diff --git a/internal/envoy/v3/accesslog.go b/internal/envoy/v3/accesslog.go index f7e4b05aae3..ce9c77b5b6e 100644 --- a/internal/envoy/v3/accesslog.go +++ b/internal/envoy/v3/accesslog.go @@ -14,8 +14,8 @@ package v3 import ( - accesslogv2 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v2" - accesslog "github.com/envoyproxy/go-control-plane/envoy/config/filter/accesslog/v2" + envoy_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + envoy_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" _struct "github.com/golang/protobuf/ptypes/struct" "github.com/projectcontour/contour/internal/protobuf" @@ -24,11 +24,11 @@ import ( // FileAccessLogEnvoy returns a new file based access log filter // that will output Envoy's default access logs. -func FileAccessLogEnvoy(path string) []*accesslog.AccessLog { - return []*accesslog.AccessLog{{ +func FileAccessLogEnvoy(path string) []*envoy_accesslog_v3.AccessLog { + return []*envoy_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &accesslog.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&accesslogv2.FileAccessLog{ + ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ Path: path, // AccessLogFormat left blank to defer to Envoy's default log format. }), @@ -38,7 +38,7 @@ func FileAccessLogEnvoy(path string) []*accesslog.AccessLog { // FileAccessLogJSON returns a new file based access log filter // that will log in JSON format -func FileAccessLogJSON(path string, fields config.AccessLogFields) []*accesslog.AccessLog { +func FileAccessLogJSON(path string, fields config.AccessLogFields) []*envoy_accesslog_v3.AccessLog { jsonformat := &_struct.Struct{ Fields: make(map[string]*_struct.Value), @@ -48,12 +48,12 @@ func FileAccessLogJSON(path string, fields config.AccessLogFields) []*accesslog. jsonformat.Fields[k] = sv(v) } - return []*accesslog.AccessLog{{ + return []*envoy_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &accesslog.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&accesslogv2.FileAccessLog{ + ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ Path: path, - AccessLogFormat: &accesslogv2.FileAccessLog_JsonFormat{ + AccessLogFormat: &envoy_file_v3.FileAccessLog_JsonFormat{ JsonFormat: jsonformat, }, }), diff --git a/internal/envoy/v3/accesslog_test.go b/internal/envoy/v3/accesslog_test.go index 96d6d8262ec..7259051061d 100644 --- a/internal/envoy/v3/accesslog_test.go +++ b/internal/envoy/v3/accesslog_test.go @@ -16,8 +16,8 @@ package v3 import ( "testing" - accesslog_v2 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v2" - envoy_accesslog "github.com/envoyproxy/go-control-plane/envoy/config/filter/accesslog/v2" + envoy_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + envoy_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" _struct "github.com/golang/protobuf/ptypes/struct" "github.com/projectcontour/contour/internal/protobuf" @@ -27,14 +27,14 @@ import ( func TestFileAccessLog(t *testing.T) { tests := map[string]struct { path string - want []*envoy_accesslog.AccessLog + want []*envoy_accesslog_v3.AccessLog }{ "stdout": { path: "/dev/stdout", - want: []*envoy_accesslog.AccessLog{{ + want: []*envoy_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&accesslog_v2.FileAccessLog{ + ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ Path: "/dev/stdout", }), }, @@ -53,17 +53,17 @@ func TestJSONFileAccessLog(t *testing.T) { tests := map[string]struct { path string headers config.AccessLogFields - want []*envoy_accesslog.AccessLog + want []*envoy_accesslog_v3.AccessLog }{ "only timestamp": { path: "/dev/stdout", headers: config.AccessLogFields([]string{"@timestamp"}), - want: []*envoy_accesslog.AccessLog{{ + want: []*envoy_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&accesslog_v2.FileAccessLog{ + ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ Path: "/dev/stdout", - AccessLogFormat: &accesslog_v2.FileAccessLog_JsonFormat{ + AccessLogFormat: &envoy_file_v3.FileAccessLog_JsonFormat{ JsonFormat: &_struct.Struct{ Fields: map[string]*_struct.Value{ "@timestamp": sv("%START_TIME%"), @@ -84,12 +84,12 @@ func TestJSONFileAccessLog(t *testing.T) { "custom2=%DURATION%.0", "custom3=ST=%START_TIME(%s.%6f)%", }), - want: []*envoy_accesslog.AccessLog{{ + want: []*envoy_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&accesslog_v2.FileAccessLog{ + ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ Path: "/dev/stdout", - AccessLogFormat: &accesslog_v2.FileAccessLog_JsonFormat{ + AccessLogFormat: &envoy_file_v3.FileAccessLog_JsonFormat{ JsonFormat: &_struct.Struct{ Fields: map[string]*_struct.Value{ "@timestamp": sv("%START_TIME%"), diff --git a/internal/envoy/v3/auth.go b/internal/envoy/v3/auth.go index fed0370e418..ac1ac2c9c8d 100644 --- a/internal/envoy/v3/auth.go +++ b/internal/envoy/v3/auth.go @@ -14,28 +14,28 @@ package v3 import ( - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" + envoy_api_v3_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_v3_tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" ) -// UpstreamTLSContext creates an envoy_api_v2_auth.UpstreamTlsContext. By default +// UpstreamTLSContext creates an envoy_v3_tls.UpstreamTlsContext. By default // UpstreamTLSContext returns a HTTP/1.1 TLS enabled context. A list of // additional ALPN protocols can be provided. -func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, alpnProtocols ...string) *envoy_api_v2_auth.UpstreamTlsContext { - var clientSecretConfigs []*envoy_api_v2_auth.SdsSecretConfig +func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, alpnProtocols ...string) *envoy_v3_tls.UpstreamTlsContext { + var clientSecretConfigs []*envoy_v3_tls.SdsSecretConfig if clientSecret != nil { - clientSecretConfigs = []*envoy_api_v2_auth.SdsSecretConfig{{ + clientSecretConfigs = []*envoy_v3_tls.SdsSecretConfig{{ Name: envoy.Secretname(clientSecret), SdsConfig: ConfigSource("contour"), }} } - context := &envoy_api_v2_auth.UpstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{ + context := &envoy_v3_tls.UpstreamTlsContext{ + CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ AlpnProtocols: alpnProtocols, TlsCertificateSdsSecretConfigs: clientSecretConfigs, }, @@ -58,12 +58,12 @@ func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni st return context } -func validationContext(ca []byte, subjectName string) *envoy_api_v2_auth.CommonTlsContext_ValidationContext { - vc := &envoy_api_v2_auth.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_api_v2_auth.CertificateValidationContext{ - TrustedCa: &envoy_api_v2_core.DataSource{ +func validationContext(ca []byte, subjectName string) *envoy_v3_tls.CommonTlsContext_ValidationContext { + vc := &envoy_v3_tls.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_v3_tls.CertificateValidationContext{ + TrustedCa: &envoy_api_v3_core.DataSource{ // TODO(dfc) update this for SDS - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + Specifier: &envoy_api_v3_core.DataSource_InlineBytes{ InlineBytes: ca, }, }, @@ -82,15 +82,15 @@ func validationContext(ca []byte, subjectName string) *envoy_api_v2_auth.CommonT } // DownstreamTLSContext creates a new DownstreamTlsContext. -func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion envoy_api_v2_auth.TlsParameters_TlsProtocol, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_api_v2_auth.DownstreamTlsContext { - context := &envoy_api_v2_auth.DownstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{ - TlsParams: &envoy_api_v2_auth.TlsParameters{ +func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion envoy_v3_tls.TlsParameters_TlsProtocol, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_v3_tls.DownstreamTlsContext { + context := &envoy_v3_tls.DownstreamTlsContext{ + CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ + TlsParams: &envoy_v3_tls.TlsParameters{ TlsMinimumProtocolVersion: tlsMinProtoVersion, - TlsMaximumProtocolVersion: envoy_api_v2_auth.TlsParameters_TLSv1_3, + TlsMaximumProtocolVersion: envoy_v3_tls.TlsParameters_TLSv1_3, CipherSuites: envoy.Ciphers, }, - TlsCertificateSdsSecretConfigs: []*envoy_api_v2_auth.SdsSecretConfig{{ + TlsCertificateSdsSecretConfigs: []*envoy_v3_tls.SdsSecretConfig{{ Name: envoy.Secretname(serverSecret), SdsConfig: ConfigSource("contour"), }}, diff --git a/internal/envoy/v3/auth_test.go b/internal/envoy/v3/auth_test.go index 623029ba928..3c82b725254 100644 --- a/internal/envoy/v3/auth_test.go +++ b/internal/envoy/v3/auth_test.go @@ -16,9 +16,9 @@ package v3 import ( "testing" - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" + envoy_api_v3_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_v3_tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/protobuf" v1 "k8s.io/api/core/v1" @@ -41,17 +41,17 @@ func TestUpstreamTLSContext(t *testing.T) { validation *dag.PeerValidationContext alpnProtocols []string externalName string - want *envoy_api_v2_auth.UpstreamTlsContext + want *envoy_v3_tls.UpstreamTlsContext }{ "no alpn, no validation": { - want: &envoy_api_v2_auth.UpstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{}, + want: &envoy_v3_tls.UpstreamTlsContext{ + CommonTlsContext: &envoy_v3_tls.CommonTlsContext{}, }, }, "h2, no validation": { alpnProtocols: []string{"h2c"}, - want: &envoy_api_v2_auth.UpstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{ + want: &envoy_v3_tls.UpstreamTlsContext{ + CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ AlpnProtocols: []string{"h2c"}, }, }, @@ -60,16 +60,16 @@ func TestUpstreamTLSContext(t *testing.T) { validation: &dag.PeerValidationContext{ CACertificate: secret, }, - want: &envoy_api_v2_auth.UpstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{}, + want: &envoy_v3_tls.UpstreamTlsContext{ + CommonTlsContext: &envoy_v3_tls.CommonTlsContext{}, }, }, "no alpn, missing ca": { validation: &dag.PeerValidationContext{ SubjectName: "www.example.com", }, - want: &envoy_api_v2_auth.UpstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{}, + want: &envoy_v3_tls.UpstreamTlsContext{ + CommonTlsContext: &envoy_v3_tls.CommonTlsContext{}, }, }, "no alpn, ca and altname": { @@ -77,12 +77,12 @@ func TestUpstreamTLSContext(t *testing.T) { CACertificate: secret, SubjectName: "www.example.com", }, - want: &envoy_api_v2_auth.UpstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{ - ValidationContextType: &envoy_api_v2_auth.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_api_v2_auth.CertificateValidationContext{ - TrustedCa: &envoy_api_v2_core.DataSource{ - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + want: &envoy_v3_tls.UpstreamTlsContext{ + CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ + ValidationContextType: &envoy_v3_tls.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_v3_tls.CertificateValidationContext{ + TrustedCa: &envoy_api_v3_core.DataSource{ + Specifier: &envoy_api_v3_core.DataSource_InlineBytes{ InlineBytes: []byte("ca"), }, }, @@ -98,8 +98,8 @@ func TestUpstreamTLSContext(t *testing.T) { }, "external name sni": { externalName: "projectcontour.local", - want: &envoy_api_v2_auth.UpstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{}, + want: &envoy_v3_tls.UpstreamTlsContext{ + CommonTlsContext: &envoy_v3_tls.CommonTlsContext{}, Sni: "projectcontour.local", }, }, diff --git a/internal/envoy/v3/cluster.go b/internal/envoy/v3/cluster.go index d95cde2b76e..821c2f10f09 100644 --- a/internal/envoy/v3/cluster.go +++ b/internal/envoy/v3/cluster.go @@ -17,11 +17,10 @@ import ( "strings" "time" - v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_type "github.com/envoyproxy/go-control-plane/envoy/type" + envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" @@ -29,16 +28,16 @@ import ( "k8s.io/apimachinery/pkg/types" ) -func clusterDefaults() *v2.Cluster { - return &v2.Cluster{ +func clusterDefaults() *envoy_cluster_v3.Cluster { + return &envoy_cluster_v3.Cluster{ ConnectTimeout: protobuf.Duration(250 * time.Millisecond), CommonLbConfig: ClusterCommonLBConfig(), LbPolicy: lbPolicy(""), } } -// Cluster creates new v2.Cluster from dag.Cluster. -func Cluster(c *dag.Cluster) *v2.Cluster { +// Cluster creates new envoy_cluster_v3.Cluster from dag.Cluster. +func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster { service := c.Upstream cluster := clusterDefaults() @@ -51,22 +50,22 @@ func Cluster(c *dag.Cluster) *v2.Cluster { switch len(service.ExternalName) { case 0: // external name not set, cluster will be discovered via EDS - cluster.ClusterDiscoveryType = ClusterDiscoveryType(v2.Cluster_EDS) + cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS) cluster.EdsClusterConfig = edsconfig("contour", service) default: // external name set, use hard coded DNS name - cluster.ClusterDiscoveryType = ClusterDiscoveryType(v2.Cluster_STRICT_DNS) + cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS) cluster.LoadAssignment = StaticClusterLoadAssignment(service) } // Drain connections immediately if using healthchecks and the endpoint is known to be removed if c.HTTPHealthCheckPolicy != nil || c.TCPHealthCheckPolicy != nil { - cluster.DrainConnectionsOnHostRemoval = true + cluster.IgnoreHealthOnHostRemoval = true } if envoy.AnyPositive(service.MaxConnections, service.MaxPendingRequests, service.MaxRequests, service.MaxRetries) { - cluster.CircuitBreakers = &envoy_cluster.CircuitBreakers{ - Thresholds: []*envoy_cluster.CircuitBreakers_Thresholds{{ + cluster.CircuitBreakers = &envoy_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: protobuf.UInt32OrNil(service.MaxConnections), MaxPendingRequests: protobuf.UInt32OrNil(service.MaxPendingRequests), MaxRequests: protobuf.UInt32OrNil(service.MaxRequests), @@ -85,7 +84,7 @@ func Cluster(c *dag.Cluster) *v2.Cluster { ), ) case "h2": - cluster.Http2ProtocolOptions = &envoy_api_v2_core.Http2ProtocolOptions{} + cluster.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{} cluster.TransportSocket = UpstreamTLSTransportSocket( UpstreamTLSContext( c.UpstreamValidation, @@ -95,14 +94,14 @@ func Cluster(c *dag.Cluster) *v2.Cluster { ), ) case "h2c": - cluster.Http2ProtocolOptions = &envoy_api_v2_core.Http2ProtocolOptions{} + cluster.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{} } return cluster } -// ExtensionCluster builds a v2.Cluster struct for the given extension service. -func ExtensionCluster(ext *dag.ExtensionCluster) *v2.Cluster { +// ExtensionCluster builds a envoy_cluster_v3.Cluster struct for the given extension service. +func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_cluster_v3.Cluster { cluster := clusterDefaults() // The Envoy cluster name has already been set. @@ -120,8 +119,8 @@ func ExtensionCluster(ext *dag.ExtensionCluster) *v2.Cluster { cluster.LbPolicy = lbPolicy(ext.LoadBalancerPolicy) // Cluster will be discovered via EDS. - cluster.ClusterDiscoveryType = ClusterDiscoveryType(v2.Cluster_EDS) - cluster.EdsClusterConfig = &v2.Cluster_EdsClusterConfig{ + cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS) + cluster.EdsClusterConfig = &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: ext.Upstream.ClusterName, } @@ -130,7 +129,7 @@ func ExtensionCluster(ext *dag.ExtensionCluster) *v2.Cluster { switch ext.Protocol { case "h2": - cluster.Http2ProtocolOptions = &envoy_api_v2_core.Http2ProtocolOptions{} + cluster.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{} cluster.TransportSocket = UpstreamTLSTransportSocket( UpstreamTLSContext( ext.UpstreamValidation, @@ -140,16 +139,16 @@ func ExtensionCluster(ext *dag.ExtensionCluster) *v2.Cluster { ), ) case "h2c": - cluster.Http2ProtocolOptions = &envoy_api_v2_core.Http2ProtocolOptions{} + cluster.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{} } return cluster } -// StaticClusterLoadAssignment creates a *v2.ClusterLoadAssignment pointing to the external DNS address of the service -func StaticClusterLoadAssignment(service *dag.Service) *v2.ClusterLoadAssignment { +// StaticClusterLoadAssignment creates a *envoy_endpoint_v3.ClusterLoadAssignment pointing to the external DNS address of the service +func StaticClusterLoadAssignment(service *dag.Service) *envoy_endpoint_v3.ClusterLoadAssignment { addr := SocketAddress(service.ExternalName, int(service.Weighted.ServicePort.Port)) - return &v2.ClusterLoadAssignment{ + return &envoy_endpoint_v3.ClusterLoadAssignment{ Endpoints: Endpoints(addr), ClusterName: xds.ClusterLoadAssignmentName( types.NamespacedName{Name: service.Weighted.ServiceName, Namespace: service.Weighted.ServiceNamespace}, @@ -158,8 +157,8 @@ func StaticClusterLoadAssignment(service *dag.Service) *v2.ClusterLoadAssignment } } -func edsconfig(cluster string, service *dag.Service) *v2.Cluster_EdsClusterConfig { - return &v2.Cluster_EdsClusterConfig{ +func edsconfig(cluster string, service *dag.Service) *envoy_cluster_v3.Cluster_EdsClusterConfig { + return &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource(cluster), ServiceName: xds.ClusterLoadAssignmentName( types.NamespacedName{Name: service.Weighted.ServiceName, Namespace: service.Weighted.ServiceNamespace}, @@ -168,38 +167,38 @@ func edsconfig(cluster string, service *dag.Service) *v2.Cluster_EdsClusterConfi } } -func lbPolicy(strategy string) v2.Cluster_LbPolicy { +func lbPolicy(strategy string) envoy_cluster_v3.Cluster_LbPolicy { switch strategy { case "WeightedLeastRequest": - return v2.Cluster_LEAST_REQUEST + return envoy_cluster_v3.Cluster_LEAST_REQUEST case "Random": - return v2.Cluster_RANDOM + return envoy_cluster_v3.Cluster_RANDOM case "Cookie": - return v2.Cluster_RING_HASH + return envoy_cluster_v3.Cluster_RING_HASH default: - return v2.Cluster_ROUND_ROBIN + return envoy_cluster_v3.Cluster_ROUND_ROBIN } } -func edshealthcheck(c *dag.Cluster) []*envoy_api_v2_core.HealthCheck { +func edshealthcheck(c *dag.Cluster) []*envoy_core_v3.HealthCheck { if c.HTTPHealthCheckPolicy == nil && c.TCPHealthCheckPolicy == nil { return nil } if c.HTTPHealthCheckPolicy != nil { - return []*envoy_api_v2_core.HealthCheck{ + return []*envoy_core_v3.HealthCheck{ httpHealthCheck(c), } } - return []*envoy_api_v2_core.HealthCheck{ + return []*envoy_core_v3.HealthCheck{ tcpHealthCheck(c), } } -// ClusterCommonLBConfig creates a *v2.Cluster_CommonLbConfig with HealthyPanicThreshold disabled. -func ClusterCommonLBConfig() *v2.Cluster_CommonLbConfig { - return &v2.Cluster_CommonLbConfig{ +// ClusterCommonLBConfig creates a *envoy_cluster_v3.Cluster_CommonLbConfig with HealthyPanicThreshold disabled. +func ClusterCommonLBConfig() *envoy_cluster_v3.Cluster_CommonLbConfig { + return &envoy_cluster_v3.Cluster_CommonLbConfig{ HealthyPanicThreshold: &envoy_type.Percent{ // Disable HealthyPanicThreshold Value: 0, }, @@ -231,14 +230,14 @@ func ClusterDiscoveryType(t envoy_cluster_v3.Cluster_DiscoveryType) *envoy_clust return &envoy_cluster_v3.Cluster_Type{Type: t} } -// parseDNSLookupFamily parses the dnsLookupFamily string into a v2.Cluster_DnsLookupFamily -func parseDNSLookupFamily(value string) v2.Cluster_DnsLookupFamily { +// parseDNSLookupFamily parses the dnsLookupFamily string into a envoy_cluster_v3.Cluster_DnsLookupFamily +func parseDNSLookupFamily(value string) envoy_cluster_v3.Cluster_DnsLookupFamily { switch value { case "v4": - return v2.Cluster_V4_ONLY + return envoy_cluster_v3.Cluster_V4_ONLY case "v6": - return v2.Cluster_V6_ONLY + return envoy_cluster_v3.Cluster_V6_ONLY } - return v2.Cluster_AUTO + return envoy_cluster_v3.Cluster_AUTO } diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index 387228a6902..a40716dbdc9 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -17,10 +17,9 @@ import ( "testing" "time" - v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_cluster "github.com/envoyproxy/go-control-plane/envoy/api/v2/cluster" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - envoy_type "github.com/envoyproxy/go-control-plane/envoy/type" + envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/golang/protobuf/proto" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" @@ -109,17 +108,17 @@ func TestCluster(t *testing.T) { tests := map[string]struct { cluster *dag.Cluster - want *v2.Cluster + want *envoy_cluster_v3.Cluster }{ "simple service": { cluster: &dag.Cluster{ Upstream: service(s1), }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -130,15 +129,15 @@ func TestCluster(t *testing.T) { Upstream: service(s1, "h2c"), Protocol: "h2c", }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - Http2ProtocolOptions: &envoy_api_v2_core.Http2ProtocolOptions{}, + Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{}, }, }, "h2 upstream": { @@ -146,28 +145,28 @@ func TestCluster(t *testing.T) { Upstream: service(s1, "h2"), Protocol: "h2", }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, TransportSocket: UpstreamTLSTransportSocket( UpstreamTLSContext(nil, "", nil, "h2"), ), - Http2ProtocolOptions: &envoy_api_v2_core.Http2ProtocolOptions{}, + Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{}, }, }, "externalName service": { cluster: &dag.Cluster{ Upstream: service(s2), }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: StaticClusterLoadAssignment(service(s2)), }, }, @@ -176,12 +175,12 @@ func TestCluster(t *testing.T) { Upstream: service(s2), DNSLookupFamily: "v4", }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: StaticClusterLoadAssignment(service(s2)), - DnsLookupFamily: v2.Cluster_V4_ONLY, + DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY, }, }, "externalName service - dns-lookup-family v6": { @@ -189,12 +188,12 @@ func TestCluster(t *testing.T) { Upstream: service(s2), DNSLookupFamily: "v6", }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: StaticClusterLoadAssignment(service(s2)), - DnsLookupFamily: v2.Cluster_V6_ONLY, + DnsLookupFamily: envoy_cluster_v3.Cluster_V6_ONLY, }, }, "externalName service - dns-lookup-family auto": { @@ -202,12 +201,12 @@ func TestCluster(t *testing.T) { Upstream: service(s2), DNSLookupFamily: "auto", }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: StaticClusterLoadAssignment(service(s2)), - DnsLookupFamily: v2.Cluster_AUTO, + DnsLookupFamily: envoy_cluster_v3.Cluster_AUTO, }, }, "externalName service - dns-lookup-family not defined": { @@ -215,12 +214,12 @@ func TestCluster(t *testing.T) { Upstream: service(s2), //DNSLookupFamily: "auto", }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: StaticClusterLoadAssignment(service(s2)), - DnsLookupFamily: v2.Cluster_AUTO, + DnsLookupFamily: envoy_cluster_v3.Cluster_AUTO, }, }, "tls upstream": { @@ -228,11 +227,11 @@ func TestCluster(t *testing.T) { Upstream: service(s1, "tls"), Protocol: "tls", }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -247,10 +246,10 @@ func TestCluster(t *testing.T) { Protocol: "tls", SNI: "projectcontour.local", }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: StaticClusterLoadAssignment(service(svcExternal, "tls")), TransportSocket: UpstreamTLSTransportSocket( UpstreamTLSContext(nil, "projectcontour.local", nil), @@ -266,11 +265,11 @@ func TestCluster(t *testing.T) { SubjectName: "foo.bar.io", }, }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/3ac4e90987", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -297,16 +296,16 @@ func TestCluster(t *testing.T) { }, }, }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_cluster.CircuitBreakers{ - Thresholds: []*envoy_cluster.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: protobuf.UInt32(9000), }}, }, @@ -324,16 +323,16 @@ func TestCluster(t *testing.T) { }, }, }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_cluster.CircuitBreakers{ - Thresholds: []*envoy_cluster.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ MaxPendingRequests: protobuf.UInt32(4096), }}, }, @@ -351,16 +350,16 @@ func TestCluster(t *testing.T) { }, }, }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_cluster.CircuitBreakers{ - Thresholds: []*envoy_cluster.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ MaxRequests: protobuf.UInt32(404), }}, }, @@ -378,16 +377,16 @@ func TestCluster(t *testing.T) { }, }, }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_cluster.CircuitBreakers{ - Thresholds: []*envoy_cluster.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ MaxRetries: protobuf.UInt32(7), }}, }, @@ -398,15 +397,15 @@ func TestCluster(t *testing.T) { Upstream: service(s1), LoadBalancerPolicy: "Random", }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/58d888c08a", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - LbPolicy: v2.Cluster_RANDOM, + LbPolicy: envoy_cluster_v3.Cluster_RANDOM, }, }, "cluster with cookie policy": { @@ -414,15 +413,15 @@ func TestCluster(t *testing.T) { Upstream: service(s1), LoadBalancerPolicy: "Cookie", }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/e4f81994fe", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - LbPolicy: v2.Cluster_RING_HASH, + LbPolicy: envoy_cluster_v3.Cluster_RING_HASH, }, }, @@ -430,11 +429,11 @@ func TestCluster(t *testing.T) { cluster: &dag.Cluster{ Upstream: service(s1), }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -450,22 +449,22 @@ func TestCluster(t *testing.T) { HealthyThreshold: 2, }, }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - DrainConnectionsOnHostRemoval: true, - HealthChecks: []*envoy_api_v2_core.HealthCheck{{ + IgnoreHealthOnHostRemoval: true, + HealthChecks: []*envoy_core_v3.HealthCheck{{ Timeout: durationOrDefault(2, envoy.HCTimeout), Interval: durationOrDefault(10, envoy.HCInterval), UnhealthyThreshold: protobuf.UInt32OrDefault(3, envoy.HCUnhealthyThreshold), HealthyThreshold: protobuf.UInt32OrDefault(2, envoy.HCHealthyThreshold), - HealthChecker: &envoy_api_v2_core.HealthCheck_TcpHealthCheck_{ - TcpHealthCheck: &envoy_api_v2_core.HealthCheck_TcpHealthCheck{}, + HealthChecker: &envoy_core_v3.HealthCheck_TcpHealthCheck_{ + TcpHealthCheck: &envoy_core_v3.HealthCheck_TcpHealthCheck{}, }, }}, }, @@ -476,11 +475,11 @@ func TestCluster(t *testing.T) { Protocol: "tls", ClientCertificate: clientSecret, }, - want: &v2.Cluster{ + want: &envoy_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(v2.Cluster_EDS), - EdsClusterConfig: &v2.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -620,18 +619,18 @@ func TestClustername(t *testing.T) { } func TestLBPolicy(t *testing.T) { - tests := map[string]v2.Cluster_LbPolicy{ - "WeightedLeastRequest": v2.Cluster_LEAST_REQUEST, - "Random": v2.Cluster_RANDOM, - "RoundRobin": v2.Cluster_ROUND_ROBIN, - "": v2.Cluster_ROUND_ROBIN, - "unknown": v2.Cluster_ROUND_ROBIN, - "Cookie": v2.Cluster_RING_HASH, + tests := map[string]envoy_cluster_v3.Cluster_LbPolicy{ + "WeightedLeastRequest": envoy_cluster_v3.Cluster_LEAST_REQUEST, + "Random": envoy_cluster_v3.Cluster_RANDOM, + "RoundRobin": envoy_cluster_v3.Cluster_ROUND_ROBIN, + "": envoy_cluster_v3.Cluster_ROUND_ROBIN, + "unknown": envoy_cluster_v3.Cluster_ROUND_ROBIN, + "Cookie": envoy_cluster_v3.Cluster_RING_HASH, // RingHash and Maglev were removed as options in 0.13. // See #1150 - "RingHash": v2.Cluster_ROUND_ROBIN, - "Maglev": v2.Cluster_ROUND_ROBIN, + "RingHash": envoy_cluster_v3.Cluster_ROUND_ROBIN, + "Maglev": envoy_cluster_v3.Cluster_ROUND_ROBIN, } for policy, want := range tests { @@ -644,7 +643,7 @@ func TestLBPolicy(t *testing.T) { func TestClusterCommonLBConfig(t *testing.T) { got := ClusterCommonLBConfig() - want := &v2.Cluster_CommonLbConfig{ + want := &envoy_cluster_v3.Cluster_CommonLbConfig{ HealthyPanicThreshold: &envoy_type.Percent{ // Disable HealthyPanicThreshold Value: 0, }, diff --git a/internal/envoy/v3/endpoint.go b/internal/envoy/v3/endpoint.go index 72ae8fb6d0b..6ad70b7eed8 100644 --- a/internal/envoy/v3/endpoint.go +++ b/internal/envoy/v3/endpoint.go @@ -14,11 +14,8 @@ package v3 import ( - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - envoy_api_v2_endpoint "github.com/envoyproxy/go-control-plane/envoy/api/v2/endpoint" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - v2 "github.com/projectcontour/contour/internal/envoy/v2" "github.com/projectcontour/contour/internal/protobuf" ) @@ -46,19 +43,19 @@ func Endpoints(addrs ...*envoy_core_v3.Address) []*envoy_endpoint_v3.LocalityLbE }} } -func WeightedEndpoints(weight uint32, addrs ...*envoy_api_v2_core.Address) []*envoy_api_v2_endpoint.LocalityLbEndpoints { +func WeightedEndpoints(weight uint32, addrs ...*envoy_core_v3.Address) []*envoy_endpoint_v3.LocalityLbEndpoints { lbendpoints := Endpoints(addrs...) lbendpoints[0].LoadBalancingWeight = protobuf.UInt32(weight) return lbendpoints } -// ClusterLoadAssignment returns a *v2.ClusterLoadAssignment with a single +// ClusterLoadAssignment returns a *envoy_endpoint_v3.ClusterLoadAssignment with a single // LocalityLbEndpoints of the supplied addresses. -func ClusterLoadAssignment(name string, addrs ...*envoy_api_v2_core.Address) *v2.ClusterLoadAssignment { +func ClusterLoadAssignment(name string, addrs ...*envoy_core_v3.Address) *envoy_endpoint_v3.ClusterLoadAssignment { if len(addrs) == 0 { - return &v2.ClusterLoadAssignment{ClusterName: name} + return &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: name} } - return &v2.ClusterLoadAssignment{ + return &envoy_endpoint_v3.ClusterLoadAssignment{ ClusterName: name, Endpoints: Endpoints(addrs...), } diff --git a/internal/envoy/v3/endpoint_test.go b/internal/envoy/v3/endpoint_test.go index 1c623fea21a..0b6ee4a6e8e 100644 --- a/internal/envoy/v3/endpoint_test.go +++ b/internal/envoy/v3/endpoint_test.go @@ -16,9 +16,7 @@ package v3 import ( "testing" - envoy_api_v2_endpoint "github.com/envoyproxy/go-control-plane/envoy/api/v2/endpoint" envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - v2 "github.com/projectcontour/contour/internal/envoy/v2" "github.com/projectcontour/contour/internal/protobuf" ) @@ -39,16 +37,16 @@ func TestEndpoints(t *testing.T) { SocketAddress("github.com", 443), SocketAddress("microsoft.com", 80), ) - want := []*envoy_api_v2_endpoint.LocalityLbEndpoints{{ - LbEndpoints: []*envoy_api_v2_endpoint.LbEndpoint{{ - HostIdentifier: &envoy_api_v2_endpoint.LbEndpoint_Endpoint{ - Endpoint: &envoy_api_v2_endpoint.Endpoint{ + want := []*envoy_endpoint_v3.LocalityLbEndpoints{{ + LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{{ + HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_endpoint_v3.Endpoint{ Address: SocketAddress("github.com", 443), }, }, }, { - HostIdentifier: &envoy_api_v2_endpoint.LbEndpoint_Endpoint{ - Endpoint: &envoy_api_v2_endpoint.Endpoint{ + HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_endpoint_v3.Endpoint{ Address: SocketAddress("microsoft.com", 80), }, }, @@ -59,14 +57,14 @@ func TestEndpoints(t *testing.T) { func TestClusterLoadAssignment(t *testing.T) { got := ClusterLoadAssignment("empty") - want := &v2.ClusterLoadAssignment{ + want := &envoy_endpoint_v3.ClusterLoadAssignment{ ClusterName: "empty", } protobuf.RequireEqual(t, want, got) got = ClusterLoadAssignment("one addr", SocketAddress("microsoft.com", 81)) - want = &v2.ClusterLoadAssignment{ + want = &envoy_endpoint_v3.ClusterLoadAssignment{ ClusterName: "one addr", Endpoints: Endpoints(SocketAddress("microsoft.com", 81)), } @@ -77,7 +75,7 @@ func TestClusterLoadAssignment(t *testing.T) { SocketAddress("microsoft.com", 81), SocketAddress("github.com", 443), ) - want = &v2.ClusterLoadAssignment{ + want = &envoy_endpoint_v3.ClusterLoadAssignment{ ClusterName: "two addrs", Endpoints: Endpoints( SocketAddress("microsoft.com", 81), diff --git a/internal/envoy/v3/healthcheck.go b/internal/envoy/v3/healthcheck.go index b6e9f11fbc2..7f419deacd2 100644 --- a/internal/envoy/v3/healthcheck.go +++ b/internal/envoy/v3/healthcheck.go @@ -16,15 +16,15 @@ package v3 import ( "time" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" "github.com/golang/protobuf/ptypes/duration" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" ) -// httpHealthCheck returns a *envoy_api_v2_core.HealthCheck value for HTTP Routes -func httpHealthCheck(cluster *dag.Cluster) *envoy_api_v2_core.HealthCheck { +// httpHealthCheck returns a *envoy_core_v3.HealthCheck value for HTTP Routes +func httpHealthCheck(cluster *dag.Cluster) *envoy_core_v3.HealthCheck { hc := cluster.HTTPHealthCheckPolicy host := envoy.HCHost if hc.Host != "" { @@ -33,13 +33,13 @@ func httpHealthCheck(cluster *dag.Cluster) *envoy_api_v2_core.HealthCheck { // TODO(dfc) why do we need to specify our own default, what is the default // that envoy applies if these fields are left nil? - return &envoy_api_v2_core.HealthCheck{ + return &envoy_core_v3.HealthCheck{ Timeout: durationOrDefault(hc.Timeout, envoy.HCTimeout), Interval: durationOrDefault(hc.Interval, envoy.HCInterval), UnhealthyThreshold: protobuf.UInt32OrDefault(hc.UnhealthyThreshold, envoy.HCUnhealthyThreshold), HealthyThreshold: protobuf.UInt32OrDefault(hc.HealthyThreshold, envoy.HCHealthyThreshold), - HealthChecker: &envoy_api_v2_core.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_api_v2_core.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ Path: hc.Path, Host: host, }, @@ -47,17 +47,17 @@ func httpHealthCheck(cluster *dag.Cluster) *envoy_api_v2_core.HealthCheck { } } -// tcpHealthCheck returns a *envoy_api_v2_core.HealthCheck value for TCPProxies -func tcpHealthCheck(cluster *dag.Cluster) *envoy_api_v2_core.HealthCheck { +// tcpHealthCheck returns a *envoy_core_v3.HealthCheck value for TCPProxies +func tcpHealthCheck(cluster *dag.Cluster) *envoy_core_v3.HealthCheck { hc := cluster.TCPHealthCheckPolicy - return &envoy_api_v2_core.HealthCheck{ + return &envoy_core_v3.HealthCheck{ Timeout: durationOrDefault(hc.Timeout, envoy.HCTimeout), Interval: durationOrDefault(hc.Interval, envoy.HCInterval), UnhealthyThreshold: protobuf.UInt32OrDefault(hc.UnhealthyThreshold, envoy.HCUnhealthyThreshold), HealthyThreshold: protobuf.UInt32OrDefault(hc.HealthyThreshold, envoy.HCHealthyThreshold), - HealthChecker: &envoy_api_v2_core.HealthCheck_TcpHealthCheck_{ - TcpHealthCheck: &envoy_api_v2_core.HealthCheck_TcpHealthCheck{}, + HealthChecker: &envoy_core_v3.HealthCheck_TcpHealthCheck_{ + TcpHealthCheck: &envoy_core_v3.HealthCheck_TcpHealthCheck{}, }, } } diff --git a/internal/envoy/v3/healthcheck_test.go b/internal/envoy/v3/healthcheck_test.go index 363d421989d..1e9bf200607 100644 --- a/internal/envoy/v3/healthcheck_test.go +++ b/internal/envoy/v3/healthcheck_test.go @@ -17,7 +17,7 @@ import ( "testing" "time" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" @@ -26,7 +26,7 @@ import ( func TestHealthCheck(t *testing.T) { tests := map[string]struct { cluster *dag.Cluster - want *envoy_api_v2_core.HealthCheck + want *envoy_core_v3.HealthCheck }{ // this is an odd case because contour.edshealthcheck will not call envoy.HealthCheck // when hc is nil, so if hc is not nil, at least one of the parameters on it must be set. @@ -34,13 +34,13 @@ func TestHealthCheck(t *testing.T) { cluster: &dag.Cluster{ HTTPHealthCheckPolicy: new(dag.HTTPHealthCheckPolicy), }, - want: &envoy_api_v2_core.HealthCheck{ + want: &envoy_core_v3.HealthCheck{ Timeout: protobuf.Duration(envoy.HCTimeout), Interval: protobuf.Duration(envoy.HCInterval), UnhealthyThreshold: protobuf.UInt32(3), HealthyThreshold: protobuf.UInt32(2), - HealthChecker: &envoy_api_v2_core.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_api_v2_core.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ // TODO(dfc) this doesn't seem right Host: "contour-envoy-healthcheck", }, @@ -53,13 +53,13 @@ func TestHealthCheck(t *testing.T) { Path: "/healthy", }, }, - want: &envoy_api_v2_core.HealthCheck{ + want: &envoy_core_v3.HealthCheck{ Timeout: protobuf.Duration(envoy.HCTimeout), Interval: protobuf.Duration(envoy.HCInterval), UnhealthyThreshold: protobuf.UInt32(3), HealthyThreshold: protobuf.UInt32(2), - HealthChecker: &envoy_api_v2_core.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_api_v2_core.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ Path: "/healthy", Host: "contour-envoy-healthcheck", }, @@ -77,13 +77,13 @@ func TestHealthCheck(t *testing.T) { HealthyThreshold: 96, }, }, - want: &envoy_api_v2_core.HealthCheck{ + want: &envoy_core_v3.HealthCheck{ Timeout: protobuf.Duration(99 * time.Second), Interval: protobuf.Duration(98 * time.Second), UnhealthyThreshold: protobuf.UInt32(97), HealthyThreshold: protobuf.UInt32(96), - HealthChecker: &envoy_api_v2_core.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_api_v2_core.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ Path: "/healthy", Host: "foo-bar-host", }, diff --git a/internal/envoy/v3/listener.go b/internal/envoy/v3/listener.go index 337bd6295bb..911fd00695c 100644 --- a/internal/envoy/v3/listener.go +++ b/internal/envoy/v3/listener.go @@ -20,15 +20,15 @@ import ( "strings" "time" - v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - envoy_api_v2_listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" + accesslog "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - accesslog "github.com/envoyproxy/go-control-plane/envoy/config/filter/accesslog/v2" - envoy_config_filter_http_ext_authz_v2 "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/ext_authz/v2" - tcp "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/tcp_proxy/v2" - envoy_type "github.com/envoyproxy/go-control-plane/envoy/type" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" + lua "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" + http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + tcp "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" @@ -97,22 +97,22 @@ func CodecForVersions(versions ...HTTPVersionType) HTTPVersionType { } // TLSInspector returns a new TLS inspector listener filter. -func TLSInspector() *envoy_api_v2_listener.ListenerFilter { - return &envoy_api_v2_listener.ListenerFilter{ +func TLSInspector() *envoy_listener_v3.ListenerFilter { + return &envoy_listener_v3.ListenerFilter{ Name: wellknown.TlsInspector, } } // ProxyProtocol returns a new Proxy Protocol listener filter. -func ProxyProtocol() *envoy_api_v2_listener.ListenerFilter { - return &envoy_api_v2_listener.ListenerFilter{ +func ProxyProtocol() *envoy_listener_v3.ListenerFilter { + return &envoy_listener_v3.ListenerFilter{ Name: wellknown.ProxyProtocol, } } -// Listener returns a new v2.Listener for the supplied address, port, and filters. -func Listener(name, address string, port int, lf []*envoy_api_v2_listener.ListenerFilter, filters ...*envoy_api_v2_listener.Filter) *v2.Listener { - l := &v2.Listener{ +// Listener returns a new envoy_listener_v3.Listener for the supplied address, port, and filters. +func Listener(name, address string, port int, lf []*envoy_listener_v3.ListenerFilter, filters ...*envoy_listener_v3.Filter) *envoy_listener_v3.Listener { + l := &envoy_listener_v3.Listener{ Name: name, Address: SocketAddress(address, port), ListenerFilters: lf, @@ -121,7 +121,7 @@ func Listener(name, address string, port int, lf []*envoy_api_v2_listener.Listen if len(filters) > 0 { l.FilterChains = append( l.FilterChains, - &envoy_api_v2_listener.FilterChain{ + &envoy_listener_v3.FilterChain{ Filters: filters, }, ) @@ -262,7 +262,7 @@ func (b *httpConnectionManagerBuilder) Validate() error { // from the builder settings. // // See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/network/http_connection_manager/v2/http_connection_manager.proto.html -func (b *httpConnectionManagerBuilder) Get() *envoy_api_v2_listener.Filter { +func (b *httpConnectionManagerBuilder) Get() *envoy_listener_v3.Filter { // For now, failing validation is a programmer error that // the caller can't reasonably recover from. A caller that can // handle this should validate manually. @@ -279,10 +279,10 @@ func (b *httpConnectionManagerBuilder) Get() *envoy_api_v2_listener.Filter { }, }, HttpFilters: b.filters, - CommonHttpProtocolOptions: &envoy_api_v2_core.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ IdleTimeout: envoy.Timeout(b.connectionIdleTimeout), }, - HttpProtocolOptions: &envoy_api_v2_core.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, @@ -319,9 +319,9 @@ func (b *httpConnectionManagerBuilder) Get() *envoy_api_v2_listener.Filter { cm.StatPrefix = b.routeConfigName } - return &envoy_api_v2_listener.Filter{ + return &envoy_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(cm), }, } @@ -329,7 +329,7 @@ func (b *httpConnectionManagerBuilder) Get() *envoy_api_v2_listener.Filter { // HTTPConnectionManager creates a new HTTP Connection Manager filter // for the supplied route, access log, and client request timeout. -func HTTPConnectionManager(routename string, accesslogger []*accesslog.AccessLog, requestTimeout time.Duration) *envoy_api_v2_listener.Filter { +func HTTPConnectionManager(routename string, accesslogger []*accesslog.AccessLog, requestTimeout time.Duration) *envoy_listener_v3.Filter { return HTTPConnectionManagerBuilder(). RouteConfigName(routename). MetricsPrefix(routename). @@ -344,7 +344,7 @@ func HTTPConnectionManagerBuilder() *httpConnectionManagerBuilder { } // TCPProxy creates a new TCPProxy filter. -func TCPProxy(statPrefix string, proxy *dag.TCPProxy, accesslogger []*accesslog.AccessLog) *envoy_api_v2_listener.Filter { +func TCPProxy(statPrefix string, proxy *dag.TCPProxy, accesslogger []*accesslog.AccessLog) *envoy_listener_v3.Filter { // Set the idle timeout in seconds for connections through a TCP Proxy type filter. // The value of two and a half hours for reasons documented at // https://github.com/projectcontour/contour/issues/1074 @@ -353,9 +353,9 @@ func TCPProxy(statPrefix string, proxy *dag.TCPProxy, accesslogger []*accesslog. switch len(proxy.Clusters) { case 1: - return &envoy_api_v2_listener.Filter{ + return &envoy_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&tcp.TcpProxy{ StatPrefix: statPrefix, ClusterSpecifier: &tcp.TcpProxy_Cluster{ @@ -379,9 +379,9 @@ func TCPProxy(statPrefix string, proxy *dag.TCPProxy, accesslogger []*accesslog. }) } sort.Stable(sorter.For(clusters)) - return &envoy_api_v2_listener.Filter{ + return &envoy_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&tcp.TcpProxy{ StatPrefix: statPrefix, ClusterSpecifier: &tcp.TcpProxy_WeightedClusters{ @@ -426,27 +426,27 @@ func SocketAddress(address string, port int) *envoy_core_v3.Address { } } -// Filters returns a []*envoy_api_v2_listener.Filter for the supplied filters. -func Filters(filters ...*envoy_api_v2_listener.Filter) []*envoy_api_v2_listener.Filter { +// Filters returns a []*envoy_listener_v3.Filter for the supplied filters. +func Filters(filters ...*envoy_listener_v3.Filter) []*envoy_listener_v3.Filter { if len(filters) == 0 { return nil } return filters } -// FilterChain returns a *envoy_api_v2_listener.FilterChain for the supplied filters. -func FilterChain(filters ...*envoy_api_v2_listener.Filter) *envoy_api_v2_listener.FilterChain { - return &envoy_api_v2_listener.FilterChain{ +// FilterChain returns a *envoy_listener_v3.FilterChain for the supplied filters. +func FilterChain(filters ...*envoy_listener_v3.Filter) *envoy_listener_v3.FilterChain { + return &envoy_listener_v3.FilterChain{ Filters: filters, } } -// FilterChains returns a []*envoy_api_v2_listener.FilterChain for the supplied filters. -func FilterChains(filters ...*envoy_api_v2_listener.Filter) []*envoy_api_v2_listener.FilterChain { +// FilterChains returns a []*envoy_listener_v3.FilterChain for the supplied filters. +func FilterChains(filters ...*envoy_listener_v3.Filter) []*envoy_listener_v3.FilterChain { if len(filters) == 0 { return nil } - return []*envoy_api_v2_listener.FilterChain{ + return []*envoy_listener_v3.FilterChain{ FilterChain(filters...), } } @@ -493,11 +493,11 @@ end // FilterExternalAuthz returns an `ext_authz` filter configured with the // requested parameters. func FilterExternalAuthz(authzClusterName string, failOpen bool, timeout timeout.Setting) *http.HttpFilter { - authConfig := envoy_config_filter_http_ext_authz_v2.ExtAuthz{ - Services: &envoy_config_filter_http_ext_authz_v2.ExtAuthz_GrpcService{ - GrpcService: &envoy_api_v2_core.GrpcService{ - TargetSpecifier: &envoy_api_v2_core.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_api_v2_core.GrpcService_EnvoyGrpc{ + authConfig := envoy_config_filter_http_ext_authz_v3.ExtAuthz{ + Services: &envoy_config_filter_http_ext_authz_v3.ExtAuthz_GrpcService{ + GrpcService: &envoy_core_v3.GrpcService{ + TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ ClusterName: authzClusterName, }, }, @@ -505,7 +505,7 @@ func FilterExternalAuthz(authzClusterName string, failOpen bool, timeout timeout // We don't need to configure metadata here, since we allow // operators to specify authorization context parameters at // the virtual host and route. - InitialMetadata: []*envoy_api_v2_core.HeaderValue{}, + InitialMetadata: []*envoy_core_v3.HeaderValue{}, }, }, // Pretty sure we always want this. Why have an @@ -531,11 +531,11 @@ func FilterExternalAuthz(authzClusterName string, failOpen bool, timeout timeout } } -// FilterChainTLS returns a TLS enabled envoy_api_v2_listener.FilterChain. -func FilterChainTLS(domain string, downstream *envoy_api_v2_auth.DownstreamTlsContext, filters []*envoy_api_v2_listener.Filter) *envoy_api_v2_listener.FilterChain { - fc := &envoy_api_v2_listener.FilterChain{ +// FilterChainTLS returns a TLS enabled envoy_listener_v3.FilterChain. +func FilterChainTLS(domain string, downstream *envoy_tls_v3.DownstreamTlsContext, filters []*envoy_listener_v3.Filter) *envoy_listener_v3.FilterChain { + fc := &envoy_listener_v3.FilterChain{ Filters: filters, - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ ServerNames: []string{domain}, }, } @@ -547,12 +547,12 @@ func FilterChainTLS(domain string, downstream *envoy_api_v2_auth.DownstreamTlsCo return fc } -// FilterChainTLSFallback returns a TLS enabled envoy_api_v2_listener.FilterChain conifgured for FallbackCertificate. -func FilterChainTLSFallback(downstream *envoy_api_v2_auth.DownstreamTlsContext, filters []*envoy_api_v2_listener.Filter) *envoy_api_v2_listener.FilterChain { - fc := &envoy_api_v2_listener.FilterChain{ +// FilterChainTLSFallback returns a TLS enabled envoy_listener_v3.FilterChain conifgured for FallbackCertificate. +func FilterChainTLSFallback(downstream *envoy_tls_v3.DownstreamTlsContext, filters []*envoy_listener_v3.Filter) *envoy_listener_v3.FilterChain { + fc := &envoy_listener_v3.FilterChain{ Name: "fallback-certificate", Filters: filters, - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, } @@ -563,12 +563,12 @@ func FilterChainTLSFallback(downstream *envoy_api_v2_auth.DownstreamTlsContext, return fc } -// ListenerFilters returns a []*envoy_api_v2_listener.ListenerFilter for the supplied listener filters. -func ListenerFilters(filters ...*envoy_api_v2_listener.ListenerFilter) []*envoy_api_v2_listener.ListenerFilter { +// ListenerFilters returns a []*envoy_listener_v3.ListenerFilter for the supplied listener filters. +func ListenerFilters(filters ...*envoy_listener_v3.ListenerFilter) []*envoy_listener_v3.ListenerFilter { return filters } -func ContainsFallbackFilterChain(filterchains []*envoy_api_v2_listener.FilterChain) bool { +func ContainsFallbackFilterChain(filterchains []*envoy_listener_v3.FilterChain) bool { for _, fc := range filterchains { if fc.Name == "fallback-certificate" { return true diff --git a/internal/envoy/v3/listener_test.go b/internal/envoy/v3/listener_test.go index 07509172c85..4c16aed788c 100644 --- a/internal/envoy/v3/listener_test.go +++ b/internal/envoy/v3/listener_test.go @@ -17,13 +17,12 @@ import ( "testing" "time" - v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - envoy_api_v2_listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" - envoy_api_v2_accesslog "github.com/envoyproxy/go-control-plane/envoy/config/filter/accesslog/v2" - http "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2" - envoy_config_v2_tcpproxy "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/tcp_proxy/v2" + envoy_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" @@ -56,18 +55,18 @@ func TestListener(t *testing.T) { tests := map[string]struct { name, address string port int - lf []*envoy_api_v2_listener.ListenerFilter - f []*envoy_api_v2_listener.Filter - want *v2.Listener + lf []*envoy_listener_v3.ListenerFilter + f []*envoy_listener_v3.Filter + want *envoy_listener_v3.Listener }{ "insecure listener": { name: "http", address: "0.0.0.0", port: 9000, - f: []*envoy_api_v2_listener.Filter{ + f: []*envoy_listener_v3.Filter{ HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null"), 0), }, - want: &v2.Listener{ + want: &envoy_listener_v3.Listener{ Name: "http", Address: SocketAddress("0.0.0.0", 9000), FilterChains: FilterChains( @@ -80,13 +79,13 @@ func TestListener(t *testing.T) { name: "http-proxy", address: "0.0.0.0", port: 9000, - lf: []*envoy_api_v2_listener.ListenerFilter{ + lf: []*envoy_listener_v3.ListenerFilter{ ProxyProtocol(), }, - f: []*envoy_api_v2_listener.Filter{ + f: []*envoy_listener_v3.Filter{ HTTPConnectionManager("http-proxy", FileAccessLogEnvoy("/dev/null"), 0), }, - want: &v2.Listener{ + want: &envoy_listener_v3.Listener{ Name: "http-proxy", Address: SocketAddress("0.0.0.0", 9000), ListenerFilters: ListenerFilters( @@ -105,7 +104,7 @@ func TestListener(t *testing.T) { lf: ListenerFilters( TLSInspector(), ), - want: &v2.Listener{ + want: &envoy_listener_v3.Listener{ Name: "https", Address: SocketAddress("0.0.0.0", 9000), ListenerFilters: ListenerFilters( @@ -122,7 +121,7 @@ func TestListener(t *testing.T) { ProxyProtocol(), TLSInspector(), ), - want: &v2.Listener{ + want: &envoy_listener_v3.Listener{ Name: "https-proxy", Address: SocketAddress("0.0.0.0", 9000), ListenerFilters: ListenerFilters( @@ -149,12 +148,12 @@ func TestSocketAddress(t *testing.T) { ) got := SocketAddress(addr, port) - want := &envoy_api_v2_core.Address{ - Address: &envoy_api_v2_core.Address_SocketAddress{ - SocketAddress: &envoy_api_v2_core.SocketAddress{ - Protocol: envoy_api_v2_core.SocketAddress_TCP, + want := &envoy_core_v3.Address{ + Address: &envoy_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_core_v3.SocketAddress{ + Protocol: envoy_core_v3.SocketAddress_TCP, Address: addr, - PortSpecifier: &envoy_api_v2_core.SocketAddress_PortValue{ + PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ PortValue: port, }, }, @@ -163,13 +162,13 @@ func TestSocketAddress(t *testing.T) { require.Equal(t, want, got) got = SocketAddress("::", port) - want = &envoy_api_v2_core.Address{ - Address: &envoy_api_v2_core.Address_SocketAddress{ - SocketAddress: &envoy_api_v2_core.SocketAddress{ - Protocol: envoy_api_v2_core.SocketAddress_TCP, + want = &envoy_core_v3.Address{ + Address: &envoy_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_core_v3.SocketAddress{ + Protocol: envoy_core_v3.SocketAddress_TCP, Address: "::", Ipv4Compat: true, // Set only for ipv6-any "::" - PortSpecifier: &envoy_api_v2_core.SocketAddress_PortValue{ + PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ PortValue: port, }, }, @@ -195,9 +194,9 @@ func TestDownstreamTLSContext(t *testing.T) { }, } - tlsParams := &envoy_api_v2_auth.TlsParameters{ - TlsMinimumProtocolVersion: envoy_api_v2_auth.TlsParameters_TLSv1_1, - TlsMaximumProtocolVersion: envoy_api_v2_auth.TlsParameters_TLSv1_3, + tlsParams := &envoy_tls_v3.TlsParameters{ + TlsMinimumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_1, + TlsMaximumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_3, CipherSuites: []string{ "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]", "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]", @@ -210,15 +209,17 @@ func TestDownstreamTLSContext(t *testing.T) { }, } - tlsCertificateSdsSecretConfigs := []*envoy_api_v2_auth.SdsSecretConfig{{ + tlsCertificateSdsSecretConfigs := []*envoy_tls_v3.SdsSecretConfig{{ Name: envoy.Secretname(serverSecret), - SdsConfig: &envoy_api_v2_core.ConfigSource{ - ConfigSourceSpecifier: &envoy_api_v2_core.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_api_v2_core.ApiConfigSource{ - ApiType: envoy_api_v2_core.ApiConfigSource_GRPC, - GrpcServices: []*envoy_api_v2_core.GrpcService{{ - TargetSpecifier: &envoy_api_v2_core.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_api_v2_core.GrpcService_EnvoyGrpc{ + SdsConfig: &envoy_core_v3.ConfigSource{ + ResourceApiVersion: envoy_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_core_v3.ApiConfigSource{ + ApiType: envoy_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_core_v3.GrpcService{{ + TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", }, }, @@ -229,10 +230,10 @@ func TestDownstreamTLSContext(t *testing.T) { }} alpnProtocols := []string{"h2", "http/1.1"} - validationContext := &envoy_api_v2_auth.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_api_v2_auth.CertificateValidationContext{ - TrustedCa: &envoy_api_v2_core.DataSource{ - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + validationContext := &envoy_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_core_v3.DataSource{ + Specifier: &envoy_core_v3.DataSource_InlineBytes{ InlineBytes: ca, }, }, @@ -270,13 +271,13 @@ func TestDownstreamTLSContext(t *testing.T) { } tests := map[string]struct { - got *envoy_api_v2_auth.DownstreamTlsContext - want *envoy_api_v2_auth.DownstreamTlsContext + got *envoy_tls_v3.DownstreamTlsContext + want *envoy_tls_v3.DownstreamTlsContext }{ "TLS context without client authentication": { - DownstreamTLSContext(serverSecret, envoy_api_v2_auth.TlsParameters_TLSv1_1, nil, "h2", "http/1.1"), - &envoy_api_v2_auth.DownstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_1, nil, "h2", "http/1.1"), + &envoy_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -284,9 +285,9 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "TLS context with client authentication": { - DownstreamTLSContext(serverSecret, envoy_api_v2_auth.TlsParameters_TLSv1_1, peerValidationContext, "h2", "http/1.1"), - &envoy_api_v2_auth.DownstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_1, peerValidationContext, "h2", "http/1.1"), + &envoy_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -296,9 +297,9 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "Downstream validation shall not support subjectName validation": { - DownstreamTLSContext(serverSecret, envoy_api_v2_auth.TlsParameters_TLSv1_1, peerValidationContextWithSubjectName, "h2", "http/1.1"), - &envoy_api_v2_auth.DownstreamTlsContext{ - CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_1, peerValidationContextWithSubjectName, "h2", "http/1.1"), + &envoy_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -319,32 +320,34 @@ func TestDownstreamTLSContext(t *testing.T) { func TestHTTPConnectionManager(t *testing.T) { tests := map[string]struct { routename string - accesslogger []*envoy_api_v2_accesslog.AccessLog + accesslogger []*envoy_accesslog_v3.AccessLog requestTimeout timeout.Setting connectionIdleTimeout timeout.Setting streamIdleTimeout timeout.Setting maxConnectionDuration timeout.Setting connectionShutdownGracePeriod timeout.Setting - want *envoy_api_v2_listener.Filter + want *envoy_listener_v3.Filter }{ "default": { routename: "default/kuard", accesslogger: FileAccessLogEnvoy("/dev/stdout"), - want: &envoy_api_v2_listener.Filter{ + want: &envoy_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ StatPrefix: "default/kuard", RouteSpecifier: &http.HttpConnectionManager_Rds{ Rds: &http.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_api_v2_core.ConfigSource{ - ConfigSourceSpecifier: &envoy_api_v2_core.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_api_v2_core.ApiConfigSource{ - ApiType: envoy_api_v2_core.ApiConfigSource_GRPC, - GrpcServices: []*envoy_api_v2_core.GrpcService{{ - TargetSpecifier: &envoy_api_v2_core.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_api_v2_core.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_core_v3.ConfigSource{ + ResourceApiVersion: envoy_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_core_v3.ApiConfigSource{ + ApiType: envoy_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_core_v3.GrpcService{{ + TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", }, }, @@ -363,12 +366,12 @@ func TestHTTPConnectionManager(t *testing.T) { }, { Name: wellknown.Router, }}, - HttpProtocolOptions: &envoy_api_v2_core.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_api_v2_core.HttpProtocolOptions{}, + CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, AccessLog: FileAccessLogEnvoy("/dev/stdout"), UseRemoteAddress: protobuf.Bool(true), NormalizePath: protobuf.Bool(true), @@ -382,21 +385,23 @@ func TestHTTPConnectionManager(t *testing.T) { routename: "default/kuard", accesslogger: FileAccessLogEnvoy("/dev/stdout"), requestTimeout: timeout.DurationSetting(10 * time.Second), - want: &envoy_api_v2_listener.Filter{ + want: &envoy_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ StatPrefix: "default/kuard", RouteSpecifier: &http.HttpConnectionManager_Rds{ Rds: &http.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_api_v2_core.ConfigSource{ - ConfigSourceSpecifier: &envoy_api_v2_core.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_api_v2_core.ApiConfigSource{ - ApiType: envoy_api_v2_core.ApiConfigSource_GRPC, - GrpcServices: []*envoy_api_v2_core.GrpcService{{ - TargetSpecifier: &envoy_api_v2_core.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_api_v2_core.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_core_v3.ConfigSource{ + ResourceApiVersion: envoy_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_core_v3.ApiConfigSource{ + ApiType: envoy_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_core_v3.GrpcService{{ + TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", }, }, @@ -415,12 +420,12 @@ func TestHTTPConnectionManager(t *testing.T) { }, { Name: wellknown.Router, }}, - HttpProtocolOptions: &envoy_api_v2_core.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_api_v2_core.HttpProtocolOptions{}, + CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, AccessLog: FileAccessLogEnvoy("/dev/stdout"), UseRemoteAddress: protobuf.Bool(true), NormalizePath: protobuf.Bool(true), @@ -435,21 +440,23 @@ func TestHTTPConnectionManager(t *testing.T) { routename: "default/kuard", accesslogger: FileAccessLogEnvoy("/dev/stdout"), connectionIdleTimeout: timeout.DurationSetting(90 * time.Second), - want: &envoy_api_v2_listener.Filter{ + want: &envoy_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ StatPrefix: "default/kuard", RouteSpecifier: &http.HttpConnectionManager_Rds{ Rds: &http.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_api_v2_core.ConfigSource{ - ConfigSourceSpecifier: &envoy_api_v2_core.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_api_v2_core.ApiConfigSource{ - ApiType: envoy_api_v2_core.ApiConfigSource_GRPC, - GrpcServices: []*envoy_api_v2_core.GrpcService{{ - TargetSpecifier: &envoy_api_v2_core.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_api_v2_core.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_core_v3.ConfigSource{ + ResourceApiVersion: envoy_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_core_v3.ApiConfigSource{ + ApiType: envoy_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_core_v3.GrpcService{{ + TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", }, }, @@ -468,12 +475,12 @@ func TestHTTPConnectionManager(t *testing.T) { }, { Name: wellknown.Router, }}, - HttpProtocolOptions: &envoy_api_v2_core.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_api_v2_core.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ IdleTimeout: protobuf.Duration(90 * time.Second), }, AccessLog: FileAccessLogEnvoy("/dev/stdout"), @@ -489,21 +496,23 @@ func TestHTTPConnectionManager(t *testing.T) { routename: "default/kuard", accesslogger: FileAccessLogEnvoy("/dev/stdout"), streamIdleTimeout: timeout.DurationSetting(90 * time.Second), - want: &envoy_api_v2_listener.Filter{ + want: &envoy_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ StatPrefix: "default/kuard", RouteSpecifier: &http.HttpConnectionManager_Rds{ Rds: &http.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_api_v2_core.ConfigSource{ - ConfigSourceSpecifier: &envoy_api_v2_core.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_api_v2_core.ApiConfigSource{ - ApiType: envoy_api_v2_core.ApiConfigSource_GRPC, - GrpcServices: []*envoy_api_v2_core.GrpcService{{ - TargetSpecifier: &envoy_api_v2_core.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_api_v2_core.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_core_v3.ConfigSource{ + ResourceApiVersion: envoy_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_core_v3.ApiConfigSource{ + ApiType: envoy_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_core_v3.GrpcService{{ + TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", }, }, @@ -522,12 +531,12 @@ func TestHTTPConnectionManager(t *testing.T) { }, { Name: wellknown.Router, }}, - HttpProtocolOptions: &envoy_api_v2_core.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_api_v2_core.HttpProtocolOptions{}, + CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, AccessLog: FileAccessLogEnvoy("/dev/stdout"), UseRemoteAddress: protobuf.Bool(true), NormalizePath: protobuf.Bool(true), @@ -542,21 +551,23 @@ func TestHTTPConnectionManager(t *testing.T) { routename: "default/kuard", accesslogger: FileAccessLogEnvoy("/dev/stdout"), maxConnectionDuration: timeout.DurationSetting(90 * time.Second), - want: &envoy_api_v2_listener.Filter{ + want: &envoy_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ StatPrefix: "default/kuard", RouteSpecifier: &http.HttpConnectionManager_Rds{ Rds: &http.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_api_v2_core.ConfigSource{ - ConfigSourceSpecifier: &envoy_api_v2_core.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_api_v2_core.ApiConfigSource{ - ApiType: envoy_api_v2_core.ApiConfigSource_GRPC, - GrpcServices: []*envoy_api_v2_core.GrpcService{{ - TargetSpecifier: &envoy_api_v2_core.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_api_v2_core.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_core_v3.ConfigSource{ + ResourceApiVersion: envoy_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_core_v3.ApiConfigSource{ + ApiType: envoy_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_core_v3.GrpcService{{ + TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", }, }, @@ -575,12 +586,12 @@ func TestHTTPConnectionManager(t *testing.T) { }, { Name: wellknown.Router, }}, - HttpProtocolOptions: &envoy_api_v2_core.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_api_v2_core.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ MaxConnectionDuration: protobuf.Duration(90 * time.Second), }, AccessLog: FileAccessLogEnvoy("/dev/stdout"), @@ -596,21 +607,23 @@ func TestHTTPConnectionManager(t *testing.T) { routename: "default/kuard", accesslogger: FileAccessLogEnvoy("/dev/stdout"), maxConnectionDuration: timeout.DisabledSetting(), - want: &envoy_api_v2_listener.Filter{ + want: &envoy_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ StatPrefix: "default/kuard", RouteSpecifier: &http.HttpConnectionManager_Rds{ Rds: &http.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_api_v2_core.ConfigSource{ - ConfigSourceSpecifier: &envoy_api_v2_core.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_api_v2_core.ApiConfigSource{ - ApiType: envoy_api_v2_core.ApiConfigSource_GRPC, - GrpcServices: []*envoy_api_v2_core.GrpcService{{ - TargetSpecifier: &envoy_api_v2_core.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_api_v2_core.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_core_v3.ConfigSource{ + ResourceApiVersion: envoy_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_core_v3.ApiConfigSource{ + ApiType: envoy_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_core_v3.GrpcService{{ + TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", }, }, @@ -629,12 +642,12 @@ func TestHTTPConnectionManager(t *testing.T) { }, { Name: wellknown.Router, }}, - HttpProtocolOptions: &envoy_api_v2_core.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_api_v2_core.HttpProtocolOptions{}, + CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, AccessLog: FileAccessLogEnvoy("/dev/stdout"), UseRemoteAddress: protobuf.Bool(true), NormalizePath: protobuf.Bool(true), @@ -648,21 +661,23 @@ func TestHTTPConnectionManager(t *testing.T) { routename: "default/kuard", accesslogger: FileAccessLogEnvoy("/dev/stdout"), connectionShutdownGracePeriod: timeout.DurationSetting(90 * time.Second), - want: &envoy_api_v2_listener.Filter{ + want: &envoy_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ StatPrefix: "default/kuard", RouteSpecifier: &http.HttpConnectionManager_Rds{ Rds: &http.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_api_v2_core.ConfigSource{ - ConfigSourceSpecifier: &envoy_api_v2_core.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_api_v2_core.ApiConfigSource{ - ApiType: envoy_api_v2_core.ApiConfigSource_GRPC, - GrpcServices: []*envoy_api_v2_core.GrpcService{{ - TargetSpecifier: &envoy_api_v2_core.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_api_v2_core.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_core_v3.ConfigSource{ + ResourceApiVersion: envoy_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_core_v3.ApiConfigSource{ + ApiType: envoy_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_core_v3.GrpcService{{ + TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", }, }, @@ -681,12 +696,12 @@ func TestHTTPConnectionManager(t *testing.T) { }, { Name: wellknown.Router, }}, - HttpProtocolOptions: &envoy_api_v2_core.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_api_v2_core.HttpProtocolOptions{}, + CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, AccessLog: FileAccessLogEnvoy("/dev/stdout"), UseRemoteAddress: protobuf.Bool(true), NormalizePath: protobuf.Bool(true), @@ -754,18 +769,18 @@ func TestTCPProxy(t *testing.T) { tests := map[string]struct { proxy *dag.TCPProxy - want *envoy_api_v2_listener.Filter + want *envoy_listener_v3.Filter }{ "single cluster": { proxy: &dag.TCPProxy{ Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_listener.Filter{ + want: &envoy_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_config_v2_tcpproxy.TcpProxy{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_tcp_proxy_v3.TcpProxy{ StatPrefix: statPrefix, - ClusterSpecifier: &envoy_config_v2_tcpproxy.TcpProxy_Cluster{ + ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_Cluster{ Cluster: envoy.Clustername(c1), }, AccessLog: FileAccessLogEnvoy(accessLogPath), @@ -778,14 +793,14 @@ func TestTCPProxy(t *testing.T) { proxy: &dag.TCPProxy{ Clusters: []*dag.Cluster{c2, c1}, }, - want: &envoy_api_v2_listener.Filter{ + want: &envoy_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_config_v2_tcpproxy.TcpProxy{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_tcp_proxy_v3.TcpProxy{ StatPrefix: statPrefix, - ClusterSpecifier: &envoy_config_v2_tcpproxy.TcpProxy_WeightedClusters{ - WeightedClusters: &envoy_config_v2_tcpproxy.TcpProxy_WeightedCluster{ - Clusters: []*envoy_config_v2_tcpproxy.TcpProxy_WeightedCluster_ClusterWeight{{ + ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_WeightedClusters{ + WeightedClusters: &envoy_tcp_proxy_v3.TcpProxy_WeightedCluster{ + Clusters: []*envoy_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{{ Name: envoy.Clustername(c1), Weight: 1, }, { diff --git a/internal/envoy/v3/regex.go b/internal/envoy/v3/regex.go index 90d6060a6e3..224c07b6869 100644 --- a/internal/envoy/v3/regex.go +++ b/internal/envoy/v3/regex.go @@ -14,7 +14,7 @@ package v3 import ( - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" + matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" ) // SafeRegexMatch returns a matcher.RegexMatcher for the supplied regex. diff --git a/internal/envoy/v3/regex_test.go b/internal/envoy/v3/regex_test.go index 5ba1e07364d..12972a4407d 100644 --- a/internal/envoy/v3/regex_test.go +++ b/internal/envoy/v3/regex_test.go @@ -16,7 +16,7 @@ package v3 import ( "testing" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" + matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" "github.com/projectcontour/contour/internal/protobuf" ) diff --git a/internal/envoy/v3/route.go b/internal/envoy/v3/route.go index f3bec63491c..d6472c47418 100644 --- a/internal/envoy/v3/route.go +++ b/internal/envoy/v3/route.go @@ -19,11 +19,10 @@ import ( "sort" "strings" - v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - envoy_api_v2_route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" - envoy_config_filter_http_ext_authz_v2 "github.com/envoyproxy/go-control-plane/envoy/config/filter/http/ext_authz/v2" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_config_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" + matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" "github.com/golang/protobuf/ptypes/any" wrappers "github.com/golang/protobuf/ptypes/wrappers" "github.com/projectcontour/contour/internal/dag" @@ -35,8 +34,8 @@ import ( // RouteAuthzDisabled returns a per-route config to disable authorization. func RouteAuthzDisabled() *any.Any { return protobuf.MustMarshalAny( - &envoy_config_filter_http_ext_authz_v2.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v2.ExtAuthzPerRoute_Disabled{ + &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_Disabled{ Disabled: true, }, }, @@ -47,9 +46,9 @@ func RouteAuthzDisabled() *any.Any { // context entries in the check request. func RouteAuthzContext(settings map[string]string) *any.Any { return protobuf.MustMarshalAny( - &envoy_config_filter_http_ext_authz_v2.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v2.ExtAuthzPerRoute_CheckSettings{ - CheckSettings: &envoy_config_filter_http_ext_authz_v2.CheckSettings{ + &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ + CheckSettings: &envoy_config_filter_http_ext_authz_v3.CheckSettings{ ContextExtensions: settings, }, }, @@ -57,35 +56,35 @@ func RouteAuthzContext(settings map[string]string) *any.Any { ) } -// RouteMatch creates a *envoy_api_v2_route.RouteMatch for the supplied *dag.Route. -func RouteMatch(route *dag.Route) *envoy_api_v2_route.RouteMatch { +// RouteMatch creates a *envoy_route_v3.RouteMatch for the supplied *dag.Route. +func RouteMatch(route *dag.Route) *envoy_route_v3.RouteMatch { switch c := route.PathMatchCondition.(type) { case *dag.RegexMatchCondition: - return &envoy_api_v2_route.RouteMatch{ - PathSpecifier: &envoy_api_v2_route.RouteMatch_SafeRegex{ + return &envoy_route_v3.RouteMatch{ + PathSpecifier: &envoy_route_v3.RouteMatch_SafeRegex{ SafeRegex: SafeRegexMatch(c.Regex), }, Headers: headerMatcher(route.HeaderMatchConditions), } case *dag.PrefixMatchCondition: - return &envoy_api_v2_route.RouteMatch{ - PathSpecifier: &envoy_api_v2_route.RouteMatch_Prefix{ + return &envoy_route_v3.RouteMatch{ + PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ Prefix: c.Prefix, }, Headers: headerMatcher(route.HeaderMatchConditions), } default: - return &envoy_api_v2_route.RouteMatch{ + return &envoy_route_v3.RouteMatch{ Headers: headerMatcher(route.HeaderMatchConditions), } } } -// RouteRoute creates a *envoy_api_v2_route.Route_Route for the services supplied. +// RouteRoute creates a *envoy_route_v3.Route_Route for the services supplied. // If len(services) is greater than one, the route's action will be a // weighted cluster. -func RouteRoute(r *dag.Route) *envoy_api_v2_route.Route_Route { - ra := envoy_api_v2_route.RouteAction{ +func RouteRoute(r *dag.Route) *envoy_route_v3.Route_Route { + ra := envoy_route_v3.RouteAction{ RetryPolicy: retryPolicy(r), Timeout: envoy.Timeout(r.TimeoutPolicy.ResponseTimeout), IdleTimeout: envoy.Timeout(r.TimeoutPolicy.IdleTimeout), @@ -96,41 +95,42 @@ func RouteRoute(r *dag.Route) *envoy_api_v2_route.Route_Route { // Check for host header policy and set if found if val := envoy.HostReplaceHeader(r.RequestHeadersPolicy); val != "" { - ra.HostRewriteSpecifier = &envoy_api_v2_route.RouteAction_HostRewrite{ - HostRewrite: val, + // (SAS) This changed from RouteAction_HostRewrite + ra.HostRewriteSpecifier = &envoy_route_v3.RouteAction_HostRewriteHeader{ + HostRewriteHeader: val, } } if r.Websocket { ra.UpgradeConfigs = append(ra.UpgradeConfigs, - &envoy_api_v2_route.RouteAction_UpgradeConfig{ + &envoy_route_v3.RouteAction_UpgradeConfig{ UpgradeType: "websocket", }, ) } if envoy.SingleSimpleCluster(r.Clusters) { - ra.ClusterSpecifier = &envoy_api_v2_route.RouteAction_Cluster{ + ra.ClusterSpecifier = &envoy_route_v3.RouteAction_Cluster{ Cluster: envoy.Clustername(r.Clusters[0]), } } else { - ra.ClusterSpecifier = &envoy_api_v2_route.RouteAction_WeightedClusters{ + ra.ClusterSpecifier = &envoy_route_v3.RouteAction_WeightedClusters{ WeightedClusters: weightedClusters(r.Clusters), } } - return &envoy_api_v2_route.Route_Route{ + return &envoy_route_v3.Route_Route{ Route: &ra, } } // hashPolicy returns a slice of hash policies iff at least one of the route's // clusters supplied uses the `Cookie` load balancing strategy. -func hashPolicy(r *dag.Route) []*envoy_api_v2_route.RouteAction_HashPolicy { +func hashPolicy(r *dag.Route) []*envoy_route_v3.RouteAction_HashPolicy { for _, c := range r.Clusters { if c.LoadBalancerPolicy == "Cookie" { - return []*envoy_api_v2_route.RouteAction_HashPolicy{{ - PolicySpecifier: &envoy_api_v2_route.RouteAction_HashPolicy_Cookie_{ - Cookie: &envoy_api_v2_route.RouteAction_HashPolicy_Cookie{ + return []*envoy_route_v3.RouteAction_HashPolicy{{ + PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{ + Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{ Name: "X-Contour-Session-Affinity", Ttl: protobuf.Duration(0), Path: "/", @@ -142,17 +142,17 @@ func hashPolicy(r *dag.Route) []*envoy_api_v2_route.RouteAction_HashPolicy { return nil } -func mirrorPolicy(r *dag.Route) []*envoy_api_v2_route.RouteAction_RequestMirrorPolicy { +func mirrorPolicy(r *dag.Route) []*envoy_route_v3.RouteAction_RequestMirrorPolicy { if r.MirrorPolicy == nil { return nil } - return []*envoy_api_v2_route.RouteAction_RequestMirrorPolicy{{ + return []*envoy_route_v3.RouteAction_RequestMirrorPolicy{{ Cluster: envoy.Clustername(r.MirrorPolicy.Cluster), }} } -func retryPolicy(r *dag.Route) *envoy_api_v2_route.RetryPolicy { +func retryPolicy(r *dag.Route) *envoy_route_v3.RetryPolicy { if r.RetryPolicy == nil { return nil } @@ -160,7 +160,7 @@ func retryPolicy(r *dag.Route) *envoy_api_v2_route.RetryPolicy { return nil } - rp := &envoy_api_v2_route.RetryPolicy{ + rp := &envoy_route_v3.RetryPolicy{ RetryOn: r.RetryPolicy.RetryOn, RetriableStatusCodes: r.RetryPolicy.RetriableStatusCodes, } @@ -173,10 +173,10 @@ func retryPolicy(r *dag.Route) *envoy_api_v2_route.RetryPolicy { } // UpgradeHTTPS returns a route Action that redirects the request to HTTPS. -func UpgradeHTTPS() *envoy_api_v2_route.Route_Redirect { - return &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ +func UpgradeHTTPS() *envoy_route_v3.Route_Redirect { + return &envoy_route_v3.Route_Redirect{ + Redirect: &envoy_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -184,12 +184,12 @@ func UpgradeHTTPS() *envoy_api_v2_route.Route_Redirect { } // HeaderValueList creates a list of Envoy HeaderValueOptions from the provided map. -func HeaderValueList(hvm map[string]string, app bool) []*envoy_api_v2_core.HeaderValueOption { - var hvs []*envoy_api_v2_core.HeaderValueOption +func HeaderValueList(hvm map[string]string, app bool) []*envoy_core_v3.HeaderValueOption { + var hvs []*envoy_core_v3.HeaderValueOption for key, value := range hvm { - hvs = append(hvs, &envoy_api_v2_core.HeaderValueOption{ - Header: &envoy_api_v2_core.HeaderValue{ + hvs = append(hvs, &envoy_core_v3.HeaderValueOption{ + Header: &envoy_core_v3.HeaderValue{ Key: key, Value: value, }, @@ -207,13 +207,13 @@ func HeaderValueList(hvm map[string]string, app bool) []*envoy_api_v2_core.Heade } // weightedClusters returns a route.WeightedCluster for multiple services. -func weightedClusters(clusters []*dag.Cluster) *envoy_api_v2_route.WeightedCluster { - var wc envoy_api_v2_route.WeightedCluster +func weightedClusters(clusters []*dag.Cluster) *envoy_route_v3.WeightedCluster { + var wc envoy_route_v3.WeightedCluster var total uint32 for _, cluster := range clusters { total += cluster.Weight - c := &envoy_api_v2_route.WeightedCluster_ClusterWeight{ + c := &envoy_route_v3.WeightedCluster_ClusterWeight{ Name: envoy.Clustername(cluster), Weight: protobuf.UInt32(cluster.Weight), } @@ -241,14 +241,14 @@ func weightedClusters(clusters []*dag.Cluster) *envoy_api_v2_route.WeightedClust } // VirtualHost creates a new route.VirtualHost. -func VirtualHost(hostname string, routes ...*envoy_api_v2_route.Route) *envoy_api_v2_route.VirtualHost { +func VirtualHost(hostname string, routes ...*envoy_route_v3.Route) *envoy_route_v3.VirtualHost { domains := []string{hostname} if hostname != "*" { // NOTE(jpeach) see also envoy.FilterMisdirectedRequests(). domains = append(domains, hostname+":*") } - return &envoy_api_v2_route.VirtualHost{ + return &envoy_route_v3.VirtualHost{ Name: envoy.Hashname(60, hostname), Domains: domains, Routes: routes, @@ -256,15 +256,15 @@ func VirtualHost(hostname string, routes ...*envoy_api_v2_route.Route) *envoy_ap } // CORSVirtualHost creates a new route.VirtualHost with a CORS policy. -func CORSVirtualHost(hostname string, corspolicy *envoy_api_v2_route.CorsPolicy, routes ...*envoy_api_v2_route.Route) *envoy_api_v2_route.VirtualHost { +func CORSVirtualHost(hostname string, corspolicy *envoy_route_v3.CorsPolicy, routes ...*envoy_route_v3.Route) *envoy_route_v3.VirtualHost { vh := VirtualHost(hostname, routes...) vh.Cors = corspolicy return vh } -// RouteConfiguration returns a *v2.RouteConfiguration. -func RouteConfiguration(name string, virtualhosts ...*envoy_api_v2_route.VirtualHost) *v2.RouteConfiguration { - return &v2.RouteConfiguration{ +// RouteConfiguration returns a *envoy_route_v3.RouteConfiguration. +func RouteConfiguration(name string, virtualhosts ...*envoy_route_v3.VirtualHost) *envoy_route_v3.RouteConfiguration { + return &envoy_route_v3.RouteConfiguration{ Name: name, VirtualHosts: virtualhosts, RequestHeadersToAdd: Headers( @@ -273,12 +273,12 @@ func RouteConfiguration(name string, virtualhosts ...*envoy_api_v2_route.Virtual } } -// CORSPolicy returns a *v2.CORSPolicy -func CORSPolicy(cp *dag.CORSPolicy) *envoy_api_v2_route.CorsPolicy { +// CORSPolicy returns a *envoy_route_v3.CORSPolicy +func CORSPolicy(cp *dag.CORSPolicy) *envoy_route_v3.CorsPolicy { if cp == nil { return nil } - rcp := &envoy_api_v2_route.CorsPolicy{ + rcp := &envoy_route_v3.CorsPolicy{ AllowCredentials: protobuf.Bool(cp.AllowCredentials), AllowHeaders: strings.Join(cp.AllowHeaders, ","), AllowMethods: strings.Join(cp.AllowMethods, ","), @@ -305,13 +305,13 @@ func CORSPolicy(cp *dag.CORSPolicy) *envoy_api_v2_route.CorsPolicy { return rcp } -func Headers(first *envoy_api_v2_core.HeaderValueOption, rest ...*envoy_api_v2_core.HeaderValueOption) []*envoy_api_v2_core.HeaderValueOption { - return append([]*envoy_api_v2_core.HeaderValueOption{first}, rest...) +func Headers(first *envoy_core_v3.HeaderValueOption, rest ...*envoy_core_v3.HeaderValueOption) []*envoy_core_v3.HeaderValueOption { + return append([]*envoy_core_v3.HeaderValueOption{first}, rest...) } -func AppendHeader(key, value string) *envoy_api_v2_core.HeaderValueOption { - return &envoy_api_v2_core.HeaderValueOption{ - Header: &envoy_api_v2_core.HeaderValue{ +func AppendHeader(key, value string) *envoy_core_v3.HeaderValueOption { + return &envoy_core_v3.HeaderValueOption{ + Header: &envoy_core_v3.HeaderValue{ Key: key, Value: value, }, @@ -319,22 +319,22 @@ func AppendHeader(key, value string) *envoy_api_v2_core.HeaderValueOption { } } -func headerMatcher(headers []dag.HeaderMatchCondition) []*envoy_api_v2_route.HeaderMatcher { - var envoyHeaders []*envoy_api_v2_route.HeaderMatcher +func headerMatcher(headers []dag.HeaderMatchCondition) []*envoy_route_v3.HeaderMatcher { + var envoyHeaders []*envoy_route_v3.HeaderMatcher for _, h := range headers { - header := &envoy_api_v2_route.HeaderMatcher{ + header := &envoy_route_v3.HeaderMatcher{ Name: h.Name, InvertMatch: h.Invert, } switch h.MatchType { case "exact": - header.HeaderMatchSpecifier = &envoy_api_v2_route.HeaderMatcher_ExactMatch{ExactMatch: h.Value} + header.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_ExactMatch{ExactMatch: h.Value} case "contains": header.HeaderMatchSpecifier = containsMatch(h.Value) case "present": - header.HeaderMatchSpecifier = &envoy_api_v2_route.HeaderMatcher_PresentMatch{PresentMatch: true} + header.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PresentMatch{PresentMatch: true} } envoyHeaders = append(envoyHeaders, header) } @@ -343,13 +343,13 @@ func headerMatcher(headers []dag.HeaderMatchCondition) []*envoy_api_v2_route.Hea // containsMatch returns a HeaderMatchSpecifier which will match the // supplied substring -func containsMatch(s string) *envoy_api_v2_route.HeaderMatcher_SafeRegexMatch { +func containsMatch(s string) *envoy_route_v3.HeaderMatcher_SafeRegexMatch { // convert the substring s into a regular expression that matches s. // note that Envoy expects the expression to match the entire string, not just the substring // formed from s. see [projectcontour/contour/#1751 & envoyproxy/envoy#8283] regex := fmt.Sprintf(".*%s.*", regexp.QuoteMeta(s)) - return &envoy_api_v2_route.HeaderMatcher_SafeRegexMatch{ + return &envoy_route_v3.HeaderMatcher_SafeRegexMatch{ SafeRegexMatch: SafeRegexMatch(regex), } } diff --git a/internal/envoy/v3/route_test.go b/internal/envoy/v3/route_test.go index c72a3f06707..cc231c9cdb9 100644 --- a/internal/envoy/v3/route_test.go +++ b/internal/envoy/v3/route_test.go @@ -17,10 +17,9 @@ import ( "testing" "time" - v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - envoy_api_v2_route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" wrappers "github.com/golang/protobuf/ptypes/wrappers" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/fixture" @@ -58,15 +57,15 @@ func TestRouteRoute(t *testing.T) { tests := map[string]struct { route *dag.Route - want *envoy_api_v2_route.Route_Route + want *envoy_route_v3.Route_Route }{ "single service": { route: &dag.Route{ Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, }, @@ -77,12 +76,12 @@ func TestRouteRoute(t *testing.T) { Websocket: true, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - UpgradeConfigs: []*envoy_api_v2_route.RouteAction_UpgradeConfig{{ + UpgradeConfigs: []*envoy_route_v3.RouteAction_UpgradeConfig{{ UpgradeType: "websocket", }}, }, @@ -111,11 +110,11 @@ func TestRouteRoute(t *testing.T) { }, }}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ - Clusters: []*envoy_api_v2_route.WeightedCluster_ClusterWeight{{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_route_v3.WeightedCluster{ + Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: protobuf.UInt32(0), }, { @@ -154,11 +153,11 @@ func TestRouteRoute(t *testing.T) { }, }}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ - Clusters: []*envoy_api_v2_route.WeightedCluster_ClusterWeight{{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_route_v3.WeightedCluster{ + Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: protobuf.UInt32(0), }, { @@ -168,7 +167,7 @@ func TestRouteRoute(t *testing.T) { TotalWeight: protobuf.UInt32(90), }, }, - UpgradeConfigs: []*envoy_api_v2_route.RouteAction_UpgradeConfig{{ + UpgradeConfigs: []*envoy_route_v3.RouteAction_UpgradeConfig{{ UpgradeType: "websocket", }}, }, @@ -202,15 +201,15 @@ func TestRouteRoute(t *testing.T) { }, }}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ - Clusters: []*envoy_api_v2_route.WeightedCluster_ClusterWeight{{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_route_v3.WeightedCluster{ + Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: protobuf.UInt32(1), - RequestHeadersToAdd: []*envoy_api_v2_core.HeaderValueOption{{ - Header: &envoy_api_v2_core.HeaderValue{ + RequestHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ + Header: &envoy_core_v3.HeaderValue{ Key: "K-Foo", Value: "bar", }, @@ -218,7 +217,7 @@ func TestRouteRoute(t *testing.T) { Value: false, }, }, { - Header: &envoy_api_v2_core.HeaderValue{ + Header: &envoy_core_v3.HeaderValue{ Key: "K-Sauce", Value: "spicy", }, @@ -227,8 +226,8 @@ func TestRouteRoute(t *testing.T) { }, }}, RequestHeadersToRemove: []string{"K-Bar"}, - ResponseHeadersToAdd: []*envoy_api_v2_core.HeaderValueOption{{ - Header: &envoy_api_v2_core.HeaderValue{ + ResponseHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ + Header: &envoy_core_v3.HeaderValue{ Key: "K-Blah", Value: "boo", }, @@ -241,7 +240,7 @@ func TestRouteRoute(t *testing.T) { TotalWeight: protobuf.UInt32(1), }, }, - UpgradeConfigs: []*envoy_api_v2_route.RouteAction_UpgradeConfig{{ + UpgradeConfigs: []*envoy_route_v3.RouteAction_UpgradeConfig{{ UpgradeType: "websocket", }}, }, @@ -255,9 +254,9 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, }, @@ -272,12 +271,12 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - RetryPolicy: &envoy_api_v2_route.RetryPolicy{ + RetryPolicy: &envoy_route_v3.RetryPolicy{ RetryOn: "503", NumRetries: protobuf.UInt32(6), PerTryTimeout: protobuf.Duration(100 * time.Millisecond), @@ -295,12 +294,12 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - RetryPolicy: &envoy_api_v2_route.RetryPolicy{ + RetryPolicy: &envoy_route_v3.RetryPolicy{ RetryOn: "retriable-status-codes", RetriableStatusCodes: []uint32{503, 503, 504}, NumRetries: protobuf.UInt32(6), @@ -316,9 +315,9 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, Timeout: protobuf.Duration(90 * time.Second), @@ -332,9 +331,9 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, Timeout: protobuf.Duration(0), @@ -348,9 +347,9 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, IdleTimeout: protobuf.Duration(600 * time.Second), @@ -364,9 +363,9 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, IdleTimeout: protobuf.Duration(0), @@ -377,14 +376,14 @@ func TestRouteRoute(t *testing.T) { route: &dag.Route{ Clusters: []*dag.Cluster{c2}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/e4f81994fe", }, - HashPolicy: []*envoy_api_v2_route.RouteAction_HashPolicy{{ - PolicySpecifier: &envoy_api_v2_route.RouteAction_HashPolicy_Cookie_{ - Cookie: &envoy_api_v2_route.RouteAction_HashPolicy_Cookie{ + HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{{ + PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{ + Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{ Name: "X-Contour-Session-Affinity", Ttl: protobuf.Duration(0), Path: "/", @@ -398,11 +397,11 @@ func TestRouteRoute(t *testing.T) { route: &dag.Route{ Clusters: []*dag.Cluster{c2, c2}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ - Clusters: []*envoy_api_v2_route.WeightedCluster_ClusterWeight{{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_route_v3.WeightedCluster{ + Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/e4f81994fe", Weight: protobuf.UInt32(1), }, { @@ -412,9 +411,9 @@ func TestRouteRoute(t *testing.T) { TotalWeight: protobuf.UInt32(2), }, }, - HashPolicy: []*envoy_api_v2_route.RouteAction_HashPolicy{{ - PolicySpecifier: &envoy_api_v2_route.RouteAction_HashPolicy_Cookie_{ - Cookie: &envoy_api_v2_route.RouteAction_HashPolicy_Cookie{ + HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{{ + PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{ + Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{ Name: "X-Contour-Session-Affinity", Ttl: protobuf.Duration(0), Path: "/", @@ -428,11 +427,11 @@ func TestRouteRoute(t *testing.T) { route: &dag.Route{ Clusters: []*dag.Cluster{c2, c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ - Clusters: []*envoy_api_v2_route.WeightedCluster_ClusterWeight{{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_route_v3.WeightedCluster{ + Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: protobuf.UInt32(1), }, { @@ -442,9 +441,9 @@ func TestRouteRoute(t *testing.T) { TotalWeight: protobuf.UInt32(2), }, }, - HashPolicy: []*envoy_api_v2_route.RouteAction_HashPolicy{{ - PolicySpecifier: &envoy_api_v2_route.RouteAction_HashPolicy_Cookie_{ - Cookie: &envoy_api_v2_route.RouteAction_HashPolicy_Cookie{ + HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{{ + PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{ + Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{ Name: "X-Contour-Session-Affinity", Ttl: protobuf.Duration(0), Path: "/", @@ -461,12 +460,12 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - HostRewriteSpecifier: &envoy_api_v2_route.RouteAction_HostRewrite{HostRewrite: "bar.com"}, + HostRewriteSpecifier: &envoy_route_v3.RouteAction_HostRewriteHeader{HostRewriteHeader: "bar.com"}, }, }, }, @@ -496,12 +495,12 @@ func TestRouteRoute(t *testing.T) { }, }, }, - want: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + want: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - RequestMirrorPolicies: []*envoy_api_v2_route.RouteAction_RequestMirrorPolicy{{ + RequestMirrorPolicies: []*envoy_route_v3.RouteAction_RequestMirrorPolicy{{ Cluster: "default/kuard/8080/da39a3ee5e", }}, }, @@ -520,7 +519,7 @@ func TestRouteRoute(t *testing.T) { func TestWeightedClusters(t *testing.T) { tests := map[string]struct { clusters []*dag.Cluster - want *envoy_api_v2_route.WeightedCluster + want *envoy_route_v3.WeightedCluster }{ "multiple services w/o weights": { clusters: []*dag.Cluster{{ @@ -546,8 +545,8 @@ func TestWeightedClusters(t *testing.T) { }, }, }}, - want: &envoy_api_v2_route.WeightedCluster{ - Clusters: []*envoy_api_v2_route.WeightedCluster_ClusterWeight{{ + want: &envoy_route_v3.WeightedCluster{ + Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: protobuf.UInt32(1), }, { @@ -583,8 +582,8 @@ func TestWeightedClusters(t *testing.T) { }, Weight: 20, }}, - want: &envoy_api_v2_route.WeightedCluster{ - Clusters: []*envoy_api_v2_route.WeightedCluster_ClusterWeight{{ + want: &envoy_route_v3.WeightedCluster{ + Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: protobuf.UInt32(80), }, { @@ -631,8 +630,8 @@ func TestWeightedClusters(t *testing.T) { }, }, }}, - want: &envoy_api_v2_route.WeightedCluster{ - Clusters: []*envoy_api_v2_route.WeightedCluster_ClusterWeight{{ + want: &envoy_route_v3.WeightedCluster{ + Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: protobuf.UInt32(80), }, { @@ -658,16 +657,16 @@ func TestWeightedClusters(t *testing.T) { func TestRouteConfiguration(t *testing.T) { tests := map[string]struct { name string - virtualhosts []*envoy_api_v2_route.VirtualHost - want *v2.RouteConfiguration + virtualhosts []*envoy_route_v3.VirtualHost + want *envoy_route_v3.RouteConfiguration }{ "empty": { name: "ingress_http", - want: &v2.RouteConfiguration{ + want: &envoy_route_v3.RouteConfiguration{ Name: "ingress_http", - RequestHeadersToAdd: []*envoy_api_v2_core.HeaderValueOption{{ - Header: &envoy_api_v2_core.HeaderValue{ + RequestHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ + Header: &envoy_core_v3.HeaderValue{ Key: "x-request-start", Value: "t=%START_TIME(%s.%3f)%", }, @@ -680,13 +679,13 @@ func TestRouteConfiguration(t *testing.T) { virtualhosts: virtualhosts( VirtualHost("www.example.com"), ), - want: &v2.RouteConfiguration{ + want: &envoy_route_v3.RouteConfiguration{ Name: "ingress_https", VirtualHosts: virtualhosts( VirtualHost("www.example.com"), ), - RequestHeadersToAdd: []*envoy_api_v2_core.HeaderValueOption{{ - Header: &envoy_api_v2_core.HeaderValue{ + RequestHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ + Header: &envoy_core_v3.HeaderValue{ Key: "x-request-start", Value: "t=%START_TIME(%s.%3f)%", }, @@ -708,12 +707,12 @@ func TestVirtualHost(t *testing.T) { tests := map[string]struct { hostname string port int - want *envoy_api_v2_route.VirtualHost + want *envoy_route_v3.VirtualHost }{ "default hostname": { hostname: "*", port: 9999, - want: &envoy_api_v2_route.VirtualHost{ + want: &envoy_route_v3.VirtualHost{ Name: "*", Domains: []string{"*"}, }, @@ -721,7 +720,7 @@ func TestVirtualHost(t *testing.T) { "www.example.com": { hostname: "www.example.com", port: 9999, - want: &envoy_api_v2_route.VirtualHost{ + want: &envoy_route_v3.VirtualHost{ Name: "www.example.com", Domains: []string{"www.example.com", "www.example.com:*"}, }, @@ -738,20 +737,20 @@ func TestVirtualHost(t *testing.T) { func TestCORSVirtualHost(t *testing.T) { tests := map[string]struct { hostname string - cp *envoy_api_v2_route.CorsPolicy - want *envoy_api_v2_route.VirtualHost + cp *envoy_route_v3.CorsPolicy + want *envoy_route_v3.VirtualHost }{ "nil cors policy": { hostname: "www.example.com", cp: nil, - want: &envoy_api_v2_route.VirtualHost{ + want: &envoy_route_v3.VirtualHost{ Name: "www.example.com", Domains: []string{"www.example.com", "www.example.com:*"}, }, }, "cors policy": { hostname: "www.example.com", - cp: &envoy_api_v2_route.CorsPolicy{ + cp: &envoy_route_v3.CorsPolicy{ AllowOriginStringMatch: []*matcher.StringMatcher{ { MatchPattern: &matcher.StringMatcher_Exact{ @@ -761,10 +760,10 @@ func TestCORSVirtualHost(t *testing.T) { }}, AllowMethods: "GET,POST,PUT", }, - want: &envoy_api_v2_route.VirtualHost{ + want: &envoy_route_v3.VirtualHost{ Name: "www.example.com", Domains: []string{"www.example.com", "www.example.com:*"}, - Cors: &envoy_api_v2_route.CorsPolicy{ + Cors: &envoy_route_v3.CorsPolicy{ AllowOriginStringMatch: []*matcher.StringMatcher{ { MatchPattern: &matcher.StringMatcher_Exact{ @@ -788,14 +787,14 @@ func TestCORSVirtualHost(t *testing.T) { func TestCORSPolicy(t *testing.T) { tests := map[string]struct { cp *dag.CORSPolicy - want *envoy_api_v2_route.CorsPolicy + want *envoy_route_v3.CorsPolicy }{ "only required properties set": { cp: &dag.CORSPolicy{ AllowOrigin: []string{"*"}, AllowMethods: []string{"GET", "POST", "PUT"}, }, - want: &envoy_api_v2_route.CorsPolicy{ + want: &envoy_route_v3.CorsPolicy{ AllowOriginStringMatch: []*matcher.StringMatcher{ { MatchPattern: &matcher.StringMatcher_Exact{ @@ -813,7 +812,7 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, AllowCredentials: true, }, - want: &envoy_api_v2_route.CorsPolicy{ + want: &envoy_route_v3.CorsPolicy{ AllowOriginStringMatch: []*matcher.StringMatcher{ { MatchPattern: &matcher.StringMatcher_Exact{ @@ -831,7 +830,7 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, AllowHeaders: []string{"header-1", "header-2"}, }, - want: &envoy_api_v2_route.CorsPolicy{ + want: &envoy_route_v3.CorsPolicy{ AllowOriginStringMatch: []*matcher.StringMatcher{ { MatchPattern: &matcher.StringMatcher_Exact{ @@ -850,7 +849,7 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, ExposeHeaders: []string{"header-1", "header-2"}, }, - want: &envoy_api_v2_route.CorsPolicy{ + want: &envoy_route_v3.CorsPolicy{ AllowOriginStringMatch: []*matcher.StringMatcher{ { MatchPattern: &matcher.StringMatcher_Exact{ @@ -869,7 +868,7 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, MaxAge: timeout.DurationSetting(10 * time.Minute), }, - want: &envoy_api_v2_route.CorsPolicy{ + want: &envoy_route_v3.CorsPolicy{ AllowOriginStringMatch: []*matcher.StringMatcher{ { MatchPattern: &matcher.StringMatcher_Exact{ @@ -888,7 +887,7 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, MaxAge: timeout.DefaultSetting(), }, - want: &envoy_api_v2_route.CorsPolicy{ + want: &envoy_route_v3.CorsPolicy{ AllowOriginStringMatch: []*matcher.StringMatcher{ { MatchPattern: &matcher.StringMatcher_Exact{ @@ -906,7 +905,7 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, MaxAge: timeout.DisabledSetting(), }, - want: &envoy_api_v2_route.CorsPolicy{ + want: &envoy_route_v3.CorsPolicy{ AllowOriginStringMatch: []*matcher.StringMatcher{ { MatchPattern: &matcher.StringMatcher_Exact{ @@ -930,9 +929,9 @@ func TestCORSPolicy(t *testing.T) { func TestUpgradeHTTPS(t *testing.T) { got := UpgradeHTTPS() - want := &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + want := &envoy_route_v3.Route_Redirect{ + Redirect: &envoy_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -944,7 +943,7 @@ func TestUpgradeHTTPS(t *testing.T) { func TestRouteMatch(t *testing.T) { tests := map[string]struct { route *dag.Route - want *envoy_api_v2_route.RouteMatch + want *envoy_route_v3.RouteMatch }{ "contains match with dashes": { route: &dag.Route{ @@ -955,11 +954,11 @@ func TestRouteMatch(t *testing.T) { Invert: false, }}, }, - want: &envoy_api_v2_route.RouteMatch{ - Headers: []*envoy_api_v2_route.HeaderMatcher{{ + want: &envoy_route_v3.RouteMatch{ + Headers: []*envoy_route_v3.HeaderMatcher{{ Name: "x-header", InvertMatch: false, - HeaderMatchSpecifier: &envoy_api_v2_route.HeaderMatcher_SafeRegexMatch{ + HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{ SafeRegexMatch: SafeRegexMatch(".*11-22-33-44.*"), }, }}, @@ -974,11 +973,11 @@ func TestRouteMatch(t *testing.T) { Invert: false, }}, }, - want: &envoy_api_v2_route.RouteMatch{ - Headers: []*envoy_api_v2_route.HeaderMatcher{{ + want: &envoy_route_v3.RouteMatch{ + Headers: []*envoy_route_v3.HeaderMatcher{{ Name: "x-header", InvertMatch: false, - HeaderMatchSpecifier: &envoy_api_v2_route.HeaderMatcher_SafeRegexMatch{ + HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{ SafeRegexMatch: SafeRegexMatch(".*11\\.22\\.33\\.44.*"), }, }}, @@ -993,11 +992,11 @@ func TestRouteMatch(t *testing.T) { Invert: false, }}, }, - want: &envoy_api_v2_route.RouteMatch{ - Headers: []*envoy_api_v2_route.HeaderMatcher{{ + want: &envoy_route_v3.RouteMatch{ + Headers: []*envoy_route_v3.HeaderMatcher{{ Name: "x-header", InvertMatch: false, - HeaderMatchSpecifier: &envoy_api_v2_route.HeaderMatcher_SafeRegexMatch{ + HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_SafeRegexMatch{ SafeRegexMatch: SafeRegexMatch(".*11\\.\\[22\\]\\.\\*33\\.44.*"), }, }}, @@ -1009,8 +1008,8 @@ func TestRouteMatch(t *testing.T) { Prefix: "/foo", }, }, - want: &envoy_api_v2_route.RouteMatch{ - PathSpecifier: &envoy_api_v2_route.RouteMatch_Prefix{ + want: &envoy_route_v3.RouteMatch{ + PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ Prefix: "/foo", }, }, @@ -1021,8 +1020,8 @@ func TestRouteMatch(t *testing.T) { Regex: "/v.1/*", }, }, - want: &envoy_api_v2_route.RouteMatch{ - PathSpecifier: &envoy_api_v2_route.RouteMatch_SafeRegex{ + want: &envoy_route_v3.RouteMatch{ + PathSpecifier: &envoy_route_v3.RouteMatch_SafeRegex{ // note, unlike header conditions this is not a quoted regex because // the value comes directly from the Ingress.Paths.Path value which // is permitted to be a bare regex. @@ -1040,4 +1039,4 @@ func TestRouteMatch(t *testing.T) { } } -func virtualhosts(v ...*envoy_api_v2_route.VirtualHost) []*envoy_api_v2_route.VirtualHost { return v } +func virtualhosts(v ...*envoy_route_v3.VirtualHost) []*envoy_route_v3.VirtualHost { return v } diff --git a/internal/envoy/v3/secret.go b/internal/envoy/v3/secret.go index 88787b06363..5670e6fe2f8 100644 --- a/internal/envoy/v3/secret.go +++ b/internal/envoy/v3/secret.go @@ -14,25 +14,25 @@ package v3 import ( - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" ) -// Secret creates new envoy_api_v2_auth.Secret from secret. -func Secret(s *dag.Secret) *envoy_api_v2_auth.Secret { - return &envoy_api_v2_auth.Secret{ +// Secret creates new envoy_tls_v3.Secret from secret. +func Secret(s *dag.Secret) *envoy_tls_v3.Secret { + return &envoy_tls_v3.Secret{ Name: envoy.Secretname(s), - Type: &envoy_api_v2_auth.Secret_TlsCertificate{ - TlsCertificate: &envoy_api_v2_auth.TlsCertificate{ - PrivateKey: &envoy_api_v2_core.DataSource{ - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + Type: &envoy_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_tls_v3.TlsCertificate{ + PrivateKey: &envoy_core_v3.DataSource{ + Specifier: &envoy_core_v3.DataSource_InlineBytes{ InlineBytes: s.PrivateKey(), }, }, - CertificateChain: &envoy_api_v2_core.DataSource{ - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + CertificateChain: &envoy_core_v3.DataSource{ + Specifier: &envoy_core_v3.DataSource_InlineBytes{ InlineBytes: s.Cert(), }, }, diff --git a/internal/envoy/v3/secret_test.go b/internal/envoy/v3/secret_test.go index a84e8f91104..99ec7a474c4 100644 --- a/internal/envoy/v3/secret_test.go +++ b/internal/envoy/v3/secret_test.go @@ -16,11 +16,10 @@ package v3 import ( "testing" - "github.com/projectcontour/contour/internal/envoy" - - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" @@ -30,7 +29,7 @@ import ( func TestSecret(t *testing.T) { tests := map[string]struct { secret *dag.Secret - want *envoy_api_v2_auth.Secret + want *envoy_tls_v3.Secret }{ "simple secret": { secret: &dag.Secret{ @@ -45,17 +44,17 @@ func TestSecret(t *testing.T) { }, }, }, - want: &envoy_api_v2_auth.Secret{ + want: &envoy_tls_v3.Secret{ Name: "default/simple/cd1b506996", - Type: &envoy_api_v2_auth.Secret_TlsCertificate{ - TlsCertificate: &envoy_api_v2_auth.TlsCertificate{ - PrivateKey: &envoy_api_v2_core.DataSource{ - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + Type: &envoy_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_tls_v3.TlsCertificate{ + PrivateKey: &envoy_core_v3.DataSource{ + Specifier: &envoy_core_v3.DataSource_InlineBytes{ InlineBytes: []byte("key"), }, }, - CertificateChain: &envoy_api_v2_core.DataSource{ - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + CertificateChain: &envoy_core_v3.DataSource{ + Specifier: &envoy_core_v3.DataSource_InlineBytes{ InlineBytes: []byte("cert"), }, }, diff --git a/internal/envoy/v3/socket_test.go b/internal/envoy/v3/socket_test.go index 8ea974bc9e8..cbbaadb6116 100644 --- a/internal/envoy/v3/socket_test.go +++ b/internal/envoy/v3/socket_test.go @@ -16,8 +16,8 @@ package v3 import ( "testing" - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/protobuf" v1 "k8s.io/api/core/v1" @@ -26,14 +26,14 @@ import ( func TestUpstreamTLSTransportSocket(t *testing.T) { tests := map[string]struct { - ctxt *envoy_api_v2_auth.UpstreamTlsContext - want *envoy_api_v2_core.TransportSocket + ctxt *envoy_tls_v3.UpstreamTlsContext + want *envoy_core_v3.TransportSocket }{ "h2": { ctxt: UpstreamTLSContext(nil, "", nil, "h2"), - want: &envoy_api_v2_core.TransportSocket{ + want: &envoy_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_api_v2_core.TransportSocket_TypedConfig{ + ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(UpstreamTLSContext(nil, "", nil, "h2")), }, }, @@ -62,15 +62,15 @@ func TestDownstreamTLSTransportSocket(t *testing.T) { }, } tests := map[string]struct { - ctxt *envoy_api_v2_auth.DownstreamTlsContext - want *envoy_api_v2_core.TransportSocket + ctxt *envoy_tls_v3.DownstreamTlsContext + want *envoy_core_v3.TransportSocket }{ "default/tls": { - ctxt: DownstreamTLSContext(serverSecret, envoy_api_v2_auth.TlsParameters_TLSv1_1, nil, "client-subject-name", "h2", "http/1.1"), - want: &envoy_api_v2_core.TransportSocket{ + ctxt: DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_1, nil, "client-subject-name", "h2", "http/1.1"), + want: &envoy_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_api_v2_core.TransportSocket_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(DownstreamTLSContext(serverSecret, envoy_api_v2_auth.TlsParameters_TLSv1_1, nil, "client-subject-name", "h2", "http/1.1")), + ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_1, nil, "client-subject-name", "h2", "http/1.1")), }, }, }, diff --git a/internal/envoy/v3/stats.go b/internal/envoy/v3/stats.go index 58c549cc735..22c89cb3ea7 100644 --- a/internal/envoy/v3/stats.go +++ b/internal/envoy/v3/stats.go @@ -14,53 +14,52 @@ package v3 import ( - v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" - envoy_api_v2_route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" - http "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/projectcontour/contour/internal/protobuf" ) -// StatsListener returns a *v2.Listener configured to serve prometheus +// StatsListener returns a *envoy_listener_v3.Listener configured to serve prometheus // metrics on /stats. -func StatsListener(address string, port int) *v2.Listener { - return &v2.Listener{ +func StatsListener(address string, port int) *envoy_listener_v3.Listener { + return &envoy_listener_v3.Listener{ Name: "stats-health", Address: SocketAddress(address, port), FilterChains: FilterChains( - &envoy_api_v2_listener.Filter{ + &envoy_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ StatPrefix: "stats", RouteSpecifier: &http.HttpConnectionManager_RouteConfig{ - RouteConfig: &v2.RouteConfiguration{ - VirtualHosts: []*envoy_api_v2_route.VirtualHost{{ + RouteConfig: &envoy_route_v3.RouteConfiguration{ + VirtualHosts: []*envoy_route_v3.VirtualHost{{ Name: "backend", Domains: []string{"*"}, - Routes: []*envoy_api_v2_route.Route{{ - Match: &envoy_api_v2_route.RouteMatch{ - PathSpecifier: &envoy_api_v2_route.RouteMatch_Prefix{ + Routes: []*envoy_route_v3.Route{{ + Match: &envoy_route_v3.RouteMatch{ + PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ Prefix: "/ready", }, }, - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + Action: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "service-stats", }, }, }, }, { - Match: &envoy_api_v2_route.RouteMatch{ - PathSpecifier: &envoy_api_v2_route.RouteMatch_Prefix{ + Match: &envoy_route_v3.RouteMatch{ + PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ Prefix: "/stats", }, }, - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + Action: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "service-stats", }, }, diff --git a/internal/envoy/v3/stats_test.go b/internal/envoy/v3/stats_test.go index 32ba2dc0497..1ec35d8a355 100644 --- a/internal/envoy/v3/stats_test.go +++ b/internal/envoy/v3/stats_test.go @@ -16,10 +16,9 @@ package v3 import ( "testing" - v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" - envoy_api_v2_route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" - http "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/projectcontour/contour/internal/protobuf" ) @@ -28,47 +27,47 @@ func TestStatsListener(t *testing.T) { tests := map[string]struct { address string port int - want *v2.Listener + want *envoy_listener_v3.Listener }{ "stats-health": { address: "127.0.0.127", port: 8123, - want: &v2.Listener{ + want: &envoy_listener_v3.Listener{ Name: "stats-health", Address: SocketAddress("127.0.0.127", 8123), FilterChains: FilterChains( - &envoy_api_v2_listener.Filter{ + &envoy_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_api_v2_listener.Filter_TypedConfig{ + ConfigType: &envoy_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ StatPrefix: "stats", RouteSpecifier: &http.HttpConnectionManager_RouteConfig{ - RouteConfig: &v2.RouteConfiguration{ - VirtualHosts: []*envoy_api_v2_route.VirtualHost{{ + RouteConfig: &envoy_route_v3.RouteConfiguration{ + VirtualHosts: []*envoy_route_v3.VirtualHost{{ Name: "backend", Domains: []string{"*"}, - Routes: []*envoy_api_v2_route.Route{{ - Match: &envoy_api_v2_route.RouteMatch{ - PathSpecifier: &envoy_api_v2_route.RouteMatch_Prefix{ + Routes: []*envoy_route_v3.Route{{ + Match: &envoy_route_v3.RouteMatch{ + PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ Prefix: "/ready", }, }, - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + Action: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "service-stats", }, }, }, }, { - Match: &envoy_api_v2_route.RouteMatch{ - PathSpecifier: &envoy_api_v2_route.RouteMatch_Prefix{ + Match: &envoy_route_v3.RouteMatch{ + PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ Prefix: "/stats", }, }, - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + Action: &envoy_route_v3.Route_Route{ + Route: &envoy_route_v3.RouteAction{ + ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ Cluster: "service-stats", }, }, diff --git a/internal/envoy/v3/tcp_keepalive.go b/internal/envoy/v3/tcp_keepalive.go index 1f0338db005..d4e6a892d6b 100644 --- a/internal/envoy/v3/tcp_keepalive.go +++ b/internal/envoy/v3/tcp_keepalive.go @@ -13,23 +13,23 @@ package v3 import ( - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" "github.com/projectcontour/contour/internal/envoy" ) -func TCPKeepaliveSocketOptions() []*envoy_api_v2_core.SocketOption { +func TCPKeepaliveSocketOptions() []*envoy_core_v3.SocketOption { // Note: TCP_KEEPIDLE + (TCP_KEEPINTVL * TCP_KEEPCNT) must be greater than // the grpc.KeepaliveParams time + timeout (currently 60 + 20 = 80 seconds) // otherwise TestGRPC/StreamClusters fails. - return []*envoy_api_v2_core.SocketOption{ + return []*envoy_core_v3.SocketOption{ // Enable TCP keep-alive. { Description: "Enable TCP keep-alive", Level: envoy.SOL_SOCKET, Name: envoy.SO_KEEPALIVE, - Value: &envoy_api_v2_core.SocketOption_IntValue{IntValue: 1}, - State: envoy_api_v2_core.SocketOption_STATE_LISTENING, + Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 1}, + State: envoy_core_v3.SocketOption_STATE_LISTENING, }, // The time (in seconds) the connection needs to remain idle // before TCP starts sending keepalive probes. @@ -37,16 +37,16 @@ func TCPKeepaliveSocketOptions() []*envoy_api_v2_core.SocketOption { Description: "TCP keep-alive initial idle time", Level: envoy.IPPROTO_TCP, Name: envoy.TCP_KEEPIDLE, - Value: &envoy_api_v2_core.SocketOption_IntValue{IntValue: 45}, - State: envoy_api_v2_core.SocketOption_STATE_LISTENING, + Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 45}, + State: envoy_core_v3.SocketOption_STATE_LISTENING, }, // The time (in seconds) between individual keepalive probes. { Description: "TCP keep-alive time between probes", Level: envoy.IPPROTO_TCP, Name: envoy.TCP_KEEPINTVL, - Value: &envoy_api_v2_core.SocketOption_IntValue{IntValue: 5}, - State: envoy_api_v2_core.SocketOption_STATE_LISTENING, + Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 5}, + State: envoy_core_v3.SocketOption_STATE_LISTENING, }, // The maximum number of TCP keep-alive probes to send before // giving up and killing the connection if no response is @@ -55,8 +55,8 @@ func TCPKeepaliveSocketOptions() []*envoy_api_v2_core.SocketOption { Description: "TCP keep-alive probe count", Level: envoy.IPPROTO_TCP, Name: envoy.TCP_KEEPCNT, - Value: &envoy_api_v2_core.SocketOption_IntValue{IntValue: 9}, - State: envoy_api_v2_core.SocketOption_STATE_LISTENING, + Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 9}, + State: envoy_core_v3.SocketOption_STATE_LISTENING, }, } } diff --git a/internal/sorter/sorter.go b/internal/sorter/sorter.go index 203770ce26a..284005be8c2 100644 --- a/internal/sorter/sorter.go +++ b/internal/sorter/sorter.go @@ -21,19 +21,25 @@ import ( envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" envoy_api_v2_listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" envoy_api_v2_route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" - tcp "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/tcp_proxy/v2" + envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + tcp_v2 "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/tcp_proxy/v2" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + tcp "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/golang/protobuf/proto" ) // Sorts the given route configuration values by name. -type routeConfigurationSorter []*v2.RouteConfiguration +type routeConfigurationSorter []*envoy_route_v3.RouteConfiguration func (s routeConfigurationSorter) Len() int { return len(s) } func (s routeConfigurationSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } func (s routeConfigurationSorter) Less(i, j int) bool { return s[i].Name < s[j].Name } // Sorts the given host values by name. -type virtualHostSorter []*envoy_api_v2_route.VirtualHost +type virtualHostSorter []*envoy_route_v3.VirtualHost func (s virtualHostSorter) Len() int { return len(s) } func (s virtualHostSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } @@ -41,7 +47,7 @@ func (s virtualHostSorter) Less(i, j int) bool { return s[i].Name < s[j].Name } // Sorts HeaderMatcher objects, first by the header name, // then by their matcher conditions (textually). -type headerMatcherSorter []*envoy_api_v2_route.HeaderMatcher +type headerMatcherSorter []*envoy_route_v3.HeaderMatcher func (s headerMatcherSorter) Len() int { return len(s) } func (s headerMatcherSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } @@ -61,9 +67,9 @@ func (s headerMatcherSorter) Less(i, j int) bool { // longestRouteByHeaders compares the HeaderMatcher slices for lhs and rhs and // returns true if lhs is longer. -func longestRouteByHeaders(lhs, rhs *envoy_api_v2_route.Route) bool { +func longestRouteByHeaders(lhs, rhs *envoy_route_v3.Route) bool { if len(lhs.Match.Headers) == len(rhs.Match.Headers) { - pair := make([]*envoy_api_v2_route.HeaderMatcher, 2) + pair := make([]*envoy_route_v3.HeaderMatcher, 2) for i := 0; i < len(lhs.Match.Headers); i++ { pair[0] = lhs.Match.Headers[i] @@ -82,15 +88,15 @@ func longestRouteByHeaders(lhs, rhs *envoy_api_v2_route.Route) bool { // longest prefix (or regex), then by the length of the HeaderMatch // slice (if any). The HeaderMatch slice is also ordered by the matching // header name. -type routeSorter []*envoy_api_v2_route.Route +type routeSorter []*envoy_route_v3.Route func (s routeSorter) Len() int { return len(s) } func (s routeSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } func (s routeSorter) Less(i, j int) bool { switch a := s[i].Match.PathSpecifier.(type) { - case *envoy_api_v2_route.RouteMatch_Prefix: + case *envoy_route_v3.RouteMatch_Prefix: switch b := s[j].Match.PathSpecifier.(type) { - case *envoy_api_v2_route.RouteMatch_Prefix: + case *envoy_route_v3.RouteMatch_Prefix: cmp := strings.Compare(a.Prefix, b.Prefix) switch cmp { case 1: @@ -102,9 +108,9 @@ func (s routeSorter) Less(i, j int) bool { return longestRouteByHeaders(s[i], s[j]) } } - case *envoy_api_v2_route.RouteMatch_SafeRegex: + case *envoy_route_v3.RouteMatch_SafeRegex: switch b := s[j].Match.PathSpecifier.(type) { - case *envoy_api_v2_route.RouteMatch_SafeRegex: + case *envoy_route_v3.RouteMatch_SafeRegex: cmp := strings.Compare(a.SafeRegex.Regex, b.SafeRegex.Regex) switch cmp { case 1: @@ -115,7 +121,7 @@ func (s routeSorter) Less(i, j int) bool { default: return longestRouteByHeaders(s[i], s[j]) } - case *envoy_api_v2_route.RouteMatch_Prefix: + case *envoy_route_v3.RouteMatch_Prefix: return true } } @@ -124,21 +130,21 @@ func (s routeSorter) Less(i, j int) bool { } // Sorts clusters by name. -type clusterSorter []*v2.Cluster +type clusterSorter []*envoy_cluster_v3.Cluster func (s clusterSorter) Len() int { return len(s) } func (s clusterSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } func (s clusterSorter) Less(i, j int) bool { return s[i].Name < s[j].Name } // Sorts cluster load assignments by name. -type clusterLoadAssignmentSorter []*v2.ClusterLoadAssignment +type clusterLoadAssignmentSorter []*envoy_endpoint_v3.ClusterLoadAssignment func (s clusterLoadAssignmentSorter) Len() int { return len(s) } func (s clusterLoadAssignmentSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } func (s clusterLoadAssignmentSorter) Less(i, j int) bool { return s[i].ClusterName < s[j].ClusterName } // Sorts the weighted clusters by name, then by weight. -type httpWeightedClusterSorter []*envoy_api_v2_route.WeightedCluster_ClusterWeight +type httpWeightedClusterSorter []*envoy_route_v3.WeightedCluster_ClusterWeight func (s httpWeightedClusterSorter) Len() int { return len(s) } func (s httpWeightedClusterSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } @@ -164,14 +170,14 @@ func (s tcpWeightedClusterSorter) Less(i, j int) bool { } // Listeners sorts the listeners by name. -type listenerSorter []*v2.Listener +type listenerSorter []*envoy_listener_v3.Listener func (s listenerSorter) Len() int { return len(s) } func (s listenerSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } func (s listenerSorter) Less(i, j int) bool { return s[i].Name < s[j].Name } // FilterChains sorts the filter chains by the first server name in the chain match. -type filterChainSorter []*envoy_api_v2_listener.FilterChain +type filterChainSorter []*envoy_listener_v3.FilterChain func (s filterChainSorter) Len() int { return len(s) } func (s filterChainSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } @@ -194,38 +200,237 @@ func (s filterChainSorter) Less(i, j int) bool { } // Sorts the secret values by name. -type secretSorter []*envoy_api_v2_auth.Secret +type secretSorter []*envoy_tls_v3.Secret func (s secretSorter) Len() int { return len(s) } func (s secretSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } func (s secretSorter) Less(i, j int) bool { return s[i].Name < s[j].Name } +// Sorts the given route configuration values by name. +type routeConfigurationSorterv2 []*v2.RouteConfiguration + +func (s routeConfigurationSorterv2) Len() int { return len(s) } +func (s routeConfigurationSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s routeConfigurationSorterv2) Less(i, j int) bool { return s[i].Name < s[j].Name } + +// Sorts the given host values by name. +type virtualHostSorterv2 []*envoy_api_v2_route.VirtualHost + +func (s virtualHostSorterv2) Len() int { return len(s) } +func (s virtualHostSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s virtualHostSorterv2) Less(i, j int) bool { return s[i].Name < s[j].Name } + +// Sorts HeaderMatcher objects, first by the header name, +// then by their matcher conditions (textually). +type headerMatcherSorterv2 []*envoy_api_v2_route.HeaderMatcher + +func (s headerMatcherSorterv2) Len() int { return len(s) } +func (s headerMatcherSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s headerMatcherSorterv2) Less(i, j int) bool { + val := strings.Compare(s[i].Name, s[j].Name) + switch val { + case -1: + return true + case 1: + return false + case 0: + return proto.CompactTextString(s[i]) < proto.CompactTextString(s[j]) + } + + panic("bad comparison") +} + +// longestRouteByHeaders compares the HeaderMatcher slices for lhs and rhs and +// returns true if lhs is longer. +func longestRouteByHeadersv2(lhs, rhs *envoy_api_v2_route.Route) bool { + if len(lhs.Match.Headers) == len(rhs.Match.Headers) { + pair := make([]*envoy_api_v2_route.HeaderMatcher, 2) + + for i := 0; i < len(lhs.Match.Headers); i++ { + pair[0] = lhs.Match.Headers[i] + pair[1] = rhs.Match.Headers[i] + + if headerMatcherSorterv2(pair).Less(0, 1) { + return true + } + } + } + + return len(lhs.Match.Headers) > len(rhs.Match.Headers) +} + +// Sorts the given Route slice in place. Routes are ordered first by +// longest prefix (or regex), then by the length of the HeaderMatch +// slice (if any). The HeaderMatch slice is also ordered by the matching +// header name. +type routeSorterv2 []*envoy_api_v2_route.Route + +func (s routeSorterv2) Len() int { return len(s) } +func (s routeSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s routeSorterv2) Less(i, j int) bool { + switch a := s[i].Match.PathSpecifier.(type) { + case *envoy_api_v2_route.RouteMatch_Prefix: + switch b := s[j].Match.PathSpecifier.(type) { + case *envoy_api_v2_route.RouteMatch_Prefix: + cmp := strings.Compare(a.Prefix, b.Prefix) + switch cmp { + case 1: + // Sort longest prefix first. + return true + case -1: + return false + default: + return longestRouteByHeadersv2(s[i], s[j]) + } + } + case *envoy_api_v2_route.RouteMatch_SafeRegex: + switch b := s[j].Match.PathSpecifier.(type) { + case *envoy_api_v2_route.RouteMatch_SafeRegex: + cmp := strings.Compare(a.SafeRegex.Regex, b.SafeRegex.Regex) + switch cmp { + case 1: + // Sort longest regex first. + return true + case -1: + return false + default: + return longestRouteByHeadersv2(s[i], s[j]) + } + case *envoy_api_v2_route.RouteMatch_Prefix: + return true + } + } + + return false +} + +// Sorts clusters by name. +type clusterSorterv2 []*v2.Cluster + +func (s clusterSorterv2) Len() int { return len(s) } +func (s clusterSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s clusterSorterv2) Less(i, j int) bool { return s[i].Name < s[j].Name } + +// Sorts cluster load assignments by name. +type clusterLoadAssignmentSorterv2 []*v2.ClusterLoadAssignment + +func (s clusterLoadAssignmentSorterv2) Len() int { return len(s) } +func (s clusterLoadAssignmentSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s clusterLoadAssignmentSorterv2) Less(i, j int) bool { + return s[i].ClusterName < s[j].ClusterName +} + +// Sorts the weighted clusters by name, then by weight. +type httpWeightedClusterSorterv2 []*envoy_api_v2_route.WeightedCluster_ClusterWeight + +func (s httpWeightedClusterSorterv2) Len() int { return len(s) } +func (s httpWeightedClusterSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s httpWeightedClusterSorterv2) Less(i, j int) bool { + if s[i].Name == s[j].Name { + return s[i].Weight.Value < s[j].Weight.Value + } + + return s[i].Name < s[j].Name +} + +// Sorts the weighted clusters by name, then by weight. +type tcpWeightedClusterSorterv2 []*tcp_v2.TcpProxy_WeightedCluster_ClusterWeight + +func (s tcpWeightedClusterSorterv2) Len() int { return len(s) } +func (s tcpWeightedClusterSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s tcpWeightedClusterSorterv2) Less(i, j int) bool { + if s[i].Name == s[j].Name { + return s[i].Weight < s[j].Weight + } + + return s[i].Name < s[j].Name +} + +// Listeners sorts the listeners by name. +type listenerSorterv2 []*v2.Listener + +func (s listenerSorterv2) Len() int { return len(s) } +func (s listenerSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s listenerSorterv2) Less(i, j int) bool { return s[i].Name < s[j].Name } + +// FilterChains sorts the filter chains by the first server name in the chain match. +type filterChainSorterv2 []*envoy_api_v2_listener.FilterChain + +func (s filterChainSorterv2) Len() int { return len(s) } +func (s filterChainSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s filterChainSorterv2) Less(i, j int) bool { + + // If i's ServerNames aren't defined, then it should not swap + if len(s[i].FilterChainMatch.ServerNames) == 0 { + return false + } + + // If j's ServerNames aren't defined, then it should not swap + if len(s[j].FilterChainMatch.ServerNames) == 0 { + return true + } + + // The ServerNames field will only ever have a single entry + // in our FilterChain config, so it's okay to only sort + // on the first slice entry. + return s[i].FilterChainMatch.ServerNames[0] < s[j].FilterChainMatch.ServerNames[0] +} + +// Sorts the secret values by name. +type secretSorterv2 []*envoy_api_v2_auth.Secret + +func (s secretSorterv2) Len() int { return len(s) } +func (s secretSorterv2) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s secretSorterv2) Less(i, j int) bool { return s[i].Name < s[j].Name } + // For returns a sort.Interface object that can be used to sort the // given value. It returns nil if there is no sorter for the type of // value. func For(v interface{}) sort.Interface { switch v := v.(type) { case []*envoy_api_v2_auth.Secret: - return secretSorter(v) + return secretSorterv2(v) case []*v2.RouteConfiguration: - return routeConfigurationSorter(v) + return routeConfigurationSorterv2(v) case []*envoy_api_v2_route.VirtualHost: - return virtualHostSorter(v) + return virtualHostSorterv2(v) case []*envoy_api_v2_route.Route: - return routeSorter(v) + return routeSorterv2(v) case []*envoy_api_v2_route.HeaderMatcher: - return headerMatcherSorter(v) + return headerMatcherSorterv2(v) case []*v2.Cluster: - return clusterSorter(v) + return clusterSorterv2(v) case []*v2.ClusterLoadAssignment: - return clusterLoadAssignmentSorter(v) + return clusterLoadAssignmentSorterv2(v) case []*envoy_api_v2_route.WeightedCluster_ClusterWeight: + return httpWeightedClusterSorterv2(v) + case []*tcp_v2.TcpProxy_WeightedCluster_ClusterWeight: + return tcpWeightedClusterSorterv2(v) + case []*v2.Listener: + return listenerSorterv2(v) + case []*envoy_api_v2_listener.FilterChain: + return filterChainSorterv2(v) + case []*envoy_tls_v3.Secret: + return secretSorter(v) + case []*envoy_route_v3.RouteConfiguration: + return routeConfigurationSorter(v) + case []*envoy_route_v3.VirtualHost: + return virtualHostSorter(v) + case []*envoy_route_v3.Route: + return routeSorter(v) + case []*envoy_route_v3.HeaderMatcher: + return headerMatcherSorter(v) + case []*envoy_cluster_v3.Cluster: + return clusterSorter(v) + case []*envoy_endpoint_v3.ClusterLoadAssignment: + return clusterLoadAssignmentSorter(v) + case []*envoy_route_v3.WeightedCluster_ClusterWeight: return httpWeightedClusterSorter(v) case []*tcp.TcpProxy_WeightedCluster_ClusterWeight: return tcpWeightedClusterSorter(v) - case []*v2.Listener: + case []*envoy_listener_v3.Listener: return listenerSorter(v) - case []*envoy_api_v2_listener.FilterChain: + case []*envoy_listener_v3.FilterChain: return filterChainSorter(v) default: return nil diff --git a/internal/sorter/sorter_test.go b/internal/sorter/sorter_test.go index 17e5363f8d5..77083021cc3 100644 --- a/internal/sorter/sorter_test.go +++ b/internal/sorter/sorter_test.go @@ -18,18 +18,19 @@ import ( "sort" "testing" - v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" - envoy_api_v2_route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" - tcp "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/tcp_proxy/v2" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" + envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + tcp "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" "github.com/projectcontour/contour/internal/protobuf" "github.com/stretchr/testify/assert" ) -func shuffleRoutes(routes []*envoy_api_v2_route.Route) []*envoy_api_v2_route.Route { - shuffled := make([]*envoy_api_v2_route.Route, len(routes)) +func shuffleRoutes(routes []*envoy_route_v3.Route) []*envoy_route_v3.Route { + shuffled := make([]*envoy_route_v3.Route, len(routes)) copy(shuffled, routes) @@ -45,7 +46,7 @@ func TestInvalidSorter(t *testing.T) { } func TestSortRouteConfiguration(t *testing.T) { - want := []*v2.RouteConfiguration{ + want := []*envoy_route_v3.RouteConfiguration{ {Name: "bar"}, {Name: "baz"}, {Name: "foo"}, @@ -53,7 +54,7 @@ func TestSortRouteConfiguration(t *testing.T) { {Name: "same", InternalOnlyHeaders: []string{"a", "b"}}, } - have := []*v2.RouteConfiguration{ + have := []*envoy_route_v3.RouteConfiguration{ want[3], // Ensure the "same" element stays stable. want[4], want[2], @@ -66,7 +67,7 @@ func TestSortRouteConfiguration(t *testing.T) { } func TestSortVirtualHosts(t *testing.T) { - want := []*envoy_api_v2_route.VirtualHost{ + want := []*envoy_route_v3.VirtualHost{ {Name: "bar"}, {Name: "baz"}, {Name: "foo"}, @@ -74,7 +75,7 @@ func TestSortVirtualHosts(t *testing.T) { {Name: "same", Domains: []string{"a", "b"}}, } - have := []*envoy_api_v2_route.VirtualHost{ + have := []*envoy_route_v3.VirtualHost{ want[3], // Ensure the "same" element stays stable. want[4], want[2], @@ -86,58 +87,58 @@ func TestSortVirtualHosts(t *testing.T) { assert.Equal(t, have, want) } -func matchPrefix(str string) *envoy_api_v2_route.RouteMatch_Prefix { - return &envoy_api_v2_route.RouteMatch_Prefix{ +func matchPrefix(str string) *envoy_route_v3.RouteMatch_Prefix { + return &envoy_route_v3.RouteMatch_Prefix{ Prefix: str, } } -func matchRegex(str string) *envoy_api_v2_route.RouteMatch_SafeRegex { - return &envoy_api_v2_route.RouteMatch_SafeRegex{ +func matchRegex(str string) *envoy_route_v3.RouteMatch_SafeRegex { + return &envoy_route_v3.RouteMatch_SafeRegex{ SafeRegex: &matcher.RegexMatcher{ Regex: str, }, } } -func exactHeader(name string, value string) *envoy_api_v2_route.HeaderMatcher { - return &envoy_api_v2_route.HeaderMatcher{ +func exactHeader(name string, value string) *envoy_route_v3.HeaderMatcher { + return &envoy_route_v3.HeaderMatcher{ Name: name, - HeaderMatchSpecifier: &envoy_api_v2_route.HeaderMatcher_ExactMatch{ + HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_ExactMatch{ ExactMatch: value, }, } } -func presentHeader(name string) *envoy_api_v2_route.HeaderMatcher { - return &envoy_api_v2_route.HeaderMatcher{ +func presentHeader(name string) *envoy_route_v3.HeaderMatcher { + return &envoy_route_v3.HeaderMatcher{ Name: name, - HeaderMatchSpecifier: &envoy_api_v2_route.HeaderMatcher_PresentMatch{ + HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_PresentMatch{ PresentMatch: true, }, } } func TestSortRoutesLongestPath(t *testing.T) { - want := []*envoy_api_v2_route.Route{ + want := []*envoy_route_v3.Route{ { - Match: &envoy_api_v2_route.RouteMatch{ + Match: &envoy_route_v3.RouteMatch{ PathSpecifier: matchRegex("/this/is/the/longest"), }}, // Note that regex matches sort before prefix matches. { - Match: &envoy_api_v2_route.RouteMatch{ + Match: &envoy_route_v3.RouteMatch{ PathSpecifier: matchRegex("."), }}, { - Match: &envoy_api_v2_route.RouteMatch{ + Match: &envoy_route_v3.RouteMatch{ PathSpecifier: matchPrefix("/path/prefix2"), }}, { - Match: &envoy_api_v2_route.RouteMatch{ + Match: &envoy_route_v3.RouteMatch{ PathSpecifier: matchPrefix("/path/prefix"), }}, } @@ -149,33 +150,33 @@ func TestSortRoutesLongestPath(t *testing.T) { } func TestSortRoutesLongestHeaders(t *testing.T) { - want := []*envoy_api_v2_route.Route{ + want := []*envoy_route_v3.Route{ { // Although the header names are the same, this value // should sort before the next one because it is // textually longer. - Match: &envoy_api_v2_route.RouteMatch{ + Match: &envoy_route_v3.RouteMatch{ PathSpecifier: matchPrefix("/path"), - Headers: []*envoy_api_v2_route.HeaderMatcher{ + Headers: []*envoy_route_v3.HeaderMatcher{ exactHeader("header-name", "header-value"), }, }, }, { - Match: &envoy_api_v2_route.RouteMatch{ + Match: &envoy_route_v3.RouteMatch{ PathSpecifier: matchPrefix("/path"), - Headers: []*envoy_api_v2_route.HeaderMatcher{ + Headers: []*envoy_route_v3.HeaderMatcher{ presentHeader("header-name"), }, }, }, { - Match: &envoy_api_v2_route.RouteMatch{ + Match: &envoy_route_v3.RouteMatch{ PathSpecifier: matchPrefix("/path"), - Headers: []*envoy_api_v2_route.HeaderMatcher{ + Headers: []*envoy_route_v3.HeaderMatcher{ exactHeader("long-header-name", "long-header-value"), }, }, }, { - Match: &envoy_api_v2_route.RouteMatch{ + Match: &envoy_route_v3.RouteMatch{ PathSpecifier: matchPrefix("/path"), }, }, @@ -188,12 +189,12 @@ func TestSortRoutesLongestHeaders(t *testing.T) { } func TestSortSecrets(t *testing.T) { - want := []*envoy_api_v2_auth.Secret{ + want := []*envoy_tls_v3.Secret{ {Name: "first"}, {Name: "second"}, } - have := []*envoy_api_v2_auth.Secret{ + have := []*envoy_tls_v3.Secret{ want[1], want[0], } @@ -203,7 +204,7 @@ func TestSortSecrets(t *testing.T) { } func TestSortHeaderMatchers(t *testing.T) { - want := []*envoy_api_v2_route.HeaderMatcher{ + want := []*envoy_route_v3.HeaderMatcher{ // Note that if the header names are the same, we // order by the protobuf string, in which case "exact" // is less than "present". @@ -212,7 +213,7 @@ func TestSortHeaderMatchers(t *testing.T) { exactHeader("long-header-name", "long-header-value"), } - have := []*envoy_api_v2_route.HeaderMatcher{ + have := []*envoy_route_v3.HeaderMatcher{ want[2], want[1], want[0], @@ -223,12 +224,12 @@ func TestSortHeaderMatchers(t *testing.T) { } func TestSortClusters(t *testing.T) { - want := []*v2.Cluster{ + want := []*envoy_cluster_v3.Cluster{ {Name: "first"}, {Name: "second"}, } - have := []*v2.Cluster{ + have := []*envoy_cluster_v3.Cluster{ want[1], want[0], } @@ -238,12 +239,12 @@ func TestSortClusters(t *testing.T) { } func TestSortClusterLoadAssignments(t *testing.T) { - want := []*v2.ClusterLoadAssignment{ + want := []*envoy_endpoint_v3.ClusterLoadAssignment{ {ClusterName: "first"}, {ClusterName: "second"}, } - have := []*v2.ClusterLoadAssignment{ + have := []*envoy_endpoint_v3.ClusterLoadAssignment{ want[1], want[0], } @@ -253,7 +254,7 @@ func TestSortClusterLoadAssignments(t *testing.T) { } func TestSortHTTPWeightedClusters(t *testing.T) { - want := []*envoy_api_v2_route.WeightedCluster_ClusterWeight{ + want := []*envoy_route_v3.WeightedCluster_ClusterWeight{ { Name: "first", Weight: protobuf.UInt32(10), @@ -268,7 +269,7 @@ func TestSortHTTPWeightedClusters(t *testing.T) { }, } - have := []*envoy_api_v2_route.WeightedCluster_ClusterWeight{ + have := []*envoy_route_v3.WeightedCluster_ClusterWeight{ want[2], want[1], want[0], @@ -305,12 +306,12 @@ func TestSortTCPWeightedClusters(t *testing.T) { } func TestSortListeners(t *testing.T) { - want := []*v2.Listener{ + want := []*envoy_listener_v3.Listener{ {Name: "first"}, {Name: "second"}, } - have := []*v2.Listener{ + have := []*envoy_listener_v3.Listener{ want[1], want[0], } @@ -320,13 +321,13 @@ func TestSortListeners(t *testing.T) { } func TestSortFilterChains(t *testing.T) { - names := func(n ...string) *envoy_api_v2_listener.FilterChainMatch { - return &envoy_api_v2_listener.FilterChainMatch{ + names := func(n ...string) *envoy_listener_v3.FilterChainMatch { + return &envoy_listener_v3.FilterChainMatch{ ServerNames: n, } } - want := []*envoy_api_v2_listener.FilterChain{ + want := []*envoy_listener_v3.FilterChain{ { FilterChainMatch: names("first"), }, @@ -342,11 +343,11 @@ func TestSortFilterChains(t *testing.T) { FilterChainMatch: names("second", "aaaaa"), }, { - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{}, + FilterChainMatch: &envoy_listener_v3.FilterChainMatch{}, }, } - have := []*envoy_api_v2_listener.FilterChain{ + have := []*envoy_listener_v3.FilterChain{ want[1], // zzzzz want[3], // blank want[2], // aaaaa