internal: Migrate all v2 xDS resource versions to v3 for package inte…

…rnal/envoy/v3 Signed-off-by: Steve Sloka <slokas@vmware.com>
projectcontour · Nov 12, 2020 · 723245a · 723245a
1 parent 34ea6d2
commit 723245a
Show file tree

Hide file tree

Showing 24 changed files with 1,011 additions and 801 deletions.
diff --git a/internal/envoy/v3/accesslog.go b/internal/envoy/v3/accesslog.go
@@ -14,8 +14,8 @@
 package v3
 
 import (
-	accesslogv2 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v2"
-	accesslog "github.com/envoyproxy/go-control-plane/envoy/config/filter/accesslog/v2"
+	envoy_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3"
+	envoy_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3"
 	"github.com/envoyproxy/go-control-plane/pkg/wellknown"
 	_struct "github.com/golang/protobuf/ptypes/struct"
 	"github.com/projectcontour/contour/internal/protobuf"
@@ -24,11 +24,11 @@ import (
 
 // FileAccessLogEnvoy returns a new file based access log filter
 // that will output Envoy's default access logs.
-func FileAccessLogEnvoy(path string) []*accesslog.AccessLog {
-	return []*accesslog.AccessLog{{
+func FileAccessLogEnvoy(path string) []*envoy_accesslog_v3.AccessLog {
+	return []*envoy_accesslog_v3.AccessLog{{
 		Name: wellknown.FileAccessLog,
-		ConfigType: &accesslog.AccessLog_TypedConfig{
-			TypedConfig: protobuf.MustMarshalAny(&accesslogv2.FileAccessLog{
+		ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{
+			TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{
 				Path: path,
 				// AccessLogFormat left blank to defer to Envoy's default log format.
 			}),
@@ -38,7 +38,7 @@ func FileAccessLogEnvoy(path string) []*accesslog.AccessLog {
 
 // FileAccessLogJSON returns a new file based access log filter
 // that will log in JSON format
-func FileAccessLogJSON(path string, fields config.AccessLogFields) []*accesslog.AccessLog {
+func FileAccessLogJSON(path string, fields config.AccessLogFields) []*envoy_accesslog_v3.AccessLog {
 
 	jsonformat := &_struct.Struct{
 		Fields: make(map[string]*_struct.Value),
@@ -48,12 +48,12 @@ func FileAccessLogJSON(path string, fields config.AccessLogFields) []*accesslog.
 		jsonformat.Fields[k] = sv(v)
 	}
 
-	return []*accesslog.AccessLog{{
+	return []*envoy_accesslog_v3.AccessLog{{
 		Name: wellknown.FileAccessLog,
-		ConfigType: &accesslog.AccessLog_TypedConfig{
-			TypedConfig: protobuf.MustMarshalAny(&accesslogv2.FileAccessLog{
+		ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{
+			TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{
 				Path: path,
-				AccessLogFormat: &accesslogv2.FileAccessLog_JsonFormat{
+				AccessLogFormat: &envoy_file_v3.FileAccessLog_JsonFormat{
 					JsonFormat: jsonformat,
 				},
 			}),

diff --git a/internal/envoy/v3/accesslog_test.go b/internal/envoy/v3/accesslog_test.go
@@ -16,8 +16,8 @@ package v3
 import (
 	"testing"
 
-	accesslog_v2 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v2"
-	envoy_accesslog "github.com/envoyproxy/go-control-plane/envoy/config/filter/accesslog/v2"
+	envoy_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3"
+	envoy_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3"
 	"github.com/envoyproxy/go-control-plane/pkg/wellknown"
 	_struct "github.com/golang/protobuf/ptypes/struct"
 	"github.com/projectcontour/contour/internal/protobuf"
@@ -27,14 +27,14 @@ import (
 func TestFileAccessLog(t *testing.T) {
 	tests := map[string]struct {
 		path string
-		want []*envoy_accesslog.AccessLog
+		want []*envoy_accesslog_v3.AccessLog
 	}{
 		"stdout": {
 			path: "/dev/stdout",
-			want: []*envoy_accesslog.AccessLog{{
+			want: []*envoy_accesslog_v3.AccessLog{{
 				Name: wellknown.FileAccessLog,
-				ConfigType: &envoy_accesslog.AccessLog_TypedConfig{
-					TypedConfig: protobuf.MustMarshalAny(&accesslog_v2.FileAccessLog{
+				ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{
+					TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{
 						Path: "/dev/stdout",
 					}),
 				},
@@ -53,17 +53,17 @@ func TestJSONFileAccessLog(t *testing.T) {
 	tests := map[string]struct {
 		path    string
 		headers config.AccessLogFields
-		want    []*envoy_accesslog.AccessLog
+		want    []*envoy_accesslog_v3.AccessLog
 	}{
 		"only timestamp": {
 			path:    "/dev/stdout",
 			headers: config.AccessLogFields([]string{"@timestamp"}),
-			want: []*envoy_accesslog.AccessLog{{
+			want: []*envoy_accesslog_v3.AccessLog{{
 				Name: wellknown.FileAccessLog,
-				ConfigType: &envoy_accesslog.AccessLog_TypedConfig{
-					TypedConfig: protobuf.MustMarshalAny(&accesslog_v2.FileAccessLog{
+				ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{
+					TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{
 						Path: "/dev/stdout",
-						AccessLogFormat: &accesslog_v2.FileAccessLog_JsonFormat{
+						AccessLogFormat: &envoy_file_v3.FileAccessLog_JsonFormat{
 							JsonFormat: &_struct.Struct{
 								Fields: map[string]*_struct.Value{
 									"@timestamp": sv("%START_TIME%"),
@@ -84,12 +84,12 @@ func TestJSONFileAccessLog(t *testing.T) {
 				"custom2=%DURATION%.0",
 				"custom3=ST=%START_TIME(%s.%6f)%",
 			}),
-			want: []*envoy_accesslog.AccessLog{{
+			want: []*envoy_accesslog_v3.AccessLog{{
 				Name: wellknown.FileAccessLog,
-				ConfigType: &envoy_accesslog.AccessLog_TypedConfig{
-					TypedConfig: protobuf.MustMarshalAny(&accesslog_v2.FileAccessLog{
+				ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{
+					TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{
 						Path: "/dev/stdout",
-						AccessLogFormat: &accesslog_v2.FileAccessLog_JsonFormat{
+						AccessLogFormat: &envoy_file_v3.FileAccessLog_JsonFormat{
 							JsonFormat: &_struct.Struct{
 								Fields: map[string]*_struct.Value{
 									"@timestamp": sv("%START_TIME%"),

diff --git a/internal/envoy/v3/auth.go b/internal/envoy/v3/auth.go
@@ -14,28 +14,28 @@
 package v3
 
 import (
-	envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth"
-	envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
-	matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher"
+	envoy_api_v3_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	envoy_v3_tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
+	matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
 	"github.com/projectcontour/contour/internal/dag"
 	"github.com/projectcontour/contour/internal/envoy"
 	"github.com/projectcontour/contour/internal/protobuf"
 )
 
-// UpstreamTLSContext creates an envoy_api_v2_auth.UpstreamTlsContext. By default
+// UpstreamTLSContext creates an envoy_v3_tls.UpstreamTlsContext. By default
 // UpstreamTLSContext returns a HTTP/1.1 TLS enabled context. A list of
 // additional ALPN protocols can be provided.
-func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, alpnProtocols ...string) *envoy_api_v2_auth.UpstreamTlsContext {
-	var clientSecretConfigs []*envoy_api_v2_auth.SdsSecretConfig
+func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, alpnProtocols ...string) *envoy_v3_tls.UpstreamTlsContext {
+	var clientSecretConfigs []*envoy_v3_tls.SdsSecretConfig
 	if clientSecret != nil {
-		clientSecretConfigs = []*envoy_api_v2_auth.SdsSecretConfig{{
+		clientSecretConfigs = []*envoy_v3_tls.SdsSecretConfig{{
 			Name:      envoy.Secretname(clientSecret),
 			SdsConfig: ConfigSource("contour"),
 		}}
 	}
 
-	context := &envoy_api_v2_auth.UpstreamTlsContext{
-		CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{
+	context := &envoy_v3_tls.UpstreamTlsContext{
+		CommonTlsContext: &envoy_v3_tls.CommonTlsContext{
 			AlpnProtocols:                  alpnProtocols,
 			TlsCertificateSdsSecretConfigs: clientSecretConfigs,
 		},
@@ -58,12 +58,12 @@ func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni st
 	return context
 }
 
-func validationContext(ca []byte, subjectName string) *envoy_api_v2_auth.CommonTlsContext_ValidationContext {
-	vc := &envoy_api_v2_auth.CommonTlsContext_ValidationContext{
-		ValidationContext: &envoy_api_v2_auth.CertificateValidationContext{
-			TrustedCa: &envoy_api_v2_core.DataSource{
+func validationContext(ca []byte, subjectName string) *envoy_v3_tls.CommonTlsContext_ValidationContext {
+	vc := &envoy_v3_tls.CommonTlsContext_ValidationContext{
+		ValidationContext: &envoy_v3_tls.CertificateValidationContext{
+			TrustedCa: &envoy_api_v3_core.DataSource{
 				// TODO(dfc) update this for SDS
-				Specifier: &envoy_api_v2_core.DataSource_InlineBytes{
+				Specifier: &envoy_api_v3_core.DataSource_InlineBytes{
 					InlineBytes: ca,
 				},
 			},
@@ -82,15 +82,15 @@ func validationContext(ca []byte, subjectName string) *envoy_api_v2_auth.CommonT
 }
 
 // DownstreamTLSContext creates a new DownstreamTlsContext.
-func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion envoy_api_v2_auth.TlsParameters_TlsProtocol, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_api_v2_auth.DownstreamTlsContext {
-	context := &envoy_api_v2_auth.DownstreamTlsContext{
-		CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{
-			TlsParams: &envoy_api_v2_auth.TlsParameters{
+func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion envoy_v3_tls.TlsParameters_TlsProtocol, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_v3_tls.DownstreamTlsContext {
+	context := &envoy_v3_tls.DownstreamTlsContext{
+		CommonTlsContext: &envoy_v3_tls.CommonTlsContext{
+			TlsParams: &envoy_v3_tls.TlsParameters{
 				TlsMinimumProtocolVersion: tlsMinProtoVersion,
-				TlsMaximumProtocolVersion: envoy_api_v2_auth.TlsParameters_TLSv1_3,
+				TlsMaximumProtocolVersion: envoy_v3_tls.TlsParameters_TLSv1_3,
 				CipherSuites:              envoy.Ciphers,
 			},
-			TlsCertificateSdsSecretConfigs: []*envoy_api_v2_auth.SdsSecretConfig{{
+			TlsCertificateSdsSecretConfigs: []*envoy_v3_tls.SdsSecretConfig{{
 				Name:      envoy.Secretname(serverSecret),
 				SdsConfig: ConfigSource("contour"),
 			}},

diff --git a/internal/envoy/v3/auth_test.go b/internal/envoy/v3/auth_test.go
@@ -16,9 +16,9 @@ package v3
 import (
 	"testing"
 
-	envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth"
-	envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core"
-	matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher"
+	envoy_api_v3_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	envoy_v3_tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
+	matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
 	"github.com/projectcontour/contour/internal/dag"
 	"github.com/projectcontour/contour/internal/protobuf"
 	v1 "k8s.io/api/core/v1"
@@ -41,17 +41,17 @@ func TestUpstreamTLSContext(t *testing.T) {
 		validation    *dag.PeerValidationContext
 		alpnProtocols []string
 		externalName  string
-		want          *envoy_api_v2_auth.UpstreamTlsContext
+		want          *envoy_v3_tls.UpstreamTlsContext
 	}{
 		"no alpn, no validation": {
-			want: &envoy_api_v2_auth.UpstreamTlsContext{
-				CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{},
+			want: &envoy_v3_tls.UpstreamTlsContext{
+				CommonTlsContext: &envoy_v3_tls.CommonTlsContext{},
 			},
 		},
 		"h2, no validation": {
 			alpnProtocols: []string{"h2c"},
-			want: &envoy_api_v2_auth.UpstreamTlsContext{
-				CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{
+			want: &envoy_v3_tls.UpstreamTlsContext{
+				CommonTlsContext: &envoy_v3_tls.CommonTlsContext{
 					AlpnProtocols: []string{"h2c"},
 				},
 			},
@@ -60,29 +60,29 @@ func TestUpstreamTLSContext(t *testing.T) {
 			validation: &dag.PeerValidationContext{
 				CACertificate: secret,
 			},
-			want: &envoy_api_v2_auth.UpstreamTlsContext{
-				CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{},
+			want: &envoy_v3_tls.UpstreamTlsContext{
+				CommonTlsContext: &envoy_v3_tls.CommonTlsContext{},
 			},
 		},
 		"no alpn, missing ca": {
 			validation: &dag.PeerValidationContext{
 				SubjectName: "www.example.com",
 			},
-			want: &envoy_api_v2_auth.UpstreamTlsContext{
-				CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{},
+			want: &envoy_v3_tls.UpstreamTlsContext{
+				CommonTlsContext: &envoy_v3_tls.CommonTlsContext{},
 			},
 		},
 		"no alpn, ca and altname": {
 			validation: &dag.PeerValidationContext{
 				CACertificate: secret,
 				SubjectName:   "www.example.com",
 			},
-			want: &envoy_api_v2_auth.UpstreamTlsContext{
-				CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{
-					ValidationContextType: &envoy_api_v2_auth.CommonTlsContext_ValidationContext{
-						ValidationContext: &envoy_api_v2_auth.CertificateValidationContext{
-							TrustedCa: &envoy_api_v2_core.DataSource{
-								Specifier: &envoy_api_v2_core.DataSource_InlineBytes{
+			want: &envoy_v3_tls.UpstreamTlsContext{
+				CommonTlsContext: &envoy_v3_tls.CommonTlsContext{
+					ValidationContextType: &envoy_v3_tls.CommonTlsContext_ValidationContext{
+						ValidationContext: &envoy_v3_tls.CertificateValidationContext{
+							TrustedCa: &envoy_api_v3_core.DataSource{
+								Specifier: &envoy_api_v3_core.DataSource_InlineBytes{
 									InlineBytes: []byte("ca"),
 								},
 							},
@@ -98,8 +98,8 @@ func TestUpstreamTLSContext(t *testing.T) {
 		},
 		"external name sni": {
 			externalName: "projectcontour.local",
-			want: &envoy_api_v2_auth.UpstreamTlsContext{
-				CommonTlsContext: &envoy_api_v2_auth.CommonTlsContext{},
+			want: &envoy_v3_tls.UpstreamTlsContext{
+				CommonTlsContext: &envoy_v3_tls.CommonTlsContext{},
 				Sni:              "projectcontour.local",
 			},
 		},