAction - dispatch=dispatch - state=state - ) -as |chart|}} -{{#let - (hash - reset=(action dispatch "RESET") - focus=this.focus - disabled=(state-matches state "loading") - error=(queue - (action dispatch "ERROR") - (action (mut this.error) value="error.errors.firstObject") - ) - submit=(queue - (action (mut this.value)) - (action dispatch "SUBMIT") - ) - ) -as |exported|}} - - {{!TODO: Call this reset or similar }} - -
- -{{#if (can 'use SSO')}} - + {{#let + (hash State=State Guard=Guard Action=ChartAction dispatch=dispatch state=state) + as |chart| + }} + {{#let + (hash + reset=(action dispatch 'RESET') + focus=this.focus + disabled=(state-matches state 'loading') + error=(queue + (action dispatch 'ERROR') (action (mut this.error) value='error.errors.firstObject') ) - (hash - label='SSO' - selected=(state-matches tabState 'sso') - ) - }} - @onclick={{queue (action tabDispatch) (action dispatch "RESET")}} - /> -{{/if}} - - {{#if this.error.status}} - - -

- {{#if this.value.Name}} - {{#if (eq this.error.status '403')}} - Consul login failed
- We received a token from your OIDC provider but could not log in to Consul with it. - {{else if (eq this.error.status '401')}} - Could not log in to provider
- The OIDC provider has rejected this access token. Please have an administrator check your auth method configuration. - {{else if (eq this.error.status '499')}} - SSO log in window closed
- The OIDC provider window was closed. Please try again. - {{else}} - Error
- {{this.error.detail}} - {{/if}} - {{else}} - {{#if (eq this.error.status '403')}} - Invalid token
- The token entered does not exist. Please enter a valid token to log in. - {{else if (eq this.error.status '404')}} - No providers
- No SSO providers are configured for that Partition. - {{else}} - Error
- {{this.error.detail}} - {{/if}} - {{/if}} -

- - - {{/if}} - - -
-
-
- - Log in - -
- + +
+
+ +
+ + Log in + +
+ - - Contact your administrator for login credentials. - - + {{yield (assign exported (hash Method=TabState))}} + + Contact your administrator for login credentials. + + -
- - - -{{/let}} -{{/let}} - \ No newline at end of file + + + + + {{/let}} + {{/let}} + diff --git a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs new file mode 100644 index 0000000000000..6ee6a31777c84 --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.hbs @@ -0,0 +1,28 @@ +{{#if isVisible}} + + +

+ {{t 'routes.dc.nodes.index.agentless.notice.header'}} +

+ + + +

+ {{t 'routes.dc.nodes.index.agentless.notice.body'}} +

+ + +

+ + {{t 'routes.dc.nodes.index.agentless.notice.footer'}} + +

+ + +{{/if}} diff --git a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js new file mode 100644 index 0000000000000..7d0850812deda --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.js @@ -0,0 +1,27 @@ +import Component from '@glimmer/component'; +import { action } from '@ember/object'; +import { storageFor } from '../../../../services/local-storage'; + +export default class AgentlessNotice extends Component { + storageKey = 'nodes-agentless-dismissed'; + @storageFor('notices') notices; + + constructor() { + super(...arguments); + + if (this.args.postfix) { + this.storageKey = `nodes-agentless-dismissed-${this.args.postfix}`; + } + } + + get isVisible() { + const { items, filteredItems } = this.args; + + return !this.notices.state.includes(this.storageKey) && items.length > filteredItems.length; + } + + @action + dismissAgentlessNotice() { + this.notices.add(this.storageKey); + } +} diff --git a/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss new file mode 100644 index 0000000000000..fc4b21ac93b01 --- /dev/null +++ b/ui/packages/consul-ui/app/components/consul/node/agentless-notice/index.scss @@ -0,0 +1,4 @@ +.agentless-node-notice header { + display: flex; + justify-content: space-between; +} diff --git a/ui/packages/consul-ui/app/components/oidc-select/index.hbs b/ui/packages/consul-ui/app/components/oidc-select/index.hbs index 1a3ef815c2c79..3c9d4cb876d99 100644 --- a/ui/packages/consul-ui/app/components/oidc-select/index.hbs +++ b/ui/packages/consul-ui/app/components/oidc-select/index.hbs @@ -1,134 +1,117 @@ - -{{#let - (hash - State=State - Guard=Guard - Action=ChartAction - dispatch=dispatch - state=state - ) -as |chart|}} + + {{#let + (hash State=State Guard=Guard Action=ChartAction dispatch=dispatch state=state) + as |chart| + }} -
- - - +
+ + + - - - Choose different Partition - - + + + Choose different Partition + + - - + + - {{! this belongs to the outer StateChart but we need }} - {{! to understand validation state }} - - - Choose provider - - + {{! this belongs to the outer StateChart but we need }} + {{! to understand validation state }} + + + Choose provider + + - + - - - + + + - - {{#if (lt this.items.length 3)}} + + {{#if (lt this.items.length 3)}} -
    - {{#each this.items as |item|}} -
  • - - Continue with {{or item.DisplayName item.Name}}{{#if (not-eq item.Namespace 'default')}} ({{item.Namespace}}){{/if}} - -
    • - {{/each}} -
+
    + {{#each this.items as |item|}} +
  • + + Continue with + {{or item.DisplayName item.Name}}{{#if (not-eq item.Namespace 'default')}} + ({{item.Namespace}}){{/if}} + +
    • + {{/each}} +
- {{else}} + {{else}} - {{#let (or this.provider (object-at 0 this.items)) as |item|}} + {{#let (or this.provider (object-at 0 this.items)) as |item|}} - - <:option as |option|> - - {{or option.item.DisplayName option.item.Name}}{{#if (not-eq option.item.Namespace 'default')}} ({{option.item.Namespace}}){{/if}} - - - + <:option as |option|> + + {{or option.item.DisplayName option.item.Name}}{{#if + (not-eq option.item.Namespace 'default') + }} ({{option.item.Namespace}}){{/if}} + + + - - Log in - + + Log in + - {{/let}} - {{/if}} - + {{/let}} + {{/if}} +
-{{/let}} - \ No newline at end of file + {{/let}} + diff --git a/ui/packages/consul-ui/app/components/oidc-select/index.js b/ui/packages/consul-ui/app/components/oidc-select/index.js index 03e24ba7de9e4..4fb78062d4d22 100644 --- a/ui/packages/consul-ui/app/components/oidc-select/index.js +++ b/ui/packages/consul-ui/app/components/oidc-select/index.js @@ -4,9 +4,14 @@ import { tracked } from '@glimmer/tracking'; import chart from './chart.xstate'; export default class OidcSelect extends Component { - @tracked partition = ''; + @tracked partition = 'default'; + constructor() { super(...arguments); this.chart = chart; + + if (this.args.partition) { + this.partition = this.args.partition; + } } } diff --git a/ui/packages/consul-ui/app/routes/application.js b/ui/packages/consul-ui/app/routes/application.js index dd81c34984a0b..e15642ef168ca 100644 --- a/ui/packages/consul-ui/app/routes/application.js +++ b/ui/packages/consul-ui/app/routes/application.js @@ -1,40 +1,19 @@ import Route from 'consul-ui/routing/route'; import { action } from '@ember/object'; import { inject as service } from '@ember/service'; -import { runInDebug } from '@ember/debug'; import WithBlockingActions from 'consul-ui/mixins/with-blocking-actions'; export default class ApplicationRoute extends Route.extend(WithBlockingActions) { @service('client/http') client; @service('env') env; - @service('repository/token') tokenRepo; - @service('settings') settings; + @service() hcp; data; async model() { if (this.env.var('CONSUL_ACLS_ENABLED')) { - const secret = this.env.var('CONSUL_HTTP_TOKEN'); - const existing = await this.settings.findBySlug('token'); - if (!existing.AccessorID && secret) { - try { - const token = await this.tokenRepo.self({ - secret: secret, - dc: this.env.var('CONSUL_DATACENTER_LOCAL'), - }); - await this.settings.persist({ - token: { - AccessorID: token.AccessorID, - SecretID: token.SecretID, - Namespace: token.Namespace, - Partition: token.Partition, - }, - }); - } catch (e) { - runInDebug((_) => console.error(e)); - } - } + await this.hcp.updateTokenIfNecessary(this.env.var('CONSUL_HTTP_TOKEN')); } return {}; } diff --git a/ui/packages/consul-ui/app/services/env.js b/ui/packages/consul-ui/app/services/env.js index bbd9a9c1ea068..97b54c94cd530 100644 --- a/ui/packages/consul-ui/app/services/env.js +++ b/ui/packages/consul-ui/app/services/env.js @@ -12,3 +12,63 @@ export default class EnvService extends Service { return env(key); } } +/** + * Stub class that can be used in testing when we want to test + * interactions with the EnvService. We can use `EnvStub.stubEnv` to setup + * an Env-Service that returns certain values we need to execute our tests. + * + * Example: + * + * ```js + * // some-test.js + * test('testing interaction with Env-service', async function(assert) { + * this.owner.register('service:env', class Stub extends EnvStub { + * . stubEnv = { + * CONSUL_ACLS_ENABLED: true + * } + * }) + * }) + * ``` + */ +export class EnvStub extends EnvService { + var(key) { + const { stubEnv } = this; + + const stubbed = stubEnv[key]; + + if (stubbed) { + return stubbed; + } else { + return super.var(...arguments); + } + } +} + +/** + * Helper function to allow stubbing out data that is accessed by the application + * based on the Env-service. You will need to call this before the env-service gets + * initialized because it overrides the env-service injection on the owner. + * + * Example: + * + * ```js + * test('test something env related', async function(assert) { + * setupTestEnv(this.owner, { + * CONSUL_ACLS_ENABLED: true + * }); + * + * // ... + * }) + * ``` + * + * @param {*} owner - the owner of the test instance (usually `this.owner`) + * @param {*} stubEnv - an object that holds the stubbed env-data + */ +export function setupTestEnv(owner, stubEnv) { + owner.register( + 'service:env', + class Stub extends EnvStub { + stubEnv = stubEnv; + } + ); +} diff --git a/ui/packages/consul-ui/app/services/hcp.js b/ui/packages/consul-ui/app/services/hcp.js new file mode 100644 index 0000000000000..f0168254d5162 --- /dev/null +++ b/ui/packages/consul-ui/app/services/hcp.js @@ -0,0 +1,37 @@ +import Service, { inject as service } from '@ember/service'; +import { runInDebug } from '@ember/debug'; + +/** + * A service to encapsulate all logic that handles dealing with setting up consul + * core correctly when started via HCP. + */ +export default class HCPService extends Service { + @service('env') env; + @service('repository/token') tokenRepo; + @service('settings') settings; + + async updateTokenIfNecessary(secret) { + if (secret) { + const existing = await this.settings.findBySlug('token'); + + if (secret && secret !== existing.SecretID) { + try { + const token = await this.tokenRepo.self({ + secret: secret, + dc: this.env.var('CONSUL_DATACENTER_LOCAL'), + }); + await this.settings.persist({ + token: { + AccessorID: token.AccessorID, + SecretID: token.SecretID, + Namespace: token.Namespace, + Partition: token.Partition, + }, + }); + } catch (e) { + runInDebug((_) => console.error(e)); + } + } + } + } +} diff --git a/ui/packages/consul-ui/app/services/local-storage.js b/ui/packages/consul-ui/app/services/local-storage.js new file mode 100644 index 0000000000000..b882855702f5f --- /dev/null +++ b/ui/packages/consul-ui/app/services/local-storage.js @@ -0,0 +1,126 @@ +import Service from '@ember/service'; +import { getOwner } from '@ember/application'; +import ENV from 'consul-ui/config/environment'; + +export function storageFor(key) { + return function () { + return { + get() { + const owner = getOwner(this); + + const localStorageService = owner.lookup('service:localStorage'); + + return localStorageService.getBucket(key); + }, + }; + }; +} + +/** + * An in-memory stub of window.localStorage. Ideally this would + * implement the [Storage](https://developer.mozilla.org/en-US/docs/Web/API/Storage)-interface that localStorage implements + * as well. + * + * We use this implementation during testing to not pollute `window.localStorage` + */ +class MemoryStorage { + constructor() { + this.data = new Map(); + } + + getItem(key) { + return this.data.get(key); + } + + setItem(key, value) { + return this.data.set(key, value.toString()); + } + + /** + * A function to seed data into MemoryStorage. This expects an object to be + * passed. The passed values will be persisted as a string - i.e. the values + * passed will call their `toString()`-method before writing to storage. You need + * to take this into account when you want to persist complex values, like arrays + * or objects: + * + * Example: + * + * ```js + * const storage = new MemoryStorage(); + * storage.seed({ notices: ['notice-a', 'notice-b']}); + * + * storage.getItem('notices') // => 'notice-a,notice-b' + * + * // won't work + * storage.seed({ + * user: { name: 'Tomster' } + * }) + * + * storage.getItem('user') // => '[object Object]' + * + * // this works + * storage.seed({ + * . user: JSON.stringify({name: 'Tomster'}) + * }) + * + * storage.getItem('user') // => '{ "name": "Tomster" }' + * ``` + * @param {object} data - the data to seed + */ + seed(data) { + const newData = new Map(); + + const keys = Object.keys(data); + + keys.forEach((key) => { + newData.set(key, data[key].toString()); + }); + + this.data = newData; + } +} + +/** + * There might be better ways to do this but this is good enough for now. + * During testing we want to use MemoryStorage not window.localStorage. + */ +function initStorage() { + if (ENV.environment === 'test') { + return new MemoryStorage(); + } else { + return window.localStorage; + } +} + +/** + * A service that wraps access to local-storage. We wrap + * local-storage to not pollute local-storage during testing. + */ +export default class LocalStorageService extends Service { + constructor() { + super(...arguments); + + this.storage = initStorage(); + this.buckets = new Map(); + } + + getBucket(key) { + const bucket = this.buckets.get(key); + + if (bucket) { + return bucket; + } else { + return this._setupBucket(key); + } + } + + _setupBucket(key) { + const owner = getOwner(this); + const Klass = owner.factoryFor(`storage:${key}`).class; + const storage = new Klass(key, this.storage); + + this.buckets.set(key, storage); + + return storage; + } +} diff --git a/ui/packages/consul-ui/app/storages/base.js b/ui/packages/consul-ui/app/storages/base.js new file mode 100644 index 0000000000000..50a26fa669488 --- /dev/null +++ b/ui/packages/consul-ui/app/storages/base.js @@ -0,0 +1,14 @@ +export default class Storage { + constructor(key, storage) { + this.key = key; + this.storage = storage; + + this.state = this.initState(this.key, this.storage); + } + + initState() { + const { key, storage } = this; + + return storage.getItem(key); + } +} diff --git a/ui/packages/consul-ui/app/storages/notices.js b/ui/packages/consul-ui/app/storages/notices.js new file mode 100644 index 0000000000000..549219764c9ed --- /dev/null +++ b/ui/packages/consul-ui/app/storages/notices.js @@ -0,0 +1,24 @@ +import { TrackedArray } from 'tracked-built-ins'; +import Storage from './base'; + +export default class Notices extends Storage { + initState() { + const { key, storage } = this; + + const persisted = storage.getItem(key); + + if (persisted) { + return new TrackedArray(persisted.split(',')); + } else { + return new TrackedArray(); + } + } + + add(value) { + const { key, storage, state } = this; + + state.push(value); + + storage.setItem(key, [...state]); + } +} diff --git a/ui/packages/consul-ui/app/styles/components.scss b/ui/packages/consul-ui/app/styles/components.scss index 4a7e7b9e05920..656b05cf1ca3f 100644 --- a/ui/packages/consul-ui/app/styles/components.scss +++ b/ui/packages/consul-ui/app/styles/components.scss @@ -110,3 +110,4 @@ @import 'consul-ui/components/consul/peer/info'; @import 'consul-ui/components/consul/peer/form'; @import 'consul-ui/components/consul/hcp/home'; +@import 'consul-ui/components/consul/node/agentless-notice'; diff --git a/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs b/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs index dcdc8c59161da..8459018cce551 100644 --- a/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs +++ b/ui/packages/consul-ui/app/templates/dc/nodes/index.hbs @@ -60,6 +60,7 @@ {{/if}} + item !== '') .filter((item) => item.split('=').shift().startsWith('CONSUL_')); }; + + // Define the function that reads in "Scenarios", parse and set cookies and set theme if specified. + // See https://github.com/hashicorp/consul/blob/main/ui/packages/consul-ui/docs/bookmarklets.mdx win['Scenario'] = function (str = '') { if (str.length > 0) { cookies(str).forEach((item) => { @@ -55,6 +58,7 @@ export default function (config = {}, win = window, doc = document) { ); } }; + if ( typeof win.location !== 'undefined' && typeof win.location.hash === 'string' && @@ -63,6 +67,8 @@ export default function (config = {}, win = window, doc = document) { win['Scenario'](win.location.hash.substr(1)); } }); + + // Defines a function that reads in the cookies and parses the cookie keys. const dev = function (str = doc.cookie) { return str .split(';') @@ -72,6 +78,7 @@ export default function (config = {}, win = window, doc = document) { return [key, rest.join('=')]; }); }; + const user = function (str) { const item = win.localStorage.getItem(str); return item === null ? undefined : item; @@ -205,6 +212,9 @@ export default function (config = {}, win = window, doc = document) { case 'CONSUL_ACLS_ENABLE': prev['CONSUL_ACLS_ENABLED'] = !!JSON.parse(String(value).toLowerCase()); break; + case 'CONSUL_AGENTLESS_ENABLE': + prev['CONSUL_AGENTLESS_ENABLED'] = !!JSON.parse(String(value).toLowerCase()); + break; case 'CONSUL_NSPACES_ENABLE': prev['CONSUL_NSPACES_ENABLED'] = !!JSON.parse(String(value).toLowerCase()); break; @@ -272,6 +282,7 @@ export default function (config = {}, win = window, doc = document) { case 'CONSUL_ACLS_ENABLED': case 'CONSUL_NSPACES_ENABLED': case 'CONSUL_PEERINGS_ENABLED': + case 'CONSUL_AGENTLESS_ENABLED': case 'CONSUL_HCP_ENABLED': case 'CONSUL_SSO_ENABLED': case 'CONSUL_PARTITIONS_ENABLED': diff --git a/ui/packages/consul-ui/docs/bookmarklets.mdx b/ui/packages/consul-ui/docs/bookmarklets.mdx index 0854dc6331122..62447ed8a8273 100644 --- a/ui/packages/consul-ui/docs/bookmarklets.mdx +++ b/ui/packages/consul-ui/docs/bookmarklets.mdx @@ -10,6 +10,7 @@ Below is a list of the most commonly used functions as bookmarklets followed by | [Save Current Scenario](javascript:Scenario()) | Opens a tab with links to allow you to create a bookmarklet or share a URL of your current scenario (your Consul UI related development/debug cookies) | | [Toggle Color Scheme](javascript:Scenario('CONSUL_COLOR_SCHEME=!')) | Toggle Color Scheme from light to dark or vice versa | | [Enable ACLs](javascript:Scenario('CONSUL_ACLS_ENABLE=1')) | Enable ACLs | +| [Enable Agentless](javascript:Scenario('CONSUL_AGENTLESS_ENABLE=1')) | Enable synthetic nodes (agentless) in the mock data | | [Enable TProxy](javascript:Scenario('CONSUL_TPROXY_ENABLE=1')) | Enable TProxy | | [Enable Nspaces](javascript:Scenario('CONSUL_NSPACES_ENABLE=1')) | Enable Namespace Support | | [Enable Peers](javascript:Scenario('CONSUL_PEERINGS_ENABLE=1')) | Enable Peering Support | @@ -40,6 +41,7 @@ token/secret. | -------- | ------------- | ----------- | | `CONSUL_ACLS_ENABLE` | false | Enable/disable ACLs support. | | `CONSUL_ACLS_LEGACY` | false | Enable/disable legacy ACLs support. | +| `CONSUL_AGENTLESS_ENABLE` | false | Enable/disable synthetic nodes (agentless) in the mock data. | | `CONSUL_TPROXY_ENABLE` | false | Enable/disable TProxy support globally (if not a service may have this applied randomly). | | `CONSUL_NSPACES_ENABLE` | false | Enable/disable Namespace support. | | `CONSUL_SSO_ENABLE` | false | Enable/disable SSO support. | diff --git a/ui/packages/consul-ui/mock-api/v1/health/service/_ b/ui/packages/consul-ui/mock-api/v1/health/service/_ index 40e41019f4cf3..e7862a4aaf1da 100644 --- a/ui/packages/consul-ui/mock-api/v1/health/service/_ +++ b/ui/packages/consul-ui/mock-api/v1/health/service/_ @@ -54,7 +54,7 @@ "TaggedAddresses":{"lan":"${ip}","wan":"${ip}"}, "Meta":{ "${service}-network-segment":"", - "synthetic-node":${externalSource === 'kubernetes' ? true : false} + "synthetic-node":${env('CONSUL_AGENTLESS_ENABLED') && externalSource === 'kubernetes' ? true : false} }, ${typeof location.search.peer !== 'undefined' ? ` "PeerName": "${location.search.peer}", diff --git a/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes b/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes index 8b63b7997d0a5..2740d824a4f60 100644 --- a/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes +++ b/ui/packages/consul-ui/mock-api/v1/internal/ui/nodes @@ -24,7 +24,8 @@ "wan":"${fake.internet.ip()}" }, "Meta": { - "consul-network-segment":"" + "consul-network-segment":"", + "synthetic-node": ${env('CONSUL_AGENTLESS_ENABLED') ? fake.helpers.randomize([true, false, false, false]) : false} }, "Services":[ ${ diff --git a/ui/packages/consul-ui/package.json b/ui/packages/consul-ui/package.json index 146ff10df217b..54bf1e27abf54 100644 --- a/ui/packages/consul-ui/package.json +++ b/ui/packages/consul-ui/package.json @@ -191,6 +191,7 @@ "text-encoding": "^0.7.0", "tippy.js": "^6.2.7", "torii": "^0.10.1", + "tracked-built-ins": "^3.1.0", "unist-util-visit": "^2.0.3", "wayfarer": "^7.0.1", "webpack": "^5.74.0" diff --git a/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js b/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js new file mode 100644 index 0000000000000..28e08aaef8210 --- /dev/null +++ b/ui/packages/consul-ui/tests/acceptance/hcp-login-test.js @@ -0,0 +1,173 @@ +import { module, test } from 'qunit'; +import { visit } from '@ember/test-helpers'; +import { setupApplicationTest } from 'ember-qunit'; +import { setupTestEnv } from 'consul-ui/services/env'; +import TokenRepo from 'consul-ui/services/repository/token'; +import SettingsService from 'consul-ui/services/settings'; + +const TOKEN_SET_BY_HCP = 'token-set-by-hcp'; + +module('Acceptance | hcp login', function (hooks) { + setupApplicationTest(hooks); + + module('with `CONSUL_HTTP_TOKEN` not set', function () { + hooks.beforeEach(function () { + setupTestEnv(this.owner, { + CONSUL_ACLS_ENABLED: true, + }); + }); + + test('we do not call the token endpoint', async function (assert) { + this.owner.register( + 'service:repository/token', + class extends TokenRepo { + self() { + assert.step('token'); + + return super.self(...arguments); + } + } + ); + + await visit('/'); + + assert.verifySteps([], 'we do not try to fetch new token'); + }); + }); + + module('with `CONSUL_HTTP_TOKEN` set', function (hooks) { + hooks.beforeEach(function () { + setupTestEnv(this.owner, { + CONSUL_ACLS_ENABLED: true, + CONSUL_HTTP_TOKEN: TOKEN_SET_BY_HCP, + }); + }); + + test('when no token was persisted to settings', async function (assert) { + assert.expect(3); + + // stub out the settings service to not access local-storage directly + this.owner.register( + 'service:settings', + class extends SettingsService { + async findBySlug(slug) { + // make sure we don't find anything + if (slug === 'token') { + // we return an empty string if nothing is found + return Promise.resolve(''); + } else { + return super.findBySlug(...arguments); + } + } + } + ); + + // There's no way to hook into the api handlers like with mirage + // so we need to stub the repo methods + this.owner.register( + 'service:repository/token', + class extends TokenRepo { + self(params) { + const { secret } = params; + + assert.equal( + secret, + TOKEN_SET_BY_HCP, + 'we try to request token based on what HCP set for us' + ); + + assert.step('token'); + + return super.self(...arguments); + } + } + ); + + await visit('/'); + + assert.verifySteps(['token'], 'we try to call token endpoint to fetch new token'); + }); + + test('when we already persisted a token to settings and it is different to the secret HCP set for us', async function (assert) { + assert.expect(3); + + this.owner.register( + 'service:settings', + class extends SettingsService { + async findBySlug(slug) { + if (slug === 'token') { + return Promise.resolve({ + AccessorID: 'accessor', + SecretID: 'secret', + Namespace: 'default', + Partition: 'default', + }); + } else { + return super.findBySlug(...arguments); + } + } + } + ); + + this.owner.register( + 'service:repository/token', + class extends TokenRepo { + self(params) { + const { secret } = params; + + assert.equal( + secret, + TOKEN_SET_BY_HCP, + 'we try to request token based on what HCP set for us' + ); + + assert.step('token'); + + return super.self(...arguments); + } + } + ); + + await visit('/'); + + assert.verifySteps(['token'], 'we call token endpoint to fetch new token'); + }); + + test('when we already persisted a token to settings, but it is the same secret as HCP set for us', async function (assert) { + assert.expect(1); + + this.owner.register( + 'service:settings', + class extends SettingsService { + async findBySlug(slug) { + if (slug === 'token') { + return Promise.resolve({ + AccessorID: 'accessor', + SecretID: TOKEN_SET_BY_HCP, + Namespace: 'default', + Partition: 'default', + }); + } else { + return super.findBySlug(...arguments); + } + } + } + ); + + this.owner.register( + 'service:repository/token', + class extends TokenRepo { + self() { + assert.step('token'); + + return super.self(...arguments); + } + } + ); + + await visit('/'); + + assert.verifySteps([], 'we do not try to fetch new token'); + }); + }); +}); diff --git a/ui/packages/consul-ui/tests/acceptance/login.feature b/ui/packages/consul-ui/tests/acceptance/login.feature index 17a4ab82b5ee8..9af0bbfeeed48 100644 --- a/ui/packages/consul-ui/tests/acceptance/login.feature +++ b/ui/packages/consul-ui/tests/acceptance/login.feature @@ -41,6 +41,7 @@ Feature: login --- And I click login on the navigation And I click "[data-test-tab=tab_sso] button" + Then the "[name='partition']" input should have the value "default" And I type "partition" into "[name=partition]" And I click ".oidc-select button" Then a GET request was made to "/v1/internal/ui/oidc-auth-methods?dc=dc-1&ns=@namespace&partition=partition" diff --git a/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js b/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js new file mode 100644 index 0000000000000..db05c8162f502 --- /dev/null +++ b/ui/packages/consul-ui/tests/integration/components/consul/node/agentless-notice-test.js @@ -0,0 +1,89 @@ +import { module, test } from 'qunit'; +import { setupRenderingTest } from 'ember-qunit'; +import hbs from 'htmlbars-inline-precompile'; +import { click, render } from '@ember/test-helpers'; + +module('Integration | Component | consul node agentless-notice', function (hooks) { + setupRenderingTest(hooks); + + test('it does not display the notice if the filtered nodes are the same as the regular nodes', async function (assert) { + this.set('nodes', [ + { + Meta: { + 'synthetic-node': false, + }, + }, + ]); + + this.set('filteredNodes', [ + { + Meta: { + 'synthetic-node': false, + }, + }, + ]); + + await render( + hbs`` + ); + assert + .dom('[data-test-node-agentless-notice]') + .doesNotExist( + 'The agentless notice should not display if the items are the same as the filtered items' + ); + }); + + test('it does display the notice when the filtered items are smaller then the regular items', async function (assert) { + this.set('nodes', [ + { + Meta: { + 'synthetic-node': true, + }, + }, + ]); + + this.set('filteredNodes', []); + + await render( + hbs`` + ); + + assert + .dom('[data-test-node-agentless-notice]') + .exists( + 'The agentless notice should display if their are less items then the filtered items' + ); + + await click('button'); + assert + .dom('[data-test-node-agentless-notice]') + .doesNotExist('The agentless notice be dismissed'); + }); + + test('it does not display if the localstorage key is already set to true', async function (assert) { + this.set('nodes', [ + { + Meta: { + 'synthetic-node': false, + }, + }, + ]); + + this.set('filteredNodes', []); + + const localStorage = this.owner.lookup('service:local-storage'); + localStorage.storage.seed({ + notices: ['nodes-agentless-dismissed-partition'], + }); + + await render( + hbs`` + ); + + assert + .dom('[data-test-node-agentless-notice]') + .doesNotExist( + 'The agentless notice should not display if the dismissal has already been stored in local storage' + ); + }); +}); diff --git a/ui/packages/consul-ui/tests/steps/assertions/dom.js b/ui/packages/consul-ui/tests/steps/assertions/dom.js index b4727055c657d..d508911e66363 100644 --- a/ui/packages/consul-ui/tests/steps/assertions/dom.js +++ b/ui/packages/consul-ui/tests/steps/assertions/dom.js @@ -85,5 +85,13 @@ export default function (scenario, assert, pauseUntil, find, currentURL, clipboa }) .then(['the title should be "$title"'], function (title) { assert.equal(document.title, title, `Expected the document.title to equal "${title}"`); + }) + .then(['the "$selector" input should have the value "$value"'], function (selector, value) { + const $el = find(selector); + assert.equal( + $el.value, + value, + `Expected the input at ${selector} to have value ${value}, but it had ${$el.value}` + ); }); } diff --git a/ui/packages/consul-ui/translations/routes/en-us.yaml b/ui/packages/consul-ui/translations/routes/en-us.yaml index e8b134dfb4fd7..f9cd5ad10df15 100644 --- a/ui/packages/consul-ui/translations/routes/en-us.yaml +++ b/ui/packages/consul-ui/translations/routes/en-us.yaml @@ -55,6 +55,11 @@ dc: nodes: index: + agentless: + notice: + header: Consul 1.14 removes client nodes from Kubernetes Service Mesh deployments + body: Kubernetes clusters do not require client nodes to run as of Consul 1.14. Kubernetes nodes will not appear in this view. + footer: View documentation on Consul Dataplane empty: header: | {items, select, diff --git a/ui/yarn.lock b/ui/yarn.lock index a1b3fb4c01e7f..37167863189c2 100644 --- a/ui/yarn.lock +++ b/ui/yarn.lock @@ -7982,7 +7982,7 @@ ember-cli-babel@^6.0.0, ember-cli-babel@^6.0.0-beta.4, ember-cli-babel@^6.11.0, ember-cli-version-checker "^2.1.2" semver "^5.5.0" -ember-cli-babel@^7.12.0, ember-cli-babel@^7.13.2, ember-cli-babel@^7.26.1, ember-cli-babel@^7.26.11, ember-cli-babel@^7.26.3, ember-cli-babel@^7.26.5, ember-cli-babel@^7.4.0: +ember-cli-babel@^7.12.0, ember-cli-babel@^7.13.2, ember-cli-babel@^7.26.1, ember-cli-babel@^7.26.10, ember-cli-babel@^7.26.11, ember-cli-babel@^7.26.3, ember-cli-babel@^7.26.5, ember-cli-babel@^7.4.0: version "7.26.11" resolved "https://registry.yarnpkg.com/ember-cli-babel/-/ember-cli-babel-7.26.11.tgz#50da0fe4dcd99aada499843940fec75076249a9f" integrity sha512-JJYeYjiz/JTn34q7F5DSOjkkZqy8qwFOOxXfE6pe9yEJqWGu4qErKxlz8I22JoVEQ/aBUO+OcKTpmctvykM9YA== @@ -8448,6 +8448,22 @@ ember-cli-typescript@^5.0.0: stagehand "^1.0.0" walk-sync "^2.2.0" +ember-cli-typescript@^5.1.0: + version "5.1.1" + resolved "https://registry.yarnpkg.com/ember-cli-typescript/-/ember-cli-typescript-5.1.1.tgz#cf561026f3e7bd05312c1c212acffa1c30d5fa0c" + integrity sha512-DbzATYWY8nbXwSxXqtK8YlqGJTcyFyL+eg6IGCc2ur0AMnq/H+o6Z9np9eGoq1sI+HwX7vBkOVoD3k0WurAwXg== + dependencies: + ansi-to-html "^0.6.15" + broccoli-stew "^3.0.0" + debug "^4.0.0" + execa "^4.0.0" + fs-extra "^9.0.1" + resolve "^1.5.0" + rsvp "^4.8.1" + semver "^7.3.2" + stagehand "^1.0.0" + walk-sync "^2.2.0" + ember-cli-version-checker@^2.1.0, ember-cli-version-checker@^2.1.2: version "2.2.0" resolved "https://registry.yarnpkg.com/ember-cli-version-checker/-/ember-cli-version-checker-2.2.0.tgz#47771b731fe0962705e27c8199a9e3825709f3b3" @@ -9247,6 +9263,14 @@ ember-text-measurer@^0.6.0: ember-cli-babel "^7.19.0" ember-cli-htmlbars "^4.3.1" +ember-tracked-storage-polyfill@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/ember-tracked-storage-polyfill/-/ember-tracked-storage-polyfill-1.0.0.tgz#84d307a1e4badc5f84dca681db2cfea9bdee8a77" + integrity sha512-eL7lZat68E6P/D7b9UoTB5bB5Oh/0aju0Z7PCMi3aTwhaydRaxloE7TGrTRYU+NdJuyNVZXeGyxFxn2frvd3TA== + dependencies: + ember-cli-babel "^7.26.3" + ember-cli-htmlbars "^5.7.1" + "ember-truth-helpers@^2.1.0 || ^3.0.0", ember-truth-helpers@^3.0.0: version "3.0.0" resolved "https://registry.yarnpkg.com/ember-truth-helpers/-/ember-truth-helpers-3.0.0.tgz#86766bdca4ac9b86bce3d262dff2aabc4a0ea384" @@ -16641,6 +16665,15 @@ tr46@~0.0.3: resolved "https://registry.yarnpkg.com/tr46/-/tr46-0.0.3.tgz#8184fd347dac9cdc185992f3a6622e14b9d9ab6a" integrity sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw== +tracked-built-ins@^3.1.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/tracked-built-ins/-/tracked-built-ins-3.1.0.tgz#827703e8e8857e45ac449dfc41e8706e0d6da309" + integrity sha512-yPEZV1aYaw7xFWdoEluvdwNxIJIA834HaBQaMATjNAYPwd1fRqIJ46YnuRo6+9mRRWu6nM6sJqrVVa5H6UhFuw== + dependencies: + ember-cli-babel "^7.26.10" + ember-cli-typescript "^5.1.0" + ember-tracked-storage-polyfill "^1.0.0" + tracked-maps-and-sets@^2.1.0: version "2.2.1" resolved "https://registry.yarnpkg.com/tracked-maps-and-sets/-/tracked-maps-and-sets-2.2.1.tgz#323dd40540c561e8b0ffdec8bf129c68ec5025f9" diff --git a/website/content/api-docs/acl/auth-methods.mdx b/website/content/api-docs/acl/auth-methods.mdx index 20af941e306da..f40ad2575cad6 100644 --- a/website/content/api-docs/acl/auth-methods.mdx +++ b/website/content/api-docs/acl/auth-methods.mdx @@ -28,7 +28,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -159,7 +159,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -211,7 +211,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -350,7 +350,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -392,7 +392,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/acl/binding-rules.mdx b/website/content/api-docs/acl/binding-rules.mdx index 296ca71dfda8f..893dc485f9329 100644 --- a/website/content/api-docs/acl/binding-rules.mdx +++ b/website/content/api-docs/acl/binding-rules.mdx @@ -28,7 +28,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -157,7 +157,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -207,7 +207,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -345,7 +345,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -387,7 +387,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/acl/index.mdx b/website/content/api-docs/acl/index.mdx index 44d1c5f425208..40ef081911629 100644 --- a/website/content/api-docs/acl/index.mdx +++ b/website/content/api-docs/acl/index.mdx @@ -32,7 +32,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -99,7 +99,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -201,7 +201,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -250,7 +250,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -286,7 +286,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -381,7 +381,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -419,7 +419,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -502,7 +502,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/acl/legacy.mdx b/website/content/api-docs/acl/legacy.mdx index 60c32d55769c9..da8144157f387 100644 --- a/website/content/api-docs/acl/legacy.mdx +++ b/website/content/api-docs/acl/legacy.mdx @@ -28,7 +28,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -87,7 +87,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -141,7 +141,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -178,7 +178,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -227,7 +227,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -266,7 +266,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/acl/policies.mdx b/website/content/api-docs/acl/policies.mdx index 90d1d0755b0a7..4668bc3c86faa 100644 --- a/website/content/api-docs/acl/policies.mdx +++ b/website/content/api-docs/acl/policies.mdx @@ -27,7 +27,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -105,7 +105,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -155,7 +155,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -205,7 +205,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -292,7 +292,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -334,7 +334,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/acl/roles.mdx b/website/content/api-docs/acl/roles.mdx index cb5ce78d31e0e..9648670720b4c 100644 --- a/website/content/api-docs/acl/roles.mdx +++ b/website/content/api-docs/acl/roles.mdx @@ -26,7 +26,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -172,7 +172,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -242,7 +242,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -311,7 +311,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -435,7 +435,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -477,7 +477,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/acl/tokens.mdx b/website/content/api-docs/acl/tokens.mdx index 0d41eceb6a782..7988e5f754238 100644 --- a/website/content/api-docs/acl/tokens.mdx +++ b/website/content/api-docs/acl/tokens.mdx @@ -26,7 +26,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -172,7 +172,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -328,7 +328,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -383,7 +383,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -541,7 +541,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -626,7 +626,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -668,7 +668,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/agent/check.mdx b/website/content/api-docs/agent/check.mdx index b4e818fe83b87..98f33cf328372 100644 --- a/website/content/api-docs/agent/check.mdx +++ b/website/content/api-docs/agent/check.mdx @@ -34,7 +34,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------ | @@ -112,7 +112,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------------------- | @@ -316,7 +316,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------------------- | @@ -354,7 +354,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------------------- | @@ -393,7 +393,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------------------- | @@ -435,7 +435,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------------------- | @@ -477,7 +477,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------------------- | diff --git a/website/content/api-docs/agent/connect.mdx b/website/content/api-docs/agent/connect.mdx index 7e97cf1628c37..f706fd47e840c 100644 --- a/website/content/api-docs/agent/connect.mdx +++ b/website/content/api-docs/agent/connect.mdx @@ -46,7 +46,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | -------------------- | --------------- | @@ -121,7 +121,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | -------------------- | ------------ | @@ -189,7 +189,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | -------------------- | --------------- | diff --git a/website/content/api-docs/agent/index.mdx b/website/content/api-docs/agent/index.mdx index 86dfa573bf348..f2c086d56b3d2 100644 --- a/website/content/api-docs/agent/index.mdx +++ b/website/content/api-docs/agent/index.mdx @@ -34,7 +34,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -223,7 +223,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -291,7 +291,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -371,7 +371,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------- | @@ -404,7 +404,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -463,7 +463,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -585,7 +585,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -630,7 +630,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------- | @@ -672,7 +672,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------- | @@ -711,7 +711,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -788,7 +788,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------- | diff --git a/website/content/api-docs/agent/service.mdx b/website/content/api-docs/agent/service.mdx index 02d3af8bb41b2..afeb4abbc8235 100644 --- a/website/content/api-docs/agent/service.mdx +++ b/website/content/api-docs/agent/service.mdx @@ -33,7 +33,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------- | @@ -147,7 +147,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ----------------- | ----------------- | ------------- | -------------- | @@ -251,7 +251,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------- | @@ -582,7 +582,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -758,7 +758,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -798,7 +798,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | diff --git a/website/content/api-docs/catalog.mdx b/website/content/api-docs/catalog.mdx index 5ce5fb021eb0c..51f3c18da8e55 100644 --- a/website/content/api-docs/catalog.mdx +++ b/website/content/api-docs/catalog.mdx @@ -27,7 +27,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------------------- | @@ -179,7 +179,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------------------- | @@ -266,7 +266,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -301,7 +301,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -397,7 +397,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------- | @@ -502,7 +502,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | -------------------- | ------------------------ | @@ -735,7 +735,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------ | @@ -864,7 +864,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------ | @@ -1005,7 +1005,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------- | diff --git a/website/content/api-docs/config.mdx b/website/content/api-docs/config.mdx index fa71dc95f23db..128cb8252cb34 100644 --- a/website/content/api-docs/config.mdx +++ b/website/content/api-docs/config.mdx @@ -27,7 +27,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------------------------------- | @@ -94,7 +94,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------------------- | @@ -165,7 +165,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------------------- | @@ -239,7 +239,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------------------------------- | diff --git a/website/content/api-docs/connect/ca.mdx b/website/content/api-docs/connect/ca.mdx index 7a617c57b0d1a..3d3e456c18f33 100644 --- a/website/content/api-docs/connect/ca.mdx +++ b/website/content/api-docs/connect/ca.mdx @@ -24,7 +24,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -116,7 +116,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ----------------------------- | @@ -161,7 +161,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | diff --git a/website/content/api-docs/connect/intentions.mdx b/website/content/api-docs/connect/intentions.mdx index 716b8533f2bfe..a979a3e6d779b 100644 --- a/website/content/api-docs/connect/intentions.mdx +++ b/website/content/api-docs/connect/intentions.mdx @@ -39,7 +39,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------------ | @@ -145,7 +145,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------------ | @@ -242,7 +242,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------------ | @@ -296,7 +296,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ----------------------------- | @@ -368,7 +368,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ----------------------------- | @@ -431,7 +431,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ----------------------------- | @@ -518,7 +518,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------------ | @@ -573,7 +573,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------------ | @@ -629,7 +629,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ----------------------------- | @@ -689,7 +689,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | -------------------- | ----------------------------- | diff --git a/website/content/api-docs/coordinate.mdx b/website/content/api-docs/coordinate.mdx index aecb63859c844..2116569f2e90d 100644 --- a/website/content/api-docs/coordinate.mdx +++ b/website/content/api-docs/coordinate.mdx @@ -32,7 +32,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -88,7 +88,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -147,7 +147,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -209,7 +209,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/discovery-chain.mdx b/website/content/api-docs/discovery-chain.mdx index 623726e12bf4c..3d483415d6a4b 100644 --- a/website/content/api-docs/discovery-chain.mdx +++ b/website/content/api-docs/discovery-chain.mdx @@ -41,7 +41,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | -------------------- | -------------- | diff --git a/website/content/api-docs/event.mdx b/website/content/api-docs/event.mdx index f11844582db13..ac13d0dddad28 100644 --- a/website/content/api-docs/event.mdx +++ b/website/content/api-docs/event.mdx @@ -23,7 +23,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------- | @@ -101,7 +101,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/health.mdx b/website/content/api-docs/health.mdx index 8e423cffc4792..ba5eef9788a07 100644 --- a/website/content/api-docs/health.mdx +++ b/website/content/api-docs/health.mdx @@ -31,7 +31,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------ | @@ -125,7 +125,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------ | @@ -215,7 +215,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | -------------------- | ----------------- | -------------------- | ------------------------ | @@ -460,7 +460,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------ | diff --git a/website/content/api-docs/kv.mdx b/website/content/api-docs/kv.mdx index ba4b1b4024e78..f23306403d303 100644 --- a/website/content/api-docs/kv.mdx +++ b/website/content/api-docs/kv.mdx @@ -33,7 +33,7 @@ If the [`recurse`](#recurse) or [`keys`](#keys) query parameters are `true`, this endpoint will return an array of keys. In this case, the HTTP response includes the `X-Consul-Results-Filtered-By-ACLs: true` header if the response array excludes results due to ACL policy configuration. -Refer to the [HTTP API documentation](/api-docs#results-filtered-by-acls) for more information. +Refer to the [HTTP API documentation](/api-docs/api-structure#results-filtered-by-acls) for more information. | Method | Path | Produces | | ------ | ---------- | ------------------ | @@ -43,7 +43,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -171,7 +171,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -258,7 +258,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/namespaces.mdx b/website/content/api-docs/namespaces.mdx index 79b137705c9b3..beeaf84af3a58 100644 --- a/website/content/api-docs/namespaces.mdx +++ b/website/content/api-docs/namespaces.mdx @@ -23,7 +23,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -154,7 +154,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------------------------------- | @@ -224,7 +224,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -366,7 +366,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -438,7 +438,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------------------------------------------- | diff --git a/website/content/api-docs/operator/area.mdx b/website/content/api-docs/operator/area.mdx index becf844cc49f8..3a0aef119c3d7 100644 --- a/website/content/api-docs/operator/area.mdx +++ b/website/content/api-docs/operator/area.mdx @@ -39,7 +39,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -108,7 +108,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -152,7 +152,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -199,7 +199,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -245,7 +245,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -283,7 +283,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -358,7 +358,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | diff --git a/website/content/api-docs/operator/autopilot.mdx b/website/content/api-docs/operator/autopilot.mdx index 87d79f6dcf8bd..2fba68f58cf20 100644 --- a/website/content/api-docs/operator/autopilot.mdx +++ b/website/content/api-docs/operator/autopilot.mdx @@ -27,7 +27,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -82,7 +82,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -162,7 +162,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -266,7 +266,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | diff --git a/website/content/api-docs/operator/keyring.mdx b/website/content/api-docs/operator/keyring.mdx index 9a187543a167f..59c6c1b0a1fd9 100644 --- a/website/content/api-docs/operator/keyring.mdx +++ b/website/content/api-docs/operator/keyring.mdx @@ -29,7 +29,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------- | @@ -116,7 +116,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -165,7 +165,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -214,7 +214,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | diff --git a/website/content/api-docs/operator/license.mdx b/website/content/api-docs/operator/license.mdx index 580d99c7dab8c..fb60f28964806 100644 --- a/website/content/api-docs/operator/license.mdx +++ b/website/content/api-docs/operator/license.mdx @@ -25,7 +25,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -91,7 +91,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -162,7 +162,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | diff --git a/website/content/api-docs/operator/raft.mdx b/website/content/api-docs/operator/raft.mdx index aef6e6dcd41a0..1125a2c624d4e 100644 --- a/website/content/api-docs/operator/raft.mdx +++ b/website/content/api-docs/operator/raft.mdx @@ -26,7 +26,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | --------------------- | ------------- | --------------- | @@ -123,7 +123,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | diff --git a/website/content/api-docs/operator/segment.mdx b/website/content/api-docs/operator/segment.mdx index d2013b5a8c868..7b042f0f0e221 100644 --- a/website/content/api-docs/operator/segment.mdx +++ b/website/content/api-docs/operator/segment.mdx @@ -32,7 +32,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | diff --git a/website/content/api-docs/peering.mdx b/website/content/api-docs/peering.mdx index dfae8837b5e39..910172fe732b4 100644 --- a/website/content/api-docs/peering.mdx +++ b/website/content/api-docs/peering.mdx @@ -26,7 +26,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -42,10 +42,6 @@ The table below shows this endpoint's support for - `Partition` `(string: "")` - The admin partition that the peering token is generated from. Uses `default` when not specified. -- `ServerExternalAddresses` `([]string: )` - A list of addresses to put -into the generated token. Addresses are the form of `{host or IP}:port`. -You can specify one or more load balancers or external IPs that route external traffic to this cluster's Consul servers. - - `Meta` `(map: )` - Specifies KV metadata to associate with the peering. This parameter is not required and does not directly impact the cluster peering process. @@ -93,7 +89,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -156,7 +152,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------- | @@ -212,7 +208,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------- | @@ -267,7 +263,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------- | diff --git a/website/content/api-docs/query.mdx b/website/content/api-docs/query.mdx index 5e10a3d2d8d22..67b278731b9a8 100644 --- a/website/content/api-docs/query.mdx +++ b/website/content/api-docs/query.mdx @@ -144,7 +144,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------- | @@ -321,7 +321,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -383,7 +383,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------- | @@ -423,7 +423,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -463,7 +463,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------- | @@ -493,7 +493,7 @@ given ID, an error is returned. The HTTP response includes the `X-Consul-Results-Filtered-By-ACLs: true` header if the [`Nodes`](#nodes) response array excludes results due to ACL policy configuration. -Refer to the [HTTP API documentation](/api-docs#results-filtered-by-acls) for more information. +Refer to the [HTTP API documentation](/api-docs/api-structure#results-filtered-by-acls) for more information. | Method | Path | Produces | | ------ | ---------------------- | ------------------ | @@ -503,7 +503,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------------- | @@ -632,7 +632,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/session.mdx b/website/content/api-docs/session.mdx index 55bfaec2abf82..3fbb484b840c0 100644 --- a/website/content/api-docs/session.mdx +++ b/website/content/api-docs/session.mdx @@ -21,7 +21,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -131,7 +131,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | @@ -177,7 +177,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------- | @@ -240,7 +240,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------- | @@ -303,7 +303,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | -------------- | @@ -361,7 +361,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | --------------- | diff --git a/website/content/api-docs/snapshot.mdx b/website/content/api-docs/snapshot.mdx index aeea6329780bb..5524d68ccdc4e 100644 --- a/website/content/api-docs/snapshot.mdx +++ b/website/content/api-docs/snapshot.mdx @@ -33,7 +33,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -87,7 +87,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/status.mdx b/website/content/api-docs/status.mdx index f0c6462d4db5e..603eea2186840 100644 --- a/website/content/api-docs/status.mdx +++ b/website/content/api-docs/status.mdx @@ -26,7 +26,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | @@ -63,7 +63,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ------------ | diff --git a/website/content/api-docs/txn.mdx b/website/content/api-docs/txn.mdx index e3e910e20ef36..830b838432574 100644 --- a/website/content/api-docs/txn.mdx +++ b/website/content/api-docs/txn.mdx @@ -39,7 +39,7 @@ The table below shows this endpoint's support for [blocking queries](/api-docs/features/blocking), [consistency modes](/api-docs/features/consistency), [agent caching](/api-docs/features/caching), and -[required ACLs](/api-docs#authentication). +[required ACLs](/api-docs/api-structure#authentication). | Blocking Queries | Consistency Modes | Agent Caching | ACL Required | | ---------------- | ----------------- | ------------- | ---------------------------------------------------------------------------------------------- | diff --git a/website/content/commands/acl/auth-method/create.mdx b/website/content/commands/acl/auth-method/create.mdx index e3a3b54b4f9f0..87e47039cb62f 100644 --- a/website/content/commands/acl/auth-method/create.mdx +++ b/website/content/commands/acl/auth-method/create.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/auth-method](/api-docs/acl/aut The `acl auth-method create` command creates new auth methods. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/auth-method/delete.mdx b/website/content/commands/acl/auth-method/delete.mdx index 8d650666c5ee5..4948d6a4589d2 100644 --- a/website/content/commands/acl/auth-method/delete.mdx +++ b/website/content/commands/acl/auth-method/delete.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/auth-method/:name](/api-doc The `acl auth-method delete` command deletes an auth method. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/auth-method/list.mdx b/website/content/commands/acl/auth-method/list.mdx index 89b73b81d3670..00dee964187d3 100644 --- a/website/content/commands/acl/auth-method/list.mdx +++ b/website/content/commands/acl/auth-method/list.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/auth-methods](/api-docs/acl/au The `acl auth-method list` command lists all auth methods. By default it will not show metadata. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/auth-method/read.mdx b/website/content/commands/acl/auth-method/read.mdx index b4a06fedbe3e6..c8b2eaa7b929c 100644 --- a/website/content/commands/acl/auth-method/read.mdx +++ b/website/content/commands/acl/auth-method/read.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/auth-method/:name](/api-docs/a The `acl auth-method read` command reads and displays an auth method's details. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/auth-method/update.mdx b/website/content/commands/acl/auth-method/update.mdx index 2e0847c599582..c41af9aa59fef 100644 --- a/website/content/commands/acl/auth-method/update.mdx +++ b/website/content/commands/acl/auth-method/update.mdx @@ -14,7 +14,7 @@ default operations is to merge the current auth method with those values provided to the command invocation. Therefore to update just one field, only the `-name` options and the option to modify must be provided. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/binding-rule/create.mdx b/website/content/commands/acl/binding-rule/create.mdx index 764770fcf0384..ecf1d96909ddd 100644 --- a/website/content/commands/acl/binding-rule/create.mdx +++ b/website/content/commands/acl/binding-rule/create.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/binding-rule](/api-docs/acl/bi The `acl binding-rule create` command creates new binding rules. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/binding-rule/delete.mdx b/website/content/commands/acl/binding-rule/delete.mdx index 3c4bc267478bb..41cf6d8af09b3 100644 --- a/website/content/commands/acl/binding-rule/delete.mdx +++ b/website/content/commands/acl/binding-rule/delete.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/binding-rule/:id](/api-docs The `acl binding-rule delete` command deletes a binding rule. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/binding-rule/list.mdx b/website/content/commands/acl/binding-rule/list.mdx index d2837789268d8..2092b2a79d472 100644 --- a/website/content/commands/acl/binding-rule/list.mdx +++ b/website/content/commands/acl/binding-rule/list.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/binding-rules](/api-docs/acl/b The `acl binding-rule list` command lists all binding rules. By default it will not show metadata. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/binding-rule/read.mdx b/website/content/commands/acl/binding-rule/read.mdx index e2f4771f517f7..f5f613cdc764d 100644 --- a/website/content/commands/acl/binding-rule/read.mdx +++ b/website/content/commands/acl/binding-rule/read.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/binding-rule/:id](/api-docs/ac The `acl binding-rule read` command reads and displays a binding rules details. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/binding-rule/update.mdx b/website/content/commands/acl/binding-rule/update.mdx index de2f5caad2943..f19a69dba415f 100644 --- a/website/content/commands/acl/binding-rule/update.mdx +++ b/website/content/commands/acl/binding-rule/update.mdx @@ -14,7 +14,7 @@ default operations is to merge the current binding rule with those values provided to the command invocation. Therefore to update just one field, only the `-id` option and the option to modify must be provided. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/bootstrap.mdx b/website/content/commands/acl/bootstrap.mdx index 127009a70613b..caa0687b385a0 100644 --- a/website/content/commands/acl/bootstrap.mdx +++ b/website/content/commands/acl/bootstrap.mdx @@ -14,7 +14,7 @@ for management purposes and output its details. This can only be done once and a will be disabled. If all tokens are lost and you need to bootstrap again you can follow the bootstrap [reset procedure](https://learn.hashicorp.com/consul/security-networking/acl-troubleshooting?utm_source=docs). -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/policy/create.mdx b/website/content/commands/acl/policy/create.mdx index fcb52137c1bd2..62779edb5448e 100644 --- a/website/content/commands/acl/policy/create.mdx +++ b/website/content/commands/acl/policy/create.mdx @@ -19,7 +19,7 @@ from stdin, a file or the raw value. To use stdin pass `-` as the value. To load the value from a file prefix the value with an `@`. Any other values will be used directly. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/policy/delete.mdx b/website/content/commands/acl/policy/delete.mdx index 3f190a7396938..8c8d220cee418 100644 --- a/website/content/commands/acl/policy/delete.mdx +++ b/website/content/commands/acl/policy/delete.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/policy/:id](/api-docs/acl/p The `acl policy delete` command deletes a policy. Policies may be deleted by their ID or by name. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/policy/list.mdx b/website/content/commands/acl/policy/list.mdx index 7b0d2df889956..32b8d5a9e73ac 100644 --- a/website/content/commands/acl/policy/list.mdx +++ b/website/content/commands/acl/policy/list.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/policies](/api-docs/acl/polici The `acl policy list` command lists all policies. By default it will not show metadata. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/policy/read.mdx b/website/content/commands/acl/policy/read.mdx index 4878be1453816..df74a82e539ca 100644 --- a/website/content/commands/acl/policy/read.mdx +++ b/website/content/commands/acl/policy/read.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoints: [\[GET\] /v1/acl/policy/:id](/api-docs/acl/pol The `acl policy read` command reads and displays a policies details. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/policy/update.mdx b/website/content/commands/acl/policy/update.mdx index cd12f5025de7f..b417ddd55cc3f 100644 --- a/website/content/commands/acl/policy/update.mdx +++ b/website/content/commands/acl/policy/update.mdx @@ -15,7 +15,7 @@ the `-id` or `-name` options and the option to modify must be provided. Note tha policies requires both the `-id` and `-name` as the new name cannot yet be used to lookup the policy. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/role/create.mdx b/website/content/commands/acl/role/create.mdx index 2c44ad59aa06c..f84c145e21cdc 100644 --- a/website/content/commands/acl/role/create.mdx +++ b/website/content/commands/acl/role/create.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/role](/api-docs/acl/roles#crea The `acl role create` command creates new roles. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/role/delete.mdx b/website/content/commands/acl/role/delete.mdx index f72b7b204d279..b362b5c031cc4 100644 --- a/website/content/commands/acl/role/delete.mdx +++ b/website/content/commands/acl/role/delete.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/role/:id](/api-docs/acl/rol The `acl role delete` command deletes a role. Roles may be deleted by their ID or by name. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/role/list.mdx b/website/content/commands/acl/role/list.mdx index 4b43af7f73723..960af79299431 100644 --- a/website/content/commands/acl/role/list.mdx +++ b/website/content/commands/acl/role/list.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/roles](/api-docs/acl/roles#lis The `acl role list` command lists all roles. By default it will not show metadata. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/role/read.mdx b/website/content/commands/acl/role/read.mdx index a0b4132f35382..b9c9fcddff8c1 100644 --- a/website/content/commands/acl/role/read.mdx +++ b/website/content/commands/acl/role/read.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoints: [\[GET\] /v1/acl/role/:id](/api-docs/acl/roles The `acl role read` command reads and displays a roles details. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/role/update.mdx b/website/content/commands/acl/role/update.mdx index d09c7cd201b42..fb3df976f18a3 100644 --- a/website/content/commands/acl/role/update.mdx +++ b/website/content/commands/acl/role/update.mdx @@ -15,7 +15,7 @@ update just one field, only the `-id` or `-name` options and the option to modify must be provided. Note that renaming roles requires both the `-id` and `-name` as the new name cannot yet be used to lookup the role. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/set-agent-token.mdx b/website/content/commands/acl/set-agent-token.mdx index 7161f0f99d245..df8c3ef62514d 100644 --- a/website/content/commands/acl/set-agent-token.mdx +++ b/website/content/commands/acl/set-agent-token.mdx @@ -16,7 +16,7 @@ the agent's configuration. Tokens are not persisted unless is `true`, so tokens will need to be updated again if that option is `false` and the agent is restarted. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/token/clone.mdx b/website/content/commands/acl/token/clone.mdx index 847da3e3be275..9e8d9df0e1fe1 100644 --- a/website/content/commands/acl/token/clone.mdx +++ b/website/content/commands/acl/token/clone.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/token/:AccessorID/clone](/api- The `acl token clone` command clones an existing token. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/token/create.mdx b/website/content/commands/acl/token/create.mdx index 7965fcf0d1286..189f7beac8073 100644 --- a/website/content/commands/acl/token/create.mdx +++ b/website/content/commands/acl/token/create.mdx @@ -13,7 +13,7 @@ This command creates new tokens. When creating a new token, policies may be link either the `-policy-id` or the `-policy-name` options. When specifying policies by IDs you may use a unique prefix of the UUID as a shortcut for specifying the entire UUID. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/token/delete.mdx b/website/content/commands/acl/token/delete.mdx index fb6dd48c6c4ef..267201c762e5b 100644 --- a/website/content/commands/acl/token/delete.mdx +++ b/website/content/commands/acl/token/delete.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/acl/token/:AccessorID](/api-doc The `acl token delete` command deletes a token. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/token/list.mdx b/website/content/commands/acl/token/list.mdx index 6534d5bb83040..c77d53ac30bc7 100644 --- a/website/content/commands/acl/token/list.mdx +++ b/website/content/commands/acl/token/list.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/tokens](/api-docs/acl/tokens#l The `acl token list` command lists all tokens. By default it will not show metadata. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/token/read.mdx b/website/content/commands/acl/token/read.mdx index e58a5a288909c..8e99297460454 100644 --- a/website/content/commands/acl/token/read.mdx +++ b/website/content/commands/acl/token/read.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/token/:AccessorID](/api-docs/a The `acl token read` command reads and displays a token details. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/token/update.mdx b/website/content/commands/acl/token/update.mdx index ba0e1d24ce869..9d1c68e2d8761 100644 --- a/website/content/commands/acl/token/update.mdx +++ b/website/content/commands/acl/token/update.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/acl/token/:AccessorID](/api-docs/a The `acl token update` command will update a token. Some parts of the token like whether the token is local to the datacenter cannot be changed. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/acl/translate-rules.mdx b/website/content/commands/acl/translate-rules.mdx index 95a699a9145c4..e0f7fc57c0cd8 100644 --- a/website/content/commands/acl/translate-rules.mdx +++ b/website/content/commands/acl/translate-rules.mdx @@ -14,7 +14,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/acl/rules/translate/:accessor_id]( This command translates the legacy ACL rule syntax into the new syntax. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/catalog/datacenters.mdx b/website/content/commands/catalog/datacenters.mdx index ec00fab2e19b9..2287d40b70ed2 100644 --- a/website/content/commands/catalog/datacenters.mdx +++ b/website/content/commands/catalog/datacenters.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/catalog/datacenters](/api-docs/cat The `catalog datacenters` command prints all known datacenters. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/catalog/nodes.mdx b/website/content/commands/catalog/nodes.mdx index 66d9c3ce8a328..ec0494acebfba 100644 --- a/website/content/commands/catalog/nodes.mdx +++ b/website/content/commands/catalog/nodes.mdx @@ -13,7 +13,7 @@ The `catalog nodes` command prints all known nodes and metadata about them. It can also query for nodes that match a particular metadata or provide a particular service. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/catalog/services.mdx b/website/content/commands/catalog/services.mdx index 2599acde69286..54630aadb0ea7 100644 --- a/website/content/commands/catalog/services.mdx +++ b/website/content/commands/catalog/services.mdx @@ -13,7 +13,7 @@ The `catalog services` command prints all known services. It can also query for services that match particular metadata or list the services that a particular node provides. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/config/delete.mdx b/website/content/commands/config/delete.mdx index 5fbaeef0fdc2e..f24c04854855e 100644 --- a/website/content/commands/config/delete.mdx +++ b/website/content/commands/config/delete.mdx @@ -13,7 +13,7 @@ The `config delete` command deletes the configuration entry specified by the kind and name. See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/config/list.mdx b/website/content/commands/config/list.mdx index 906d81ae07dfd..72d4fb0c3e2b8 100644 --- a/website/content/commands/config/list.mdx +++ b/website/content/commands/config/list.mdx @@ -13,7 +13,7 @@ The `config list` command lists all given config entries of the given kind. See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/config/read.mdx b/website/content/commands/config/read.mdx index 4688e3fb1aa79..a978892c07c27 100644 --- a/website/content/commands/config/read.mdx +++ b/website/content/commands/config/read.mdx @@ -14,7 +14,7 @@ kind and name and outputs its JSON representation. See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/config/write.mdx b/website/content/commands/config/write.mdx index a21bb13a996ac..a412f842d1564 100644 --- a/website/content/commands/config/write.mdx +++ b/website/content/commands/config/write.mdx @@ -13,7 +13,7 @@ The `config write` command creates or updates a centralized config entry. See the [configuration entries docs](/docs/agent/config-entries) for more details about configuration entries. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/connect/ca.mdx b/website/content/commands/connect/ca.mdx index 8a6365325d604..e571258f5a62d 100644 --- a/website/content/commands/connect/ca.mdx +++ b/website/content/commands/connect/ca.mdx @@ -42,7 +42,7 @@ Subcommands: This command displays the current CA configuration. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -77,7 +77,7 @@ Modifies the current CA configuration. If this results in a new root certificate being used, the [Root Rotation](/docs/connect/ca#root-certificate-rotation) process will be triggered. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/connect/redirect-traffic.mdx b/website/content/commands/connect/redirect-traffic.mdx index 688429bfb56f0..aa87e69ef9f66 100644 --- a/website/content/commands/connect/redirect-traffic.mdx +++ b/website/content/commands/connect/redirect-traffic.mdx @@ -36,6 +36,8 @@ Usage: `consul connect redirect-traffic [options]` - `-consul-dns-ip` - The IP address of the Consul DNS resolver. If provided, DNS queries will be redirected to the provided IP address for name resolution. +- `-consul-dns-port` - The port of the Consul DNS resolver. If provided, DNS queries will be redirected to the provided IP address for name resolution. + - `-proxy-id` - The [proxy service](/docs/connect/registration/service-registration) ID. This service ID must already be registered with the local agent. diff --git a/website/content/commands/event.mdx b/website/content/commands/event.mdx index d3eb08a312e55..5850440fb1643 100644 --- a/website/content/commands/event.mdx +++ b/website/content/commands/event.mdx @@ -37,7 +37,7 @@ message. It is hard to give an exact number, as it depends on various parameters of the event, but the payload should be kept very small (< 100 bytes). Specifying too large of an event will return an error. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/exec.mdx b/website/content/commands/exec.mdx index b1103cf474ae2..d6abf4b21245b 100644 --- a/website/content/commands/exec.mdx +++ b/website/content/commands/exec.mdx @@ -30,7 +30,7 @@ through the Consul servers and the Raft consensus algorithm, so having a large number of nodes in the cluster flow a large amount of data through the KV store could make the cluster unavailable. -The table below shows the [required ACLs](/api-docs#authentication) in order to +The table below shows the [required ACLs](/api-docs/api-structure#authentication) in order to execute this command. | ACL Required | Scope | diff --git a/website/content/commands/force-leave.mdx b/website/content/commands/force-leave.mdx index 7dd528e9d7550..57f674ce71702 100644 --- a/website/content/commands/force-leave.mdx +++ b/website/content/commands/force-leave.mdx @@ -32,7 +32,7 @@ from the datacenter's member list nor from the raft configuration. Additionally, if the agent returns after transitioning to the "left" state, but before it is reaped from the member list, then it will rejoin the cluster. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/index.mdx b/website/content/commands/index.mdx index f398947240e56..7f6ddb0bb4a9a 100644 --- a/website/content/commands/index.mdx +++ b/website/content/commands/index.mdx @@ -123,7 +123,7 @@ list-peers remove-peer ## Arguments with URL-Invalid Characters The CLI automatically URL-encodes arguments, which are then -[URL-decoded by the underlying HTTP API endpoints](/api-docs#url-encoded-resource-names). +[URL-decoded by the underlying HTTP API endpoints](/api-docs/api-structure#url-encoded-resource-names). To avoid double-encoding arguments, do not URL-encode arguments passed to the CLI. ## Environment Variables diff --git a/website/content/commands/intention/check.mdx b/website/content/commands/intention/check.mdx index 909a40c8cd766..8fc7a48706a60 100644 --- a/website/content/commands/intention/check.mdx +++ b/website/content/commands/intention/check.mdx @@ -23,7 +23,7 @@ intention read permissions and don't evaluate the result. defined as _deny_ intentions during evaluation, as this endpoint is only suited for networking layer 4 (e.g. TCP) integration. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/intention/create.mdx b/website/content/commands/intention/create.mdx index da565552da7e7..b81ba49dfae13 100644 --- a/website/content/commands/intention/create.mdx +++ b/website/content/commands/intention/create.mdx @@ -17,7 +17,7 @@ Corresponding HTTP API Endpoint: [\[POST\] /v1/connect/intentions](/api-docs/con The `intention create` command creates or updates an L4 intention. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/intention/delete.mdx b/website/content/commands/intention/delete.mdx index d98d7a5a4e0a8..136e5e5ae8919 100644 --- a/website/content/commands/intention/delete.mdx +++ b/website/content/commands/intention/delete.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoints: [\[DELETE\] /v1/connect/intentions/exact](/api The `intention delete` command deletes a matching intention. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/intention/get.mdx b/website/content/commands/intention/get.mdx index bbd418145ca2c..3da1688f6ec31 100644 --- a/website/content/commands/intention/get.mdx +++ b/website/content/commands/intention/get.mdx @@ -16,7 +16,7 @@ Consul 1.9.0. Intentions no longer need IDs when represented as [`service-intentions`](/docs/connect/config-entries/service-intentions) config entries. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/intention/list.mdx b/website/content/commands/intention/list.mdx index 132827e3ad4a4..9748494b8fa04 100644 --- a/website/content/commands/intention/list.mdx +++ b/website/content/commands/intention/list.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/intentions](/api-docs/conn The `intention list` command shows all intentions including ID and precedence. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/intention/match.mdx b/website/content/commands/intention/match.mdx index e8a02d8fcbbd6..ee41469249b33 100644 --- a/website/content/commands/intention/match.mdx +++ b/website/content/commands/intention/match.mdx @@ -16,7 +16,7 @@ order: the first intention that matches a request would be evaluated. The [check](/commands/intention/check) command can be used to check whether an L4 connection would be authorized between any two services. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/join.mdx b/website/content/commands/join.mdx index 99e455ab6e85c..600e12d5e6539 100644 --- a/website/content/commands/join.mdx +++ b/website/content/commands/join.mdx @@ -22,7 +22,7 @@ state across the cluster. An agent which is already part of a cluster may join an agent in a different cluster, causing the two clusters to be merged into a single cluster. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/keyring.mdx b/website/content/commands/keyring.mdx index 2184cc7f2a191..9c5aecaaf1bdc 100644 --- a/website/content/commands/keyring.mdx +++ b/website/content/commands/keyring.mdx @@ -29,7 +29,7 @@ All variations of the `keyring` command return 0 if all nodes reply and there are no errors. If any node fails to reply or reports failure, the exit code will be 1. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/kv/delete.mdx b/website/content/commands/kv/delete.mdx index 695ea32c97042..c4ea987168732 100644 --- a/website/content/commands/kv/delete.mdx +++ b/website/content/commands/kv/delete.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/kv/:key](/api-docs/kv#delete-ke The `kv delete` command removes the value from Consul's KV store at the given path. If no key exists at the path, no action is taken. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/kv/export.mdx b/website/content/commands/kv/export.mdx index cddff8d2cb0e1..13dbb1d6d5c12 100644 --- a/website/content/commands/kv/export.mdx +++ b/website/content/commands/kv/export.mdx @@ -12,7 +12,7 @@ prefix from Consul's KV store, and write a JSON representation to stdout. This can be used with the command "consul kv import" to move entire trees between Consul clusters. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/kv/get.mdx b/website/content/commands/kv/get.mdx index 338940932aca2..5b8ec9222dbcc 100644 --- a/website/content/commands/kv/get.mdx +++ b/website/content/commands/kv/get.mdx @@ -20,7 +20,7 @@ can be used with [`kv import`](/commands/kv/import) to move entire trees between Consul clusters. Alternatively, the [transaction API](/api-docs/txn) provides support for performing up to 64 KV operations atomically. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/kv/import.mdx b/website/content/commands/kv/import.mdx index 521217a7a4dfb..8fef56f37c950 100644 --- a/website/content/commands/kv/import.mdx +++ b/website/content/commands/kv/import.mdx @@ -10,7 +10,7 @@ Command: `consul kv import` The `kv import` command is used to import KV pairs from the JSON representation generated by the `kv export` command. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/kv/put.mdx b/website/content/commands/kv/put.mdx index b88a37009940e..2553c3d59429a 100644 --- a/website/content/commands/kv/put.mdx +++ b/website/content/commands/kv/put.mdx @@ -16,7 +16,7 @@ The `kv put` command writes the data to the given path in the KV store. [transaction API](/api-docs/txn) provides support for performing up to 64 KV operations atomically. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/leave.mdx b/website/content/commands/leave.mdx index 1a0aef4dc8b70..0862c03a9da83 100644 --- a/website/content/commands/leave.mdx +++ b/website/content/commands/leave.mdx @@ -25,7 +25,7 @@ non-graceful leave can affect cluster availability. Running `consul leave` on a server explicitly will reduce the quorum size. Even if the cluster used `bootstrap_expect` to set a quorum size initially, issuing `consul leave` on a server will reconfigure the cluster to have fewer servers. This means you could end up with just one server that is still able to commit writes because quorum is only 1, but those writes might be lost if that server fails before more are added. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/license.mdx b/website/content/commands/license.mdx index a7a374e6c4836..4a4887cf8c9c6 100644 --- a/website/content/commands/license.mdx +++ b/website/content/commands/license.mdx @@ -129,7 +129,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/license](/api-docs/operat This command sets the Consul Enterprise license. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -169,7 +169,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/license](/api-docs/operat This command gets the Consul Enterprise license. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -214,7 +214,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/operator/license](/api-docs/ope Resets license for the datacenter to the one builtin in Consul binary, if it is still valid. If the builtin license is invalid, the current one stays active. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/login.mdx b/website/content/commands/login.mdx index 4ab444636f59e..48d57834581e0 100644 --- a/website/content/commands/login.mdx +++ b/website/content/commands/login.mdx @@ -17,7 +17,7 @@ requested auth method for a newly minted Consul ACL token. The companion command `consul logout` should be used to destroy any tokens created this way to avoid a resource leak. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/logout.mdx b/website/content/commands/logout.mdx index 925ac98118381..6f4ce7e448066 100644 --- a/website/content/commands/logout.mdx +++ b/website/content/commands/logout.mdx @@ -15,7 +15,7 @@ Corresponding HTTP API Endpoint: [\[POST\] /v1/acl/logout](/api-docs/acl#logout- The `logout` command will destroy the provided token if it was created from `consul login`. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/maint.mdx b/website/content/commands/maint.mdx index 692b01265d207..cdd953694c3e2 100644 --- a/website/content/commands/maint.mdx +++ b/website/content/commands/maint.mdx @@ -21,7 +21,7 @@ Under the hood, maintenance mode is activated by registering a health check in critical status against a service, and deactivated by deregistering the health check. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/members.mdx b/website/content/commands/members.mdx index 6728872b20d7f..a8dd69d1fcf24 100644 --- a/website/content/commands/members.mdx +++ b/website/content/commands/members.mdx @@ -21,7 +21,7 @@ Nodes in the "failed" state are still listed because Consul attempts to reconnect with failed nodes for a certain amount of time in the case that the failure is actually just a network partition. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/namespace/create.mdx b/website/content/commands/namespace/create.mdx index 2caed595ab9f2..a1aebb82d07bd 100644 --- a/website/content/commands/namespace/create.mdx +++ b/website/content/commands/namespace/create.mdx @@ -14,7 +14,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/namespace](/api-docs/namespaces#cr This `namespace create` command creates a namespaces using the CLI parameters provided. This was added in Consul Enterprise 1.7.2. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/namespace/delete.mdx b/website/content/commands/namespace/delete.mdx index c812ed566b9e3..9c158324ffcdc 100644 --- a/website/content/commands/namespace/delete.mdx +++ b/website/content/commands/namespace/delete.mdx @@ -14,7 +14,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/namespace/:name](/api-docs/name This `namespace delete` command deletes a namespace. This was added in Consul Enterprise 1.7.0. If ACLs are enabled then this command will require a token with `operator:write` privileges. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/namespace/list.mdx b/website/content/commands/namespace/list.mdx index 8a84732661482..3228a0404974c 100644 --- a/website/content/commands/namespace/list.mdx +++ b/website/content/commands/namespace/list.mdx @@ -16,7 +16,7 @@ ACLs are enabled then this command will require a token with `operator:read` pri within the target namespaces. The results will be filtered based on the ACL token and therefore it is possible to see a partial list. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/namespace/read.mdx b/website/content/commands/namespace/read.mdx index 5ca34ff61d6f1..45324851b9dfd 100644 --- a/website/content/commands/namespace/read.mdx +++ b/website/content/commands/namespace/read.mdx @@ -15,7 +15,7 @@ This `namespace read` command reads a namespaces configuration. This was added i ACLs are enabled then this command will require a token with `operator:read` privileges or any `read` privileges within the target namespace. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/namespace/update.mdx b/website/content/commands/namespace/update.mdx index fd84ac458d929..adc7be00e169f 100644 --- a/website/content/commands/namespace/update.mdx +++ b/website/content/commands/namespace/update.mdx @@ -14,7 +14,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/namespace/:name](/api-docs/namespa This `namespace update` command updates a namespaces using the CLI parameters provided. This was added in Consul Enterprise 1.7.2. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/namespace/write.mdx b/website/content/commands/namespace/write.mdx index fc16d8af0b57b..90499311f93a9 100644 --- a/website/content/commands/namespace/write.mdx +++ b/website/content/commands/namespace/write.mdx @@ -13,7 +13,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/namespace/:name](/api-docs/namespa This `namespace write` command creates or updates a namespace's configuration from its full definition. This was added in Consul Enterprise 1.7.0. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/operator/area.mdx b/website/content/commands/operator/area.mdx index 913d1dbb9a0a3..b0be0e101a29a 100644 --- a/website/content/commands/operator/area.mdx +++ b/website/content/commands/operator/area.mdx @@ -51,7 +51,7 @@ Corresponding HTTP API Endpoint: [\[POST\] /v1/operator/area](/api-docs/operator This command creates a new network area. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -93,7 +93,7 @@ Corresponding HTTP API Endpoint: [\[DELETE\] /v1/operator/area/:uuid](/api-docs/ This command deletes an existing network area. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -132,7 +132,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/area/:uuid/join](/api-doc This command joins Consul servers into an existing network area by address, such as an IP or hostname with an optional port. Multiple addresses may be given. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -176,7 +176,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/area](/api-docs/operator/ This command lists all network areas. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -215,7 +215,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/area/:uuid/members](/api- This command displays Consul server nodes present in a network area, or all areas if no area is specified. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -279,7 +279,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/area/:uuid](/api-docs/ope This command updates the configuration of network area. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/operator/autopilot.mdx b/website/content/commands/operator/autopilot.mdx index 5e062cb001fa5..492a15eb146c9 100644 --- a/website/content/commands/operator/autopilot.mdx +++ b/website/content/commands/operator/autopilot.mdx @@ -32,7 +32,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/autopilot/configuration]( This command displays the current autopilot configuration. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -67,7 +67,7 @@ Corresponding HTTP API Endpoint: [\[PUT\] /v1/operator/autopilot/configuration]( Modifies the current Autopilot configuration. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -125,7 +125,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/operator/autopilot/state](/api-doc This command displays the current autopilot state. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/operator/raft.mdx b/website/content/commands/operator/raft.mdx index 8390b447c7fbd..b6a10dab6e68c 100644 --- a/website/content/commands/operator/raft.mdx +++ b/website/content/commands/operator/raft.mdx @@ -33,7 +33,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/status/peers](/api-docs/status#lis This command displays the current Raft peer configuration. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. @@ -88,7 +88,7 @@ clean up by simply running [`consul force-leave`](/commands/force-leave) instead of this command. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/peering/delete.mdx b/website/content/commands/peering/delete.mdx index 986e420dbf688..2c6d31d8f4e22 100644 --- a/website/content/commands/peering/delete.mdx +++ b/website/content/commands/peering/delete.mdx @@ -17,7 +17,7 @@ Operators can still read the peering connections while the data is being removed The command adds a `DeletedAt` field to the peering connection object with the timestamp of when the peering was marked for deletion. You can only use a peering token to establish the connection once. If you need to reestablish a peering connection, you must generate a new token. -The table below shows this command's [required ACLs](/api-docs#authentication). +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). | ACL Required | | ------------ | diff --git a/website/content/commands/peering/establish.mdx b/website/content/commands/peering/establish.mdx index cb295d45e8ca9..a8cea75c7d3eb 100644 --- a/website/content/commands/peering/establish.mdx +++ b/website/content/commands/peering/establish.mdx @@ -15,7 +15,7 @@ You can generate cluster peering tokens using the [`consul peering generate-toke You can only use a peering token to establish the connection once. If you need to reestablish a peering connection, you must generate a new token. -The table below shows this command's [required ACLs](/api-docs#authentication). +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). | ACL Required | | ------------ | diff --git a/website/content/commands/peering/generate-token.mdx b/website/content/commands/peering/generate-token.mdx index 66f4937b973ce..a4a99392ffcdb 100644 --- a/website/content/commands/peering/generate-token.mdx +++ b/website/content/commands/peering/generate-token.mdx @@ -15,7 +15,7 @@ This token should be transferred to the other cluster being peered and consumed Generating a token and specifying the same local name associated with a previously-generated token does not affect active connections established with the original token. If the previously-generated token is not actively being used for a peer connection, however, it will become invalid when the new token with the same local name is generated. -The table below shows this command's [required ACLs](/api-docs#authentication). +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). | ACL Required | | ------------ | @@ -34,11 +34,6 @@ If the previously-generated token is not actively being used for a peer connecti - `-meta==` - Specifies key/value pairs to associate with the peering connection token in `-meta="key"="value"` format. You can use the flag multiple times to set multiple metadata fields. -<<<<<<< HEAD -- `-server-external-addresses=[,string,...]` - Specifies a comma-separated list of addresses -to put into the generated token. Addresses are of the form of `{host or IP}:port`. -You can specify one or more load balancers or external IPs that route external traffic to this cluster's Consul servers. - - `-format={pretty|json}` - Command output format. The default value is `pretty`. #### Enterprise Options @@ -57,12 +52,3 @@ The following example generates a peering token for a cluster called "cluster-02 $ consul peering generate-token -name cluster-02 eyJDQSI6bnVs...5Yi0wNzk5NTA1YTRmYjYifQ== ``` - -### Using a Load Balancer for Consul Servers - -The following example generates a token for a cluster where servers are proxied by a load balancer: - -```shell-session hideClipboard -$ consul peering generate-token -server-external-addresses my-load-balancer-1234567890abcdef.elb.us-east-2.amazonaws.com -name cluster-02 -eyJDQSI6bnVs...5Yi0wNzk5NTA1YTRmYjYifQ== -``` diff --git a/website/content/commands/peering/list.mdx b/website/content/commands/peering/list.mdx index bd66af4eca0c4..6b23ceaaa7ac9 100644 --- a/website/content/commands/peering/list.mdx +++ b/website/content/commands/peering/list.mdx @@ -12,7 +12,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/peerings](/api-docs/peering#list-a The `peering list` lists all peering connections. The results are filtered according to ACL policy configuration. -The table below shows this command's [required ACLs](/api-docs#authentication). +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). | ACL Required | | ------------ | diff --git a/website/content/commands/peering/read.mdx b/website/content/commands/peering/read.mdx index ae5e6f3fb4bb3..c1b178829c182 100644 --- a/website/content/commands/peering/read.mdx +++ b/website/content/commands/peering/read.mdx @@ -11,7 +11,7 @@ Corresponding HTTP API Endpoint: [\[GET\] /v1/peering/:name](/api-docs/peering#r The `peering read` displays information on the status of a peering connection. -The table below shows this command's [required ACLs](/api-docs#authentication). +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). | ACL Required | | ------------ | diff --git a/website/content/commands/reload.mdx b/website/content/commands/reload.mdx index 98ab2552c569f..e070230c36a9d 100644 --- a/website/content/commands/reload.mdx +++ b/website/content/commands/reload.mdx @@ -25,7 +25,7 @@ Not all configuration options are reloadable. See the [Reloadable Configuration](/docs/agent/config#reloadable-configuration) section on the agent options page for details on which options are supported. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/rtt.mdx b/website/content/commands/rtt.mdx index 6752ca263a877..15f31a22cc14c 100644 --- a/website/content/commands/rtt.mdx +++ b/website/content/commands/rtt.mdx @@ -17,7 +17,7 @@ Consul's network coordinate model of the cluster. See the [Network Coordinates](/docs/architecture/coordinates) internals guide for more information on how these coordinates are computed. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/services/deregister.mdx b/website/content/commands/services/deregister.mdx index c9ae2124b7f5c..c143620955a53 100644 --- a/website/content/commands/services/deregister.mdx +++ b/website/content/commands/services/deregister.mdx @@ -20,7 +20,7 @@ registered with a configuration file, then deleting that file and deregister. See [Service Definition](/docs/discovery/services) for more information about registering services generally. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/services/register.mdx b/website/content/commands/services/register.mdx index 4425ae614109d..68d3f6deab168 100644 --- a/website/content/commands/services/register.mdx +++ b/website/content/commands/services/register.mdx @@ -22,7 +22,7 @@ configuration management systems that other systems that have access to the configuration directory. Clients may also use the [HTTP API](/api-docs/agent/service) directly. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/snapshot/restore.mdx b/website/content/commands/snapshot/restore.mdx index e5290660f4e6d..d80d3ab059209 100644 --- a/website/content/commands/snapshot/restore.mdx +++ b/website/content/commands/snapshot/restore.mdx @@ -20,7 +20,7 @@ intended to recover from a disaster. It restores your configuration into a fresh cluster of Consul servers as long as your new cluster runs the same Consul version as the cluster that originally took the snapshot. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/commands/snapshot/save.mdx b/website/content/commands/snapshot/save.mdx index 9a01bed42461d..6ecf82293765c 100644 --- a/website/content/commands/snapshot/save.mdx +++ b/website/content/commands/snapshot/save.mdx @@ -27,7 +27,7 @@ the CLI client attempting to perform a snapshot save will have no effect. It _mu the context of the server process. If you're using Systemd to manage your Consul server processes, then adding `Environment=TMPDIR=/path/to/dir` to your Consul unit file will work. -The table below shows this command's [required ACLs](/api-docs#authentication). Configuration of +The table below shows this command's [required ACLs](/api-docs/api-structure#authentication). Configuration of [blocking queries](/api-docs/features/blocking) and [agent caching](/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx index 20d49f7c9e8cf..68a98503ee0d0 100644 --- a/website/content/docs/agent/config/config-files.mdx +++ b/website/content/docs/agent/config/config-files.mdx @@ -752,7 +752,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." Starting in Consul 0.7 and later, node addresses in responses to HTTP requests will also prefer a node's configured [WAN address](/docs/agent/config/cli-flags#_advertise-wan) when querying for a node in a remote - datacenter. An [`X-Consul-Translate-Addresses`](/api-docs#translated-addresses) header + datacenter. An [`X-Consul-Translate-Addresses`](/api-docs/api-structure#translated-addresses) header will be present on all responses when translation is enabled to help clients know that the addresses may be translated. The `TaggedAddresses` field in responses also have a `lan` address for clients that need knowledge of that address, regardless of translation. @@ -890,7 +890,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." instead of the [anonymous token](/docs/security/acl/acl-tokens#anonymous-token). Consul HTTP API requests can provide an alternate token in their authorization header to override the `default` or anonymous token on a per-request basis, - as described in [HTTP API Authentication](/api-docs#authentication). + as described in [HTTP API Authentication](/api-docs/api-structure#authentication). - `agent` ((#acl_tokens_agent)) - Used for clients and servers to perform internal operations. If this isn't specified, then the diff --git a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx index 55a8194f5415e..1f8ca6eb79bdd 100644 --- a/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx +++ b/website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx @@ -184,3 +184,18 @@ expected result: - Ensure any API request that activates datacenter request forwarding. such as [`/v1/catalog/services?dc=`](/api-docs/catalog#dc-1) succeeds. + +### Upgrading the primary gateways + +Once federation is established, secondary datacenters will continuously request +updated mesh gateway addresses from the primary datacenter. Consul routes the requests + through the primary datacenter's mesh gateways. This is because +secondary datacenters cannot directly dial the primary datacenter's Consul servers. +If the primary gateways are upgraded, and their previous instances are decommissioned +before the updates are propagated, then the primary datacenter will become unreachable. + +To safely upgrade primary gateways, we recommend that you apply one of the following policies: +- Avoid decommissioning primary gateway IP addresses. This is because the [primary_gateways](/docs/agent/config/config-files#primary_gateways) addresses configured on the secondary servers act as a fallback mechanism for re-establishing connectivity to the primary. + +- Verify that addresses of the new mesh gateways in the primary were propagated +to the secondary datacenters before decommissioning the old mesh gateways in the primary. diff --git a/website/content/docs/connect/registration/service-registration.mdx b/website/content/docs/connect/registration/service-registration.mdx index 1138be9006261..fcfecf0c01031 100644 --- a/website/content/docs/connect/registration/service-registration.mdx +++ b/website/content/docs/connect/registration/service-registration.mdx @@ -89,7 +89,7 @@ Specify the following parameters in the `proxy` code block to configure a sideca * `local_service_port`: Integer value that specifies the port that the proxy should use to connect to the _local_ service instance. Refer to the [proxy parameters reference](#local-service-port) for details. * `local_service_address`: String value that specifies the IP address or hostname that the proxy should use to connect to the _local_ service. Refer to the [proxy parameters reference](#local-service-address) for details. -See (Sidecar Service Registration)[/docs/connect/registration/sidecar-service] for additional information about configuring service mesh proxies as sidecars. +See [Sidecar Service Registration](/docs/connect/registration/sidecar-service) for additional information about configuring service mesh proxies as sidecars. ### Complete Configuration Example diff --git a/website/content/docs/enterprise/admin-partitions.mdx b/website/content/docs/enterprise/admin-partitions.mdx index 53a89eaddf3c3..9154faff3dc02 100644 --- a/website/content/docs/enterprise/admin-partitions.mdx +++ b/website/content/docs/enterprise/admin-partitions.mdx @@ -8,11 +8,11 @@ description: >- # Consul Enterprise Admin Partitions - This feature requires version 1.11.0+ of - HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires version 1.11.0+ of +HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + This topic provides and overview of admin partitions, which are entities that define one or more administrative boundaries for single Consul deployments. diff --git a/website/content/docs/enterprise/audit-logging.mdx b/website/content/docs/enterprise/audit-logging.mdx index caed647539db4..0d7c37fd31388 100644 --- a/website/content/docs/enterprise/audit-logging.mdx +++ b/website/content/docs/enterprise/audit-logging.mdx @@ -8,11 +8,11 @@ description: >- # Audit Logging - This feature requires - HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires +HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + With Consul Enterprise v1.8.0+, audit logging can be used to capture a clear and diff --git a/website/content/docs/enterprise/backups.mdx b/website/content/docs/enterprise/backups.mdx index f6b2de66739eb..7f6321fa73844 100644 --- a/website/content/docs/enterprise/backups.mdx +++ b/website/content/docs/enterprise/backups.mdx @@ -8,11 +8,11 @@ description: >- # Automated Backups - This feature requires - HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires +HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + Consul Enterprise enables you to run diff --git a/website/content/docs/enterprise/federation.mdx b/website/content/docs/enterprise/federation.mdx index dc598ad9ac4cc..5296dbe1195b3 100644 --- a/website/content/docs/enterprise/federation.mdx +++ b/website/content/docs/enterprise/federation.mdx @@ -8,11 +8,11 @@ description: >- # Consul Enterprise Advanced Federation - This feature requires - self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires +self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + Consul's core federation capability uses the same gossip mechanism that is used diff --git a/website/content/docs/enterprise/license/faq.mdx b/website/content/docs/enterprise/license/faq.mdx index 5bb096d08e093..b0a0c004edd93 100644 --- a/website/content/docs/enterprise/license/faq.mdx +++ b/website/content/docs/enterprise/license/faq.mdx @@ -30,7 +30,7 @@ Refer to the instructions on [upgrading to 1.10.x](/docs/upgrading/instructions/ ## Q: Is there a tutorial available for the license configuration steps? -Please visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/consul/hashicorp-enterprise-license?utm_source=docs). +Please visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?utm_source=docs). ## Q: What resources are available? @@ -42,7 +42,7 @@ The list below is a great starting point for learning more about the license cha - [License configuration values documentation](/docs/enterprise/license/overview#binaries-without-built-in-licenses) -- [Install a HashiCorp Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/consul/hashicorp-enterprise-license?utm_source=docs) +- [Install a HashiCorp Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?utm_source=docs) ## Q: Do these changes impact all customers/licenses? @@ -141,7 +141,7 @@ Please see the [upgrade requirements](faq#q-what-are-the-upgrade-requirements). 1. Run [`consul license get -signed`](/commands/license#get) to extract the license from their running cluster. Store the license in a secure location on disk. 1. Set up the necessary configuration so that when Consul Enterprise reboots it will have access to the required license. This could be via the client agent configuration file or an environment variable. -1. Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/consul/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. +1. Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. 1. Follow the Consul upgrade [documentation](/docs/upgrading). ### Kubernetes @@ -162,14 +162,14 @@ Once you have the license then create a Kubernetes secret containing the license 1. Acquire a valid Consul Enterprise license. If you are an existing HashiCorp enterprise customer you may contact your organization's [customer success manager](https://support.hashicorp.com/hc/en-us) (CSM) for information on how to get your organization's enterprise license. 1. Store the license in a secure location on disk. 1. Set up the necessary configuration so that when Consul Enterprise reboots it will have the required license. This could be via the client agent configuration file or an environment variable. - Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/consul/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. + Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. 1. Follow the Consul upgrade [documentation](/docs/upgrading). ### Kubernetes 1. Acquire a valid Consul Enterprise license. If you are an existing HashiCorp enterprise customer you may contact your organization's [customer success manager](https://support.hashicorp.com/hc/en-us) (CSM) for information on how to get your organization's enterprise license. 1. Set up the necessary configuration so that when Consul Enterprise reboots it will have the required license. This could be via the client agent configuration file or an environment variable. - Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/consul/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. + Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. 1. Proceed with the `helm` [upgrade instructions](/docs/k8s/upgrade) ## Q: Will Consul downgrades/rollbacks work? diff --git a/website/content/docs/enterprise/license/overview.mdx b/website/content/docs/enterprise/license/overview.mdx index c948ede933886..76070dd888b0e 100644 --- a/website/content/docs/enterprise/license/overview.mdx +++ b/website/content/docs/enterprise/license/overview.mdx @@ -20,7 +20,7 @@ agent's configuration or environment. Also, prior to 1.10.0, server agents would the license between themselves. This no longer occurs and the license must be present on each server agent when it is started. --> Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/consul/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. +-> Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. ### Applying a License diff --git a/website/content/docs/enterprise/namespaces.mdx b/website/content/docs/enterprise/namespaces.mdx index 78aa400315834..374dedf26905a 100644 --- a/website/content/docs/enterprise/namespaces.mdx +++ b/website/content/docs/enterprise/namespaces.mdx @@ -8,11 +8,11 @@ description: >- # Consul Enterprise Namespaces - This feature requires - HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires +HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + With Consul Enterprise 1.7.0+, data for different users or teams diff --git a/website/content/docs/enterprise/network-segments.mdx b/website/content/docs/enterprise/network-segments.mdx index ce2ac02c7bdfc..0ae6555499371 100644 --- a/website/content/docs/enterprise/network-segments.mdx +++ b/website/content/docs/enterprise/network-segments.mdx @@ -8,11 +8,11 @@ description: >- # Network Segments - This feature requires version 0.9.3+ of - self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires version 0.9.3+ of +self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + Consul requires full connectivity between all agents (servers and clients) in a diff --git a/website/content/docs/enterprise/read-scale.mdx b/website/content/docs/enterprise/read-scale.mdx index 04bb90eb58664..ee881bce6eba6 100644 --- a/website/content/docs/enterprise/read-scale.mdx +++ b/website/content/docs/enterprise/read-scale.mdx @@ -8,11 +8,11 @@ description: >- # Enhanced Read Scalability with Read Replicas - This feature requires - HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires +HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + Consul Enterprise provides the ability to scale clustered Consul servers diff --git a/website/content/docs/enterprise/redundancy.mdx b/website/content/docs/enterprise/redundancy.mdx index c7f586a5476ed..def48fb988793 100644 --- a/website/content/docs/enterprise/redundancy.mdx +++ b/website/content/docs/enterprise/redundancy.mdx @@ -8,11 +8,11 @@ description: >- # Redundancy Zones - This feature requires - self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires +self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + Consul Enterprise redundancy zones provide diff --git a/website/content/docs/enterprise/sentinel.mdx b/website/content/docs/enterprise/sentinel.mdx index 6041f22aae2e9..0697a569dbb98 100644 --- a/website/content/docs/enterprise/sentinel.mdx +++ b/website/content/docs/enterprise/sentinel.mdx @@ -8,11 +8,11 @@ description: >- # Sentinel in Consul - This feature requires - HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires +HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + Sentinel policies extend the ACL system in Consul beyond static "read", "write", diff --git a/website/content/docs/enterprise/upgrades.mdx b/website/content/docs/enterprise/upgrades.mdx index 358fd46550b1a..b4014ad13f3dd 100644 --- a/website/content/docs/enterprise/upgrades.mdx +++ b/website/content/docs/enterprise/upgrades.mdx @@ -8,11 +8,11 @@ description: >- # Automated Upgrades - This feature requires - HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires +HashiCorp Cloud Platform (HCP) or self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + Consul Enterprise enables the capability of automatically upgrading a cluster of Consul servers to a new diff --git a/website/content/docs/k8s/annotations-and-labels.mdx b/website/content/docs/k8s/annotations-and-labels.mdx index 4c14410ad1090..63b407fb1552a 100644 --- a/website/content/docs/k8s/annotations-and-labels.mdx +++ b/website/content/docs/k8s/annotations-and-labels.mdx @@ -79,8 +79,10 @@ The following Kubernetes resource annotations could be used on a pod to control annotations: "consul.hashicorp.com/connect-service-upstreams":"[service-name]:[port]:[optional datacenter]" ``` - - Namespace (requires Consul Enterprise 1.7+): Upstream services may be running in different a namespace. Place - the upstream namespace after the service name. For additional details about configuring the injector, refer to + + - Namespace (requires Consul Enterprise 1.7+): Upstream services may be running in a different namespace. Place + the upstream namespace after the service name. For additional details about configuring the injector, refer to + [Consul Enterprise Namespaces](#consul-enterprise-namespaces) . ```yaml annotations: diff --git a/website/content/docs/k8s/connect/connect-ca-provider.mdx b/website/content/docs/k8s/connect/connect-ca-provider.mdx index 97e1526e89c7c..daee4106280fb 100644 --- a/website/content/docs/k8s/connect/connect-ca-provider.mdx +++ b/website/content/docs/k8s/connect/connect-ca-provider.mdx @@ -1,43 +1,31 @@ -"--- +--- layout: docs page_title: Configure Certificate Authority (CA) for Consul on Kubernetes description: >- Consul includes a built-in CA, but when bootstrapping a cluster on k8s, you can configure your service mesh to use a custom certificate provider instead. Learn how to configure Vault as an external CA in primary and secondary datacenters and manually rotate Vault tokens. ----" +--- -# Configure Certificate Authority (CA) for Consul on Kubernetes +# Configure Certificate Authority for Consul on Kubernetes -~> **NOTE:** The instructions below should only be used for initially bootstrapping a cluster with **Consul K8s 0.38.0+.** -To update the Connect CA provider on an existing cluster or to update any properties, such as tokens, of the CA provider, -please use the [Update CA Configuration Endpoint](/api-docs/connect/ca#update-ca-configuration). +If `connect` is enabled, the built-in Consul certificate authority (CA) is automatically enabled for the service mesh CA. You can use different CA providers with Consul service mesh. Refer to [Connect Certificate Management](/docs/connect/ca) for supported providers. -Consul has support for different certificate authority (CA) providers to be used with the Consul Service Mesh. -Please see [Connect Certificate Management](/docs/connect/ca) for the information on the providers -we currently support. +## Overview -If Connect is enabled, the built-in Consul CA is automatically enabled for the Connect CA. -To configure an external CA provider via the Consul Helm chart, you need to follow three steps: +You should only complete the following instructions during the initial cluster bootstrapping procedure with Consul K8s CLI 0.38.0 or later. To update the Consul service mesh CA provider on an existing cluster or to update any provider properties, such as tokens, refer to [Update CA Configuration Endpoint](/api-docs/connect/ca#update-ca-configuration). + +To configure an external CA provider using the Consul Helm chart, complete the following steps: 1. Create a configuration file containing your provider information. 1. Create a Kubernetes secret containing the configuration file. 1. Reference the Kubernetes secret in the [`server.extraVolumes`](/docs/k8s/helm#v-server-extravolumes) value in the Helm chart. -To configure the Vault Connect Provider please see [Vault as the Service Mesh Certificate Provider on Kubernetes](/docs/k8s/deployment-configurations/vault/data-integration/connect-ca). - - -~> **NOTE:** The following instructions are only valid for Consul-k8s 0.37.0 and prior. - -Below we will go over the process for configuring Vault as the Connect CA. -However, other providers can similarly be configured during initial bootstrap of the cluster -by providing the appropriate [`ca_config`] and [`ca_provider`] values for the provider you're using. +To configure the Vault service mesh provider, refer to [Vault as the Service Mesh Certificate Provider on Kubernetes](/docs/k8s/deployment-configurations/vault/data-integration/connect-ca). ## Configuring Vault as a Connect CA (Consul K8s 0.37.0 and earlier) --> **NOTE:** If using Vault as your Connect CA, it's highly recommended to run a Consul version >= 1.8.5 that supports -token auto-renewal. With this feature, if the Vault token is [renewable](https://www.vaultproject.io/api-docs/auth/token#renewable) -then Consul will automatically renew the token periodically. Without this feature, you -will need to [manually rotate](#manually-rotating-vault-tokens) the Vault -token before it expires. +The following instructions are only valid for Consul K8s CLI 0.37.0 and prior. It describes how to configure Vault as the Connect CA. You can configure other providers during initial bootstrap of the cluster by providing the appropriate [`ca_config`] and [`ca_provider`] values for your provider. + +-> **Auto-renewal:** If using Vault as your Connect CA, we strongly recommend Consul 1.8.5 or later, which includes support for token auto-renewal. If the Vault token is [renewable](https://www.vaultproject.io/api-docs/auth/token#renewable), then Consul automatically renews the token periodically. Otherwise, you must [manually rotate](#manually-rotating-vault-tokens) the Vault token before it expires. ### Primary Datacenter diff --git a/website/content/docs/nia/enterprise/license.mdx b/website/content/docs/nia/enterprise/license.mdx index 59d12ea99f30a..2c7dececfc969 100644 --- a/website/content/docs/nia/enterprise/license.mdx +++ b/website/content/docs/nia/enterprise/license.mdx @@ -53,7 +53,7 @@ If a license needs to be manually set, choose one of the following methods (in o ``` ~> **Note**: the [options to set the license and the order of precedence](/docs/enterprise/license/overview#binaries-without-built-in-licenses) are the same as Consul Enterprise server agents. -Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/consul/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. +Visit the [Enterprise License Tutorial](https://learn.hashicorp.com/tutorials/nomad/hashicorp-enterprise-license?utm_source=docs) for detailed steps on how to install the license key. ### Updating the License Manually To update the license when it expires or is near the expiration date and automatic license retrieval is disabled: diff --git a/website/content/docs/release-notes/consul-k8s/v0_49_x.mdx b/website/content/docs/release-notes/consul-k8s/v0_49_x.mdx index 5f9725cd2a26d..c7a37691385f0 100644 --- a/website/content/docs/release-notes/consul-k8s/v0_49_x.mdx +++ b/website/content/docs/release-notes/consul-k8s/v0_49_x.mdx @@ -22,7 +22,7 @@ description: >- ## Supported Software - Consul 1.11.x, Consul 1.12.x and Consul 1.13.1+ -- Kubernetes 1.19-1.24 +- Kubernetes 1.19.x - 1.24.x - Kubectl 1.19+ - Helm 3.2+ - Envoy proxy support is determined by the Consul version deployed. Refer to @@ -35,7 +35,7 @@ For detailed information on upgrading, please refer to the [Upgrades page](/docs ## Known Issues The following issues are know to exist in the v0.49.0 release: -- Kubernetes 1.25 is not supported as the [Pod Security Admission controller](https://kubernetes.io/blog/2022/08/25/pod-security-admission-stable/) is currently not supported by Consul K8s. +- Kubernetes 1.25.x is not supported as the [Pod Security Admission controller](https://kubernetes.io/blog/2022/08/25/pod-security-admission-stable/) is currently not supported by Consul K8s. ## Changelogs diff --git a/website/content/docs/security/acl/acl-tokens.mdx b/website/content/docs/security/acl/acl-tokens.mdx index 3de99920059e1..7ad23571c8b51 100644 --- a/website/content/docs/security/acl/acl-tokens.mdx +++ b/website/content/docs/security/acl/acl-tokens.mdx @@ -120,7 +120,7 @@ You can export tokens to environment variables on the local machine, which enabl ### API Requests -Specify the token in the HTTP `X-Consul-Token` header field to make an API request. Refer to the [HTTP API documentation](/api-docs#authentication) for details. +Specify the token in the HTTP `X-Consul-Token` header field to make an API request. Refer to the [HTTP API documentation](/api-docs/api-structure#authentication) for details. The following example shows the header for a GET request to the `agent/members` endpoint. diff --git a/website/content/docs/security/acl/auth-methods/oidc.mdx b/website/content/docs/security/acl/auth-methods/oidc.mdx index 5945a8837fbf1..e642927733991 100644 --- a/website/content/docs/security/acl/auth-methods/oidc.mdx +++ b/website/content/docs/security/acl/auth-methods/oidc.mdx @@ -8,11 +8,11 @@ description: >- # OpenID Connect (OIDC) Auth Method - This feature requires version 1.8.0+ of - self-managed Consul Enterprise. - Refer to the{' '} - enterprise feature matrix - {' '}for additional information. + +This feature requires version 1.8.0+ of +self-managed Consul Enterprise. +Refer to the [enterprise feature matrix](/docs/enterprise#consul-enterprise-feature-availability) for additional information. + The `oidc` auth method can be used to authenticate with Consul using diff --git a/website/content/docs/upgrading/upgrade-specific.mdx b/website/content/docs/upgrading/upgrade-specific.mdx index d9baf4f4ec725..a8d75773f52df 100644 --- a/website/content/docs/upgrading/upgrade-specific.mdx +++ b/website/content/docs/upgrading/upgrade-specific.mdx @@ -27,9 +27,9 @@ upgrade flow. Prior to Consul 1.14, it was possible to encrypt communication between Consul and Envoy over `ports.grpc` using these settings. -Consul 1.14 introduces [`ports.grpc_tls`](/docs/agent/config/config-files#grpc_tls_port), a new configuration -for encrypting communication over gRPC. The existing [`ports.grpc`](/docs/agent/config/config- -files#grpc_port) configuration **will stop supporting encryption in a future release**. As of version 1.14, +Consul 1.14 introduces [`ports.grpc_tls`](/docs/agent/config/config-files#grpc_tls_port), a new configuration +for encrypting communication over gRPC. The existing [`ports.grpc`](/docs/agent/config/config- +files#grpc_port) configuration **will stop supporting encryption in a future release**. As of version 1.14, `ports.grpc_tls` is the recommended configuration to encrypt gRPC traffic. For most environments, the Envoy communication to Consul is loop-back only and does not benefit from encryption. @@ -51,7 +51,7 @@ review the following guidances relevant to your deployment: Upgrade to **Consul version 1.13.1 or later**. -Consul 1.13.0 contains a bug that prevents Consul server agents from restoring +Consul 1.13.0 contains a bug that prevents Consul server agents from restoring saved state on startup if the state 1. was generated before Consul 1.13 (such as during an upgrade), and @@ -61,25 +61,22 @@ This bug is fixed in Consul versions 1.13.1 and newer. #### Service mesh deployments using auto-encrypt or auto-config -**Do not upgrade to Consul 1.13 yet** if using +Upgrade to **Consul version 1.13.2 or later** if using [auto-encrypt](/docs/agent/config/config-files#auto_encrypt) or [auto-config](/docs/agent/config/config-files#auto_config). -In Consul 1.13, auto-encrypt and auto-config both cause Consul +In Consul 1.13.0 - 1.13.1, auto-encrypt and auto-config both cause Consul to require TLS for gRPC communication with Envoy proxies. In environments where Envoy proxies are not already configured -to use TLS for gRPC, upgrading Consul 1.13 will cause +to use TLS for gRPC, upgrading to Consul 1.13.0 - 1.13.1 will cause Envoy proxies to disconnect from the control plane (Consul agents). -The underlying cause is the same as discussed in -[deployments without the HTTPS port enabled on Consul agents](#service-mesh-deployments-without-the-https-port-enabled-on-consul-agents). -However, when using auto-encrypt or auto-config, -the problem **cannot** currently be avoided by -[modifying the agent's TLS configuration](#modify-the-consul-agent-s-tls-configuration) -because auto-encrypt and auto-config automatically set -interface-generic TLS configuration in a manner similar to -[`tls.defaults`](/docs/agent/config/config-files#tls_defaults). -We are working to address this problem in an upcoming 1.13 patch release. +If upgrading to version 1.13.2 or later, you must enable +[tls.grpc.use_auto_cert](/docs/agent/config/config-files#use_auto_cert) +if you currently rely on Consul agents presenting the auto-encrypt or +auto-config certs as the TLS server certs on the gRPC port. +The new `use_auto_cert` flag enables TLS for gRPC based on the presence +of auto-encrypt certs. #### Service mesh deployments without the HTTPS port enabled on Consul agents ((#grpc-tls)) @@ -264,9 +261,10 @@ be replaced with the new [`tls` stanza](/docs/agent/config/config-files#tls-conf ### 1.10 Compatibility Consul Enterprise versions 1.10.0 through 1.10.4 contain a latent bug that causes those client or server agents to deregister their own services or health -checks when some of the servers have been upgraded to 1.11. Before upgrading Consul Enterprise servers to 1.11, all Consul agents should first -be upgraded to 1.10.7 or higher to ensure forward compatibility and prevent -flapping of catalog registrations. +checks when some of the servers have been upgraded to 1.11 or later. +Before upgrading Consul Enterprise servers to 1.11 or later, +you should first upgrade all Consul client and server agents to 1.10.7 or higher +to ensure forward compatibility and prevent flapping of catalog registrations. ### Deprecated Agent Config Options @@ -1219,7 +1217,7 @@ and the agents need to be running version 0.7 or later in order to use this feature. These translated addresses could break HTTP endpoint consumers that are -expecting local addresses, so a new [`X-Consul-Translate-Addresses`](/api-docs#translated-addresses) +expecting local addresses, so a new [`X-Consul-Translate-Addresses`](/api-docs/api-structure#translated-addresses) header was added to allow clients to detect if translation is enabled for HTTP responses. A "lan" tag was added to `TaggedAddresses` for clients that need the local address regardless of translation. diff --git a/website/content/partials/http_api_results_filtered_by_acls.mdx b/website/content/partials/http_api_results_filtered_by_acls.mdx index 6afea76f84c2a..fda2b9744651d 100644 --- a/website/content/partials/http_api_results_filtered_by_acls.mdx +++ b/website/content/partials/http_api_results_filtered_by_acls.mdx @@ -1,3 +1,3 @@ The HTTP response includes the `X-Consul-Results-Filtered-By-ACLs: true` header if the response array excludes results due to ACL policy configuration. -Refer to the [HTTP API documentation](/api-docs#results-filtered-by-acls) for more information. +Refer to the [HTTP API documentation](/api-docs/api-structure#results-filtered-by-acls) for more information.