From 9a66535a43cc31fcfb51bb78193b9485fc891411 Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Thu, 12 Nov 2020 09:37:45 -0700 Subject: [PATCH] v3 fixups --- internal/xdscache/v3/cluster.go | 28 +- internal/xdscache/v3/cluster_test.go | 231 +++--- internal/xdscache/v3/contour_test.go | 2 +- internal/xdscache/v3/endpointstranslator.go | 39 +- .../xdscache/v3/endpointstranslator_test.go | 219 +++--- internal/xdscache/v3/listener.go | 115 ++- internal/xdscache/v3/listener_test.go | 697 +++++++++--------- internal/xdscache/v3/route.go | 91 ++- internal/xdscache/v3/route_test.go | 655 ++++++++-------- internal/xdscache/v3/secret.go | 26 +- internal/xdscache/v3/secret_test.go | 36 +- internal/xdscache/v3/server_test.go | 37 +- internal/xdscache/v3/visitor_test.go | 60 +- 13 files changed, 1116 insertions(+), 1120 deletions(-) diff --git a/internal/xdscache/v3/cluster.go b/internal/xdscache/v3/cluster.go index 5ce3535d6e1..b888d812787 100644 --- a/internal/xdscache/v3/cluster.go +++ b/internal/xdscache/v3/cluster.go @@ -11,19 +11,19 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "sort" "sync" - envoy_api_v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - resource "github.com/envoyproxy/go-control-plane/pkg/resource/v2" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/golang/protobuf/proto" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" - envoy_v2 "github.com/projectcontour/contour/internal/envoy/v2" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" ) @@ -31,12 +31,12 @@ import ( // ClusterCache manages the contents of the gRPC CDS cache. type ClusterCache struct { mu sync.Mutex - values map[string]*envoy_api_v2.Cluster + values map[string]*envoy_config_cluster_v3.Cluster contour.Cond } // Update replaces the contents of the cache with the supplied map. -func (c *ClusterCache) Update(v map[string]*envoy_api_v2.Cluster) { +func (c *ClusterCache) Update(v map[string]*envoy_config_cluster_v3.Cluster) { c.mu.Lock() defer c.mu.Unlock() @@ -48,7 +48,7 @@ func (c *ClusterCache) Update(v map[string]*envoy_api_v2.Cluster) { func (c *ClusterCache) Contents() []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_api_v2.Cluster + var values []*envoy_config_cluster_v3.Cluster for _, v := range c.values { values = append(values, v) } @@ -59,7 +59,7 @@ func (c *ClusterCache) Contents() []proto.Message { func (c *ClusterCache) Query(names []string) []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_api_v2.Cluster + var values []*envoy_config_cluster_v3.Cluster for _, n := range names { // if the cluster is not registered we cannot return // a blank cluster because each cluster has a required @@ -82,13 +82,13 @@ func (c *ClusterCache) OnChange(root *dag.DAG) { } type clusterVisitor struct { - clusters map[string]*envoy_api_v2.Cluster + clusters map[string]*envoy_config_cluster_v3.Cluster } -// visitCluster produces a map of *envoy_api_v2.Clusters. -func visitClusters(root dag.Vertex) map[string]*envoy_api_v2.Cluster { +// visitCluster produces a map of *envoy_config_cluster_v3.Clusters. +func visitClusters(root dag.Vertex) map[string]*envoy_config_cluster_v3.Cluster { cv := clusterVisitor{ - clusters: make(map[string]*envoy_api_v2.Cluster), + clusters: make(map[string]*envoy_config_cluster_v3.Cluster), } cv.visit(root) return cv.clusters @@ -99,12 +99,12 @@ func (v *clusterVisitor) visit(vertex dag.Vertex) { case *dag.Cluster: name := envoy.Clustername(cluster) if _, ok := v.clusters[name]; !ok { - v.clusters[name] = envoy_v2.Cluster(cluster) + v.clusters[name] = envoy_v3.Cluster(cluster) } case *dag.ExtensionCluster: name := cluster.Name if _, ok := v.clusters[name]; !ok { - v.clusters[name] = envoy_v2.ExtensionCluster(cluster) + v.clusters[name] = envoy_v3.ExtensionCluster(cluster) } } diff --git a/internal/xdscache/v3/cluster_test.go b/internal/xdscache/v3/cluster_test.go index f34329c2162..2858b37c98d 100644 --- a/internal/xdscache/v3/cluster_test.go +++ b/internal/xdscache/v3/cluster_test.go @@ -11,19 +11,18 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "testing" "time" - envoy_api_v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_cluster "github.com/envoyproxy/go-control-plane/envoy/api/v2/cluster" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" "github.com/golang/protobuf/proto" "github.com/golang/protobuf/ptypes/duration" contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - envoy_v2 "github.com/projectcontour/contour/internal/envoy/v2" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" v1 "k8s.io/api/core/v1" "k8s.io/api/networking/v1beta1" @@ -33,7 +32,7 @@ import ( func TestClusterCacheContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_api_v2.Cluster + contents map[string]*envoy_config_cluster_v3.Cluster want []proto.Message }{ "empty": { @@ -42,22 +41,22 @@ func TestClusterCacheContents(t *testing.T) { }, "simple": { contents: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), want: []proto.Message{ - cluster(&envoy_api_v2.Cluster{ + cluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), @@ -77,29 +76,29 @@ func TestClusterCacheContents(t *testing.T) { func TestClusterCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_api_v2.Cluster + contents map[string]*envoy_config_cluster_v3.Cluster query []string want []proto.Message }{ "exact match": { contents: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), query: []string{"default/kuard/443/da39a3ee5e"}, want: []proto.Message{ - cluster(&envoy_api_v2.Cluster{ + cluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), @@ -107,23 +106,23 @@ func TestClusterCacheQuery(t *testing.T) { }, "partial match": { contents: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), query: []string{"default/kuard/443/da39a3ee5e", "foo/bar/baz"}, want: []proto.Message{ - cluster(&envoy_api_v2.Cluster{ + cluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), @@ -131,12 +130,12 @@ func TestClusterCacheQuery(t *testing.T) { }, "no match": { contents: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), @@ -158,11 +157,11 @@ func TestClusterCacheQuery(t *testing.T) { func TestClusterVisit(t *testing.T) { tests := map[string]struct { objs []interface{} - want map[string]*envoy_api_v2.Cluster + want map[string]*envoy_config_cluster_v3.Cluster }{ "nothing": { objs: nil, - want: map[string]*envoy_api_v2.Cluster{}, + want: map[string]*envoy_config_cluster_v3.Cluster{}, }, "single unnamed service": { objs: []interface{}{ @@ -184,12 +183,12 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), @@ -218,12 +217,12 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard/https", }, }), @@ -256,15 +255,15 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/da39a3ee5e", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard/http", }, - Http2ProtocolOptions: &envoy_api_v2_core.Http2ProtocolOptions{}, + Http2ProtocolOptions: &envoy_config_core_v3.Http2ProtocolOptions{}, }, ), }, @@ -289,12 +288,12 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "beurocra-7fe4b4/tiny-cog-7fe4b4/443/da39a3ee5e", AltStatName: "beurocratic-company-test-domain-1_tiny-cog-department-test-instance_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "beurocratic-company-test-domain-1/tiny-cog-department-test-instance/svc-0", }, }), @@ -337,21 +336,21 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/da39a3ee5e", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, }, - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/8080/da39a3ee5e", AltStatName: "default_backend_8080", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/alt", }, }, @@ -390,27 +389,27 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/c184349821", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, - HealthChecks: []*envoy_api_v2_core.HealthCheck{{ + HealthChecks: []*envoy_config_core_v3.HealthCheck{{ Timeout: &duration.Duration{Seconds: 2}, Interval: &duration.Duration{Seconds: 10}, UnhealthyThreshold: protobuf.UInt32(3), HealthyThreshold: protobuf.UInt32(2), - HealthChecker: &envoy_api_v2_core.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_api_v2_core.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ Path: "/healthy", Host: "contour-envoy-healthcheck", }, }, }}, - DrainConnectionsOnHostRemoval: true, + IgnoreHealthOnHostRemoval: true, }, ), }, @@ -452,27 +451,27 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/7f8051653a", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, - HealthChecks: []*envoy_api_v2_core.HealthCheck{{ + HealthChecks: []*envoy_config_core_v3.HealthCheck{{ Timeout: &duration.Duration{Seconds: 99}, Interval: &duration.Duration{Seconds: 98}, UnhealthyThreshold: protobuf.UInt32(97), HealthyThreshold: protobuf.UInt32(96), - HealthChecker: &envoy_api_v2_core.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_api_v2_core.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ Path: "/healthy", Host: "foo-bar-host", }, }, }}, - DrainConnectionsOnHostRemoval: true, + IgnoreHealthOnHostRemoval: true, }, ), }, @@ -509,12 +508,12 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/da39a3ee5e", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, }, @@ -553,15 +552,15 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/8bf87fefba", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, - LbPolicy: envoy_api_v2.Cluster_LEAST_REQUEST, + LbPolicy: envoy_config_cluster_v3.Cluster_LEAST_REQUEST, }, ), }, @@ -598,15 +597,15 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/58d888c08a", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, - LbPolicy: envoy_api_v2.Cluster_RANDOM, + LbPolicy: envoy_config_cluster_v3.Cluster_RANDOM, }, ), }, @@ -645,12 +644,12 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/da39a3ee5e", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, }, @@ -687,16 +686,16 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/da39a3ee5e", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_api_v2_cluster.CircuitBreakers{ - Thresholds: []*envoy_api_v2_cluster.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: protobuf.UInt32(9000), MaxPendingRequests: protobuf.UInt32(4096), MaxRequests: protobuf.UInt32(404), @@ -734,12 +733,12 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard/https", }, }), @@ -773,12 +772,12 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard/https", }, }), @@ -811,20 +810,20 @@ func serviceWithAnnotations(ns, name string, annotations map[string]string, port } } -func cluster(c *envoy_api_v2.Cluster) *envoy_api_v2.Cluster { +func cluster(c *envoy_config_cluster_v3.Cluster) *envoy_config_cluster_v3.Cluster { // NOTE: Keep this in sync with envoy.defaultCluster(). - defaults := &envoy_api_v2.Cluster{ + defaults := &envoy_config_cluster_v3.Cluster{ ConnectTimeout: protobuf.Duration(250 * time.Millisecond), - CommonLbConfig: envoy_v2.ClusterCommonLBConfig(), - LbPolicy: envoy_api_v2.Cluster_ROUND_ROBIN, + CommonLbConfig: envoy_v3.ClusterCommonLBConfig(), + LbPolicy: envoy_config_cluster_v3.Cluster_ROUND_ROBIN, } proto.Merge(defaults, c) return defaults } -func clustermap(clusters ...*envoy_api_v2.Cluster) map[string]*envoy_api_v2.Cluster { - m := make(map[string]*envoy_api_v2.Cluster) +func clustermap(clusters ...*envoy_config_cluster_v3.Cluster) map[string]*envoy_config_cluster_v3.Cluster { + m := make(map[string]*envoy_config_cluster_v3.Cluster) for _, c := range clusters { m[c.Name] = cluster(c) } diff --git a/internal/xdscache/v3/contour_test.go b/internal/xdscache/v3/contour_test.go index 131dc236974..6619ff94fdf 100644 --- a/internal/xdscache/v3/contour_test.go +++ b/internal/xdscache/v3/contour_test.go @@ -11,7 +11,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( v1 "k8s.io/api/core/v1" diff --git a/internal/xdscache/v3/endpointstranslator.go b/internal/xdscache/v3/endpointstranslator.go index 853b49ea8d1..f3010ac1f37 100644 --- a/internal/xdscache/v3/endpointstranslator.go +++ b/internal/xdscache/v3/endpointstranslator.go @@ -11,20 +11,19 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "fmt" "sort" "sync" - envoy_api_v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_endpoint "github.com/envoyproxy/go-control-plane/envoy/api/v2/endpoint" - resource2 "github.com/envoyproxy/go-control-plane/pkg/resource/v2" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/golang/protobuf/proto" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" - envoy_v2 "github.com/projectcontour/contour/internal/envoy/v2" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" @@ -34,8 +33,8 @@ import ( "k8s.io/client-go/tools/cache" ) -type LocalityEndpoints = envoy_api_v2_endpoint.LocalityLbEndpoints -type LoadBalancingEndpoint = envoy_api_v2_endpoint.LbEndpoint +type LocalityEndpoints = envoy_config_endpoint_v3.LocalityLbEndpoints +type LoadBalancingEndpoint = envoy_config_endpoint_v3.LbEndpoint // RecalculateEndpoints generates a slice of LoadBalancingEndpoint // resources by matching the given service port to the given v1.Endpoints. @@ -71,8 +70,8 @@ func RecalculateEndpoints(port v1.ServicePort, ep *v1.Endpoints) []*LoadBalancin sort.Slice(addresses, func(i, j int) bool { return addresses[i].IP < addresses[j].IP }) for _, a := range addresses { - addr := envoy_v2.SocketAddress(a.IP, int(p.Port)) - lb = append(lb, envoy_v2.LBEndpoint(addr)) + addr := envoy_v3.SocketAddress(a.IP, int(p.Port)) + lb = append(lb, envoy_v3.LBEndpoint(addr)) } } } @@ -103,11 +102,11 @@ type EndpointsCache struct { // will be generated for every stale ServerCluster, however, if there // are no endpoints for the Services in the ServiceCluster, the // ClusterLoadAssignment will be empty. -func (c *EndpointsCache) Recalculate() map[string]*envoy_api_v2.ClusterLoadAssignment { +func (c *EndpointsCache) Recalculate() map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment { c.mu.Lock() defer c.mu.Unlock() - assignments := map[string]*envoy_api_v2.ClusterLoadAssignment{} + assignments := map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{} for _, cluster := range c.stale { // Clusters can be in the stale list multiple times; // skip to avoid duplicate recalculations. @@ -115,7 +114,7 @@ func (c *EndpointsCache) Recalculate() map[string]*envoy_api_v2.ClusterLoadAssig continue } - cla := envoy_api_v2.ClusterLoadAssignment{ + cla := envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: cluster.ClusterName, Endpoints: nil, Policy: nil, @@ -225,7 +224,7 @@ func NewEndpointsTranslator(log logrus.FieldLogger) *EndpointsTranslator { return &EndpointsTranslator{ Cond: contour.Cond{}, FieldLogger: log, - entries: map[string]*envoy_api_v2.ClusterLoadAssignment{}, + entries: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{}, cache: EndpointsCache{ stale: nil, services: map[types.NamespacedName][]*dag.ServiceCluster{}, @@ -246,13 +245,13 @@ type EndpointsTranslator struct { cache EndpointsCache mu sync.Mutex // Protects entries. - entries map[string]*envoy_api_v2.ClusterLoadAssignment + entries map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment } // Merge combines the given entries with the existing entries in the // EndpointsTranslator. If the same key exists in both maps, an existing entry // is replaced. -func (e *EndpointsTranslator) Merge(entries map[string]*envoy_api_v2.ClusterLoadAssignment) { +func (e *EndpointsTranslator) Merge(entries map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment) { e.mu.Lock() defer e.mu.Unlock() @@ -314,7 +313,7 @@ func (e *EndpointsTranslator) OnChange(d *dag.DAG) { // equal returns true if a and b are the same length, have the same set // of keys, and have proto-equivalent values for each key, or false otherwise. -func equal(a, b map[string]*envoy_api_v2.ClusterLoadAssignment) bool { +func equal(a, b map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment) bool { if len(a) != len(b) { return false } @@ -400,7 +399,7 @@ func (e *EndpointsTranslator) Contents() []proto.Message { e.mu.Lock() defer e.mu.Unlock() - values := make([]*envoy_api_v2.ClusterLoadAssignment, 0, len(e.entries)) + values := make([]*envoy_config_endpoint_v3.ClusterLoadAssignment, 0, len(e.entries)) for _, v := range e.entries { values = append(values, v) } @@ -413,12 +412,12 @@ func (e *EndpointsTranslator) Query(names []string) []proto.Message { e.mu.Lock() defer e.mu.Unlock() - values := make([]*envoy_api_v2.ClusterLoadAssignment, 0, len(names)) + values := make([]*envoy_config_endpoint_v3.ClusterLoadAssignment, 0, len(names)) for _, n := range names { v, ok := e.entries[n] if !ok { e.Debugf("no cache entry for %q", n) - v = &envoy_api_v2.ClusterLoadAssignment{ + v = &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: n, } } @@ -429,4 +428,4 @@ func (e *EndpointsTranslator) Query(names []string) []proto.Message { return protobuf.AsMessages(values) } -func (*EndpointsTranslator) TypeURL() string { return resource2.EndpointType } +func (*EndpointsTranslator) TypeURL() string { return resource.EndpointType } diff --git a/internal/xdscache/v3/endpointstranslator_test.go b/internal/xdscache/v3/endpointstranslator_test.go index 28aa60b7691..fbef3c77082 100644 --- a/internal/xdscache/v3/endpointstranslator_test.go +++ b/internal/xdscache/v3/endpointstranslator_test.go @@ -11,16 +11,15 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "testing" - envoy_api_v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_endpoint "github.com/envoyproxy/go-control-plane/envoy/api/v2/endpoint" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" "github.com/golang/protobuf/proto" "github.com/projectcontour/contour/internal/dag" - envoy_v2 "github.com/projectcontour/contour/internal/envoy/v2" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/protobuf" "github.com/stretchr/testify/assert" @@ -30,7 +29,7 @@ import ( func TestEndpointsTranslatorContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_api_v2.ClusterLoadAssignment + contents map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment want []proto.Message }{ "empty": { @@ -39,13 +38,13 @@ func TestEndpointsTranslatorContents(t *testing.T) { }, "simple": { contents: clusterloadassignments( - envoy_v2.ClusterLoadAssignment("default/httpbin-org", - envoy_v2.SocketAddress("10.10.10.10", 80), + envoy_v3.ClusterLoadAssignment("default/httpbin-org", + envoy_v3.SocketAddress("10.10.10.10", 80), ), ), want: []proto.Message{ - envoy_v2.ClusterLoadAssignment("default/httpbin-org", - envoy_v2.SocketAddress("10.10.10.10", 80), + envoy_v3.ClusterLoadAssignment("default/httpbin-org", + envoy_v3.SocketAddress("10.10.10.10", 80), ), }, }, @@ -63,46 +62,46 @@ func TestEndpointsTranslatorContents(t *testing.T) { func TestEndpointCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_api_v2.ClusterLoadAssignment + contents map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment query []string want []proto.Message }{ "exact match": { contents: clusterloadassignments( - envoy_v2.ClusterLoadAssignment("default/httpbin-org", - envoy_v2.SocketAddress("10.10.10.10", 80), + envoy_v3.ClusterLoadAssignment("default/httpbin-org", + envoy_v3.SocketAddress("10.10.10.10", 80), ), ), query: []string{"default/httpbin-org"}, want: []proto.Message{ - envoy_v2.ClusterLoadAssignment("default/httpbin-org", - envoy_v2.SocketAddress("10.10.10.10", 80), + envoy_v3.ClusterLoadAssignment("default/httpbin-org", + envoy_v3.SocketAddress("10.10.10.10", 80), ), }, }, "partial match": { contents: clusterloadassignments( - envoy_v2.ClusterLoadAssignment("default/httpbin-org", - envoy_v2.SocketAddress("10.10.10.10", 80), + envoy_v3.ClusterLoadAssignment("default/httpbin-org", + envoy_v3.SocketAddress("10.10.10.10", 80), ), ), query: []string{"default/kuard/8080", "default/httpbin-org"}, want: []proto.Message{ - envoy_v2.ClusterLoadAssignment("default/httpbin-org", - envoy_v2.SocketAddress("10.10.10.10", 80), + envoy_v3.ClusterLoadAssignment("default/httpbin-org", + envoy_v3.SocketAddress("10.10.10.10", 80), ), - envoy_v2.ClusterLoadAssignment("default/kuard/8080"), + envoy_v3.ClusterLoadAssignment("default/kuard/8080"), }, }, "no match": { contents: clusterloadassignments( - envoy_v2.ClusterLoadAssignment("default/httpbin-org", - envoy_v2.SocketAddress("10.10.10.10", 80), + envoy_v3.ClusterLoadAssignment("default/httpbin-org", + envoy_v3.SocketAddress("10.10.10.10", 80), ), ), query: []string{"default/kuard/8080"}, want: []proto.Message{ - envoy_v2.ClusterLoadAssignment("default/kuard/8080"), + envoy_v3.ClusterLoadAssignment("default/kuard/8080"), }, }, } @@ -166,11 +165,11 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { ), }), want: []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, - &envoy_api_v2.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", - Endpoints: envoy_v2.WeightedEndpoints(1, envoy_v2.SocketAddress("192.168.183.24", 8080)), + Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, }, }, @@ -187,15 +186,15 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { ), }), want: []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, - &envoy_api_v2.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", - Endpoints: envoy_v2.WeightedEndpoints(1, - envoy_v2.SocketAddress("23.23.247.89", 80), // addresses should be sorted - envoy_v2.SocketAddress("50.17.192.147", 80), - envoy_v2.SocketAddress("50.17.206.192", 80), - envoy_v2.SocketAddress("50.19.99.160", 80), + Endpoints: envoy_v3.WeightedEndpoints(1, + envoy_v3.SocketAddress("23.23.247.89", 80), // addresses should be sorted + envoy_v3.SocketAddress("50.17.192.147", 80), + envoy_v3.SocketAddress("50.17.206.192", 80), + envoy_v3.SocketAddress("50.19.99.160", 80), ), }, }, @@ -212,15 +211,15 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { }), want: []proto.Message{ // Results should be sorted by cluster name. - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/a", - Endpoints: envoy_v2.WeightedEndpoints(1, envoy_v2.SocketAddress("10.10.1.1", 8675)), + Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 8675)), }, - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/b", - Endpoints: envoy_v2.WeightedEndpoints(1, envoy_v2.SocketAddress("10.10.1.1", 309)), + Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 309)), }, - &envoy_api_v2.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, }, "cartesian product": { @@ -235,21 +234,21 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { ), }), want: []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/a", - Endpoints: envoy_v2.WeightedEndpoints(1, - envoy_v2.SocketAddress("10.10.1.1", 8675), // addresses should be sorted - envoy_v2.SocketAddress("10.10.2.2", 8675), + Endpoints: envoy_v3.WeightedEndpoints(1, + envoy_v3.SocketAddress("10.10.1.1", 8675), // addresses should be sorted + envoy_v3.SocketAddress("10.10.2.2", 8675), ), }, - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/b", - Endpoints: envoy_v2.WeightedEndpoints(1, - envoy_v2.SocketAddress("10.10.1.1", 309), - envoy_v2.SocketAddress("10.10.2.2", 309), + Endpoints: envoy_v3.WeightedEndpoints(1, + envoy_v3.SocketAddress("10.10.1.1", 309), + envoy_v3.SocketAddress("10.10.2.2", 309), ), }, - &envoy_api_v2.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, }, "not ready": { @@ -273,20 +272,20 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { ), }), want: []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/a", - Endpoints: envoy_v2.WeightedEndpoints(1, - envoy_v2.SocketAddress("10.10.1.1", 8675), + Endpoints: envoy_v3.WeightedEndpoints(1, + envoy_v3.SocketAddress("10.10.1.1", 8675), ), }, - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/b", - Endpoints: envoy_v2.WeightedEndpoints(1, - envoy_v2.SocketAddress("10.10.1.1", 309), - envoy_v2.SocketAddress("10.10.2.2", 309), + Endpoints: envoy_v3.WeightedEndpoints(1, + envoy_v3.SocketAddress("10.10.1.1", 309), + envoy_v3.SocketAddress("10.10.2.2", 309), ), }, - &envoy_api_v2.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, }, } @@ -360,9 +359,9 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { ), }), want: []proto.Message{ - envoy_v2.ClusterLoadAssignment("default/simple"), - envoy_v2.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/http"), - envoy_v2.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/https"), + envoy_v3.ClusterLoadAssignment("default/simple"), + envoy_v3.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/http"), + envoy_v3.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/https"), }, }, "remove different": { @@ -381,12 +380,12 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { ), }), want: []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", - Endpoints: envoy_v2.WeightedEndpoints(1, envoy_v2.SocketAddress("192.168.183.24", 8080)), + Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, - envoy_v2.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/http"), - envoy_v2.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/https"), + envoy_v3.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/http"), + envoy_v3.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/https"), }, }, "remove non existent": { @@ -398,9 +397,9 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { ), }), want: []proto.Message{ - envoy_v2.ClusterLoadAssignment("default/simple"), - envoy_v2.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/http"), - envoy_v2.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/https"), + envoy_v3.ClusterLoadAssignment("default/simple"), + envoy_v3.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/http"), + envoy_v3.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/https"), }, }, "remove long name": { @@ -436,9 +435,9 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { }, ), want: []proto.Message{ - envoy_v2.ClusterLoadAssignment("default/simple"), - envoy_v2.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/http"), - envoy_v2.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/https"), + envoy_v3.ClusterLoadAssignment("default/simple"), + envoy_v3.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/http"), + envoy_v3.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/https"), }, }, } @@ -482,10 +481,10 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { ), }), want: []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", - Endpoints: envoy_v2.WeightedEndpoints(1, - envoy_v2.SocketAddress("192.168.183.24", 8080)), + Endpoints: envoy_v3.WeightedEndpoints(1, + envoy_v3.SocketAddress("192.168.183.24", 8080)), }, }, }, @@ -510,13 +509,13 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { ), }), want: []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org", - Endpoints: envoy_v2.WeightedEndpoints(1, - envoy_v2.SocketAddress("23.23.247.89", 80), - envoy_v2.SocketAddress("50.17.192.147", 80), - envoy_v2.SocketAddress("50.17.206.192", 80), - envoy_v2.SocketAddress("50.19.99.160", 80), + Endpoints: envoy_v3.WeightedEndpoints(1, + envoy_v3.SocketAddress("23.23.247.89", 80), + envoy_v3.SocketAddress("50.17.192.147", 80), + envoy_v3.SocketAddress("50.17.206.192", 80), + envoy_v3.SocketAddress("50.19.99.160", 80), ), }, }, @@ -538,10 +537,10 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { ), }), want: []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/secure/https", - Endpoints: envoy_v2.WeightedEndpoints(1, - envoy_v2.SocketAddress("192.168.183.24", 8443)), + Endpoints: envoy_v3.WeightedEndpoints(1, + envoy_v3.SocketAddress("192.168.183.24", 8443)), }, }, }, @@ -584,9 +583,9 @@ func TestEndpointsTranslatorScaleToZeroEndpoints(t *testing.T) { // Assert endpoint was added want := []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", - Endpoints: envoy_v2.WeightedEndpoints(1, envoy_v2.SocketAddress("192.168.183.24", 8080)), + Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, } @@ -598,7 +597,7 @@ func TestEndpointsTranslatorScaleToZeroEndpoints(t *testing.T) { // Assert endpoints are removed want = []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, } protobuf.RequireEqual(t, want, et.Contents()) @@ -647,14 +646,14 @@ func TestEndpointsTranslatorWeightedService(t *testing.T) { // Each helper builds a `LocalityLbEndpoints` with one // entry, so we can compose the final result by reaching // in an taking the first element of each slice. - w0 := envoy_v2.Endpoints(envoy_v2.SocketAddress("192.168.183.24", 8080)) - w1 := envoy_v2.WeightedEndpoints(1, envoy_v2.SocketAddress("192.168.183.24", 8080)) - w2 := envoy_v2.WeightedEndpoints(2, envoy_v2.SocketAddress("192.168.183.24", 8080)) + w0 := envoy_v3.Endpoints(envoy_v3.SocketAddress("192.168.183.24", 8080)) + w1 := envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)) + w2 := envoy_v3.WeightedEndpoints(2, envoy_v3.SocketAddress("192.168.183.24", 8080)) want := []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/weighted", - Endpoints: []*envoy_api_v2_endpoint.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ w0[0], w1[0], w2[0], }, }, @@ -705,14 +704,14 @@ func TestEndpointsTranslatorDefaultWeightedService(t *testing.T) { // Each helper builds a `LocalityLbEndpoints` with one // entry, so we can compose the final result by reaching // in an taking the first element of each slice. - w0 := envoy_v2.WeightedEndpoints(1, envoy_v2.SocketAddress("192.168.183.24", 8080)) - w1 := envoy_v2.WeightedEndpoints(1, envoy_v2.SocketAddress("192.168.183.24", 8080)) - w2 := envoy_v2.WeightedEndpoints(1, envoy_v2.SocketAddress("192.168.183.24", 8080)) + w0 := envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)) + w1 := envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)) + w2 := envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)) want := []proto.Message{ - &envoy_api_v2.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/weighted", - Endpoints: []*envoy_api_v2_endpoint.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ w0[0], w1[0], w2[0], }, }, @@ -723,7 +722,7 @@ func TestEndpointsTranslatorDefaultWeightedService(t *testing.T) { func TestEqual(t *testing.T) { tests := map[string]struct { - a, b map[string]*envoy_api_v2.ClusterLoadAssignment + a, b map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment want bool }{ "both nil": { @@ -732,21 +731,21 @@ func TestEqual(t *testing.T) { want: true, }, "one nil, one empty": { - a: map[string]*envoy_api_v2.ClusterLoadAssignment{}, + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{}, b: nil, want: true, }, "both empty": { - a: map[string]*envoy_api_v2.ClusterLoadAssignment{}, - b: map[string]*envoy_api_v2.ClusterLoadAssignment{}, + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{}, + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{}, want: true, }, "a is an incomplete subset of b": { - a: map[string]*envoy_api_v2.ClusterLoadAssignment{ + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, }, - b: map[string]*envoy_api_v2.ClusterLoadAssignment{ + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, @@ -754,24 +753,24 @@ func TestEqual(t *testing.T) { want: false, }, "b is an incomplete subset of a": { - a: map[string]*envoy_api_v2.ClusterLoadAssignment{ + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, }, - b: map[string]*envoy_api_v2.ClusterLoadAssignment{ + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, }, want: false, }, "a and b have the same keys, different values": { - a: map[string]*envoy_api_v2.ClusterLoadAssignment{ + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, }, - b: map[string]*envoy_api_v2.ClusterLoadAssignment{ + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "different"}, @@ -779,12 +778,12 @@ func TestEqual(t *testing.T) { want: false, }, "a and b have the same values, different keys": { - a: map[string]*envoy_api_v2.ClusterLoadAssignment{ + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, }, - b: map[string]*envoy_api_v2.ClusterLoadAssignment{ + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "d": {ClusterName: "a"}, "e": {ClusterName: "b"}, "f": {ClusterName: "c"}, @@ -792,12 +791,12 @@ func TestEqual(t *testing.T) { want: false, }, "a and b have the same keys, same values": { - a: map[string]*envoy_api_v2.ClusterLoadAssignment{ + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, }, - b: map[string]*envoy_api_v2.ClusterLoadAssignment{ + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, @@ -825,8 +824,8 @@ func port(name string, port int32) v1.EndpointPort { } } -func clusterloadassignments(clas ...*envoy_api_v2.ClusterLoadAssignment) map[string]*envoy_api_v2.ClusterLoadAssignment { - m := make(map[string]*envoy_api_v2.ClusterLoadAssignment) +func clusterloadassignments(clas ...*envoy_config_endpoint_v3.ClusterLoadAssignment) map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment { + m := make(map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment) for _, cla := range clas { m[cla.ClusterName] = cla } diff --git a/internal/xdscache/v3/listener.go b/internal/xdscache/v3/listener.go index ee39578c8f7..f2759bd0f9c 100644 --- a/internal/xdscache/v3/listener.go +++ b/internal/xdscache/v3/listener.go @@ -11,23 +11,22 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "path" "sort" "sync" - envoy_api_v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" - envoy_api_v2_accesslog "github.com/envoyproxy/go-control-plane/envoy/config/filter/accesslog/v2" - http "github.com/envoyproxy/go-control-plane/envoy/config/filter/network/http_connection_manager/v2" - resource "github.com/envoyproxy/go-control-plane/pkg/resource/v2" + envoy_config_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/golang/protobuf/proto" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" - envoy_v2 "github.com/projectcontour/contour/internal/envoy/v2" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" "github.com/projectcontour/contour/internal/timeout" @@ -79,14 +78,14 @@ type ListenerConfig struct { UseProxyProto bool // MinimumTLSVersion defines the minimum TLS protocol version the proxy should accept. - MinimumTLSVersion envoy_api_v2_auth.TlsParameters_TlsProtocol + MinimumTLSVersion envoy_tls_v3.TlsParameters_TlsProtocol // DefaultHTTPVersions defines the default set of HTTP // versions the proxy should accept. If not specified, all // supported versions are accepted. This is applied to both // HTTP and HTTPS listeners but has practical effect only for // HTTPS, because we don't support h2c. - DefaultHTTPVersions []envoy_v2.HTTPVersionType + DefaultHTTPVersions []envoy_v3.HTTPVersionType // AccessLogType defines if Envoy logs should be output as Envoy's default or JSON. // Valid values: 'envoy', 'json' @@ -188,38 +187,38 @@ func (lvc *ListenerConfig) accesslogFields() config.AccessLogFields { return config.DefaultFields } -func (lvc *ListenerConfig) newInsecureAccessLog() []*envoy_api_v2_accesslog.AccessLog { +func (lvc *ListenerConfig) newInsecureAccessLog() []*envoy_config_accesslog_v3.AccessLog { switch lvc.accesslogType() { case string(config.JSONAccessLog): - return envoy_v2.FileAccessLogJSON(lvc.httpAccessLog(), lvc.accesslogFields()) + return envoy_v3.FileAccessLogJSON(lvc.httpAccessLog(), lvc.accesslogFields()) default: - return envoy_v2.FileAccessLogEnvoy(lvc.httpAccessLog()) + return envoy_v3.FileAccessLogEnvoy(lvc.httpAccessLog()) } } -func (lvc *ListenerConfig) newSecureAccessLog() []*envoy_api_v2_accesslog.AccessLog { +func (lvc *ListenerConfig) newSecureAccessLog() []*envoy_config_accesslog_v3.AccessLog { switch lvc.accesslogType() { case "json": - return envoy_v2.FileAccessLogJSON(lvc.httpsAccessLog(), lvc.accesslogFields()) + return envoy_v3.FileAccessLogJSON(lvc.httpsAccessLog(), lvc.accesslogFields()) default: - return envoy_v2.FileAccessLogEnvoy(lvc.httpsAccessLog()) + return envoy_v3.FileAccessLogEnvoy(lvc.httpsAccessLog()) } } // minTLSVersion returns the requested minimum TLS protocol -// version or envoy_api_v2_auth.TlsParameters_TLSv1_2 if not configured. -func (lvc *ListenerConfig) minTLSVersion() envoy_api_v2_auth.TlsParameters_TlsProtocol { - if lvc.MinimumTLSVersion > envoy_api_v2_auth.TlsParameters_TLSv1_2 { +// version or envoy_tls_v3.TlsParameters_TLSv1_2 if not configured. +func (lvc *ListenerConfig) minTLSVersion() envoy_tls_v3.TlsParameters_TlsProtocol { + if lvc.MinimumTLSVersion > envoy_tls_v3.TlsParameters_TLSv1_2 { return lvc.MinimumTLSVersion } - return envoy_api_v2_auth.TlsParameters_TLSv1_2 + return envoy_tls_v3.TlsParameters_TLSv1_2 } // ListenerCache manages the contents of the gRPC LDS cache. type ListenerCache struct { mu sync.Mutex - values map[string]*envoy_api_v2.Listener - staticValues map[string]*envoy_api_v2.Listener + values map[string]*envoy_config_listener_v3.Listener + staticValues map[string]*envoy_config_listener_v3.Listener Config ListenerConfig contour.Cond @@ -227,17 +226,17 @@ type ListenerCache struct { // NewListenerCache returns an instance of a ListenerCache func NewListenerCache(config ListenerConfig, address string, port int) *ListenerCache { - stats := envoy_v2.StatsListener(address, port) + stats := envoy_v3.StatsListener(address, port) return &ListenerCache{ Config: config, - staticValues: map[string]*envoy_api_v2.Listener{ + staticValues: map[string]*envoy_config_listener_v3.Listener{ stats.Name: stats, }, } } // Update replaces the contents of the cache with the supplied map. -func (c *ListenerCache) Update(v map[string]*envoy_api_v2.Listener) { +func (c *ListenerCache) Update(v map[string]*envoy_config_listener_v3.Listener) { c.mu.Lock() defer c.mu.Unlock() @@ -249,7 +248,7 @@ func (c *ListenerCache) Update(v map[string]*envoy_api_v2.Listener) { func (c *ListenerCache) Contents() []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_api_v2.Listener + var values []*envoy_config_listener_v3.Listener for _, v := range c.values { values = append(values, v) } @@ -265,7 +264,7 @@ func (c *ListenerCache) Contents() []proto.Message { func (c *ListenerCache) Query(names []string) []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_api_v2.Listener + var values []*envoy_config_listener_v3.Listener for _, n := range names { v, ok := c.values[n] if !ok { @@ -295,15 +294,15 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { type listenerVisitor struct { *ListenerConfig - listeners map[string]*envoy_api_v2.Listener + listeners map[string]*envoy_config_listener_v3.Listener http bool // at least one dag.VirtualHost encountered } -func visitListeners(root dag.Vertex, lvc *ListenerConfig) map[string]*envoy_api_v2.Listener { +func visitListeners(root dag.Vertex, lvc *ListenerConfig) map[string]*envoy_config_listener_v3.Listener { lv := listenerVisitor{ ListenerConfig: lvc, - listeners: map[string]*envoy_api_v2.Listener{ - ENVOY_HTTPS_LISTENER: envoy_v2.Listener( + listeners: map[string]*envoy_config_listener_v3.Listener{ + ENVOY_HTTPS_LISTENER: envoy_v3.Listener( ENVOY_HTTPS_LISTENER, lvc.httpsAddress(), lvc.httpsPort(), @@ -316,8 +315,8 @@ func visitListeners(root dag.Vertex, lvc *ListenerConfig) map[string]*envoy_api_ if lv.http { // Add a listener if there are vhosts bound to http. - cm := envoy_v2.HTTPConnectionManagerBuilder(). - Codec(envoy_v2.CodecForVersions(lv.DefaultHTTPVersions...)). + cm := envoy_v3.HTTPConnectionManagerBuilder(). + Codec(envoy_v3.CodecForVersions(lv.DefaultHTTPVersions...)). DefaultFilters(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). @@ -329,7 +328,7 @@ func visitListeners(root dag.Vertex, lvc *ListenerConfig) map[string]*envoy_api_ ConnectionShutdownGracePeriod(lvc.ConnectionShutdownGracePeriod). Get() - lv.listeners[ENVOY_HTTP_LISTENER] = envoy_v2.Listener( + lv.listeners[ENVOY_HTTP_LISTENER] = envoy_v3.Listener( ENVOY_HTTP_LISTENER, lvc.httpAddress(), lvc.httpPort(), @@ -350,21 +349,21 @@ func visitListeners(root dag.Vertex, lvc *ListenerConfig) map[string]*envoy_api_ return lv.listeners } -func proxyProtocol(useProxy bool) []*envoy_api_v2_listener.ListenerFilter { +func proxyProtocol(useProxy bool) []*envoy_config_listener_v3.ListenerFilter { if useProxy { - return envoy_v2.ListenerFilters( - envoy_v2.ProxyProtocol(), + return envoy_v3.ListenerFilters( + envoy_v3.ProxyProtocol(), ) } return nil } -func secureProxyProtocol(useProxy bool) []*envoy_api_v2_listener.ListenerFilter { - return append(proxyProtocol(useProxy), envoy_v2.TLSInspector()) +func secureProxyProtocol(useProxy bool) []*envoy_config_listener_v3.ListenerFilter { + return append(proxyProtocol(useProxy), envoy_v3.TLSInspector()) } func (v *listenerVisitor) visit(vertex dag.Vertex) { - max := func(a, b envoy_api_v2_auth.TlsParameters_TlsProtocol) envoy_api_v2_auth.TlsParameters_TlsProtocol { + max := func(a, b envoy_tls_v3.TlsParameters_TlsProtocol) envoy_tls_v3.TlsParameters_TlsProtocol { if a > b { return a } @@ -379,13 +378,13 @@ func (v *listenerVisitor) visit(vertex dag.Vertex) { v.http = true case *dag.SecureVirtualHost: var alpnProtos []string - var filters []*envoy_api_v2_listener.Filter + var filters []*envoy_config_listener_v3.Filter if vh.TCPProxy == nil { var authFilter *http.HttpFilter if vh.AuthorizationService != nil { - authFilter = envoy_v2.FilterExternalAuthz( + authFilter = envoy_v3.FilterExternalAuthz( vh.AuthorizationService.Name, vh.AuthorizationFailOpen, vh.AuthorizationResponseTimeout, @@ -399,10 +398,10 @@ func (v *listenerVisitor) visit(vertex dag.Vertex) { // metrics prefix to keep compatibility with previous // Contour versions since the metrics prefix will be // coded into monitoring dashboards. - filters = envoy_v2.Filters( - envoy_v2.HTTPConnectionManagerBuilder(). - Codec(envoy_v2.CodecForVersions(v.DefaultHTTPVersions...)). - AddFilter(envoy_v2.FilterMisdirectedRequests(vh.VirtualHost.Name)). + filters = envoy_v3.Filters( + envoy_v3.HTTPConnectionManagerBuilder(). + Codec(envoy_v3.CodecForVersions(v.DefaultHTTPVersions...)). + AddFilter(envoy_v3.FilterMisdirectedRequests(vh.VirtualHost.Name)). DefaultFilters(). AddFilter(authFilter). RouteConfigName(path.Join("https", vh.VirtualHost.Name)). @@ -416,10 +415,10 @@ func (v *listenerVisitor) visit(vertex dag.Vertex) { Get(), ) - alpnProtos = envoy_v2.ProtoNamesForVersions(v.DefaultHTTPVersions...) + alpnProtos = envoy_v3.ProtoNamesForVersions(v.DefaultHTTPVersions...) } else { - filters = envoy_v2.Filters( - envoy_v2.TCPProxy(ENVOY_HTTPS_LISTENER, + filters = envoy_v3.Filters( + envoy_v3.TCPProxy(ENVOY_HTTPS_LISTENER, vh.TCPProxy, v.ListenerConfig.newSecureAccessLog()), ) @@ -429,14 +428,14 @@ func (v *listenerVisitor) visit(vertex dag.Vertex) { // backend in its ServerHello. } - var downstreamTLS *envoy_api_v2_auth.DownstreamTlsContext + var downstreamTLS *envoy_tls_v3.DownstreamTlsContext // Secret is provided when TLS is terminated and nil when TLS passthrough is used. if vh.Secret != nil { // Choose the higher of the configured or requested TLS version. - vers := max(v.ListenerConfig.minTLSVersion(), vh.MinTLSVersion) + vers := max(v.ListenerConfig.minTLSVersion(), envoy_v3.ParseTLSVersion(vh.MinTLSVersion)) - downstreamTLS = envoy_v2.DownstreamTLSContext( + downstreamTLS = envoy_v3.DownstreamTLSContext( vh.Secret, vers, vh.DownstreamValidation, @@ -444,25 +443,25 @@ func (v *listenerVisitor) visit(vertex dag.Vertex) { } v.listeners[ENVOY_HTTPS_LISTENER].FilterChains = append(v.listeners[ENVOY_HTTPS_LISTENER].FilterChains, - envoy_v2.FilterChainTLS(vh.VirtualHost.Name, downstreamTLS, filters)) + envoy_v3.FilterChainTLS(vh.VirtualHost.Name, downstreamTLS, filters)) // If this VirtualHost has enabled the fallback certificate then set a default // FilterChain which will allow routes with this vhost to accept non-SNI TLS requests. // Note that we don't add the misdirected requests filter on this chain because at this // point we don't actually know the full set of server names that will be bound to the // filter chain through the ENVOY_FALLBACK_ROUTECONFIG route configuration. - if vh.FallbackCertificate != nil && !envoy_v2.ContainsFallbackFilterChain(v.listeners[ENVOY_HTTPS_LISTENER].FilterChains) { + if vh.FallbackCertificate != nil && !envoy_v3.ContainsFallbackFilterChain(v.listeners[ENVOY_HTTPS_LISTENER].FilterChains) { // Construct the downstreamTLSContext passing the configured fallbackCertificate. The TLS minProtocolVersion will use // the value defined in the Contour Configuration file if defined. - downstreamTLS = envoy_v2.DownstreamTLSContext( + downstreamTLS = envoy_v3.DownstreamTLSContext( vh.FallbackCertificate, v.ListenerConfig.minTLSVersion(), vh.DownstreamValidation, alpnProtos...) // Default filter chain - filters = envoy_v2.Filters( - envoy_v2.HTTPConnectionManagerBuilder(). + filters = envoy_v3.Filters( + envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -476,7 +475,7 @@ func (v *listenerVisitor) visit(vertex dag.Vertex) { ) v.listeners[ENVOY_HTTPS_LISTENER].FilterChains = append(v.listeners[ENVOY_HTTPS_LISTENER].FilterChains, - envoy_v2.FilterChainTLSFallback(downstreamTLS, filters)) + envoy_v3.FilterChainTLSFallback(downstreamTLS, filters)) } default: diff --git a/internal/xdscache/v3/listener_test.go b/internal/xdscache/v3/listener_test.go index 197196a5efa..3fd995a3869 100644 --- a/internal/xdscache/v3/listener_test.go +++ b/internal/xdscache/v3/listener_test.go @@ -11,21 +11,20 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "path" "testing" "time" - envoy_api_v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - envoy_api_v2_listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/golang/protobuf/proto" contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" - envoy_v2 "github.com/projectcontour/contour/internal/envoy/v2" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/timeout" v1 "k8s.io/api/core/v1" @@ -36,7 +35,7 @@ import ( func TestListenerCacheContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_api_v2.Listener + contents map[string]*envoy_config_listener_v3.Listener want []proto.Message }{ "empty": { @@ -44,18 +43,18 @@ func TestListenerCacheContents(t *testing.T) { want: nil, }, "simple": { - contents: listenermap(&envoy_api_v2.Listener{ + contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), want: []proto.Message{ - &envoy_api_v2.Listener{ + &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }, }, }, @@ -73,50 +72,50 @@ func TestListenerCacheContents(t *testing.T) { func TestListenerCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_api_v2.Listener + contents map[string]*envoy_config_listener_v3.Listener query []string want []proto.Message }{ "exact match": { - contents: listenermap(&envoy_api_v2.Listener{ + contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), query: []string{ENVOY_HTTP_LISTENER}, want: []proto.Message{ - &envoy_api_v2.Listener{ + &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }, }, }, "partial match": { - contents: listenermap(&envoy_api_v2.Listener{ + contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), query: []string{ENVOY_HTTP_LISTENER, "stats-listener"}, want: []proto.Message{ - &envoy_api_v2.Listener{ + &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }, }, }, "no match": { - contents: listenermap(&envoy_api_v2.Listener{ + contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), query: []string{"stats-listener"}, want: nil, @@ -134,32 +133,32 @@ func TestListenerCacheQuery(t *testing.T) { } func TestListenerVisit(t *testing.T) { - httpsFilterFor := func(vhost string) *envoy_api_v2_listener.Filter { - return envoy_v2.HTTPConnectionManagerBuilder(). - AddFilter(envoy_v2.FilterMisdirectedRequests(vhost)). + httpsFilterFor := func(vhost string) *envoy_config_listener_v3.Filter { + return envoy_v3.HTTPConnectionManagerBuilder(). + AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", vhost)). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). Get() } - fallbackCertFilter := envoy_v2.HTTPConnectionManagerBuilder(). + fallbackCertFilter := envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). Get() tests := map[string]struct { ListenerConfig fallbackCertificate *types.NamespacedName objs []interface{} - want map[string]*envoy_api_v2.Listener + want map[string]*envoy_config_listener_v3.Listener }{ "nothing": { objs: nil, - want: map[string]*envoy_api_v2.Listener{}, + want: map[string]*envoy_config_listener_v3.Listener{}, }, "one http only ingress": { objs: []interface{}{ @@ -186,11 +185,11 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "one http only httpproxy": { @@ -229,11 +228,11 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "simple ingress with secret": { @@ -282,25 +281,25 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("whatever.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "multiple tls ingress with secrets should be sorted": { @@ -371,31 +370,31 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"sortedfirst.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("sortedfirst.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("sortedfirst.example.com")), }, { - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"sortedsecond.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("sortedsecond.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("sortedsecond.example.com")), }}, - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "simple ingress with missing secret": { @@ -444,11 +443,11 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "simple httpproxy with secret": { @@ -495,25 +494,25 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("www.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "ingress with allow-http: false": { @@ -531,7 +530,7 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: map[string]*envoy_api_v2.Listener{}, + want: map[string]*envoy_config_listener_v3.Listener{}, }, "simple tls ingress with allow-http:false": { objs: []interface{}{ @@ -582,20 +581,20 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("www.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "http listener on non default port": { // issue 72 @@ -650,25 +649,25 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("127.0.0.100", 9100), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("127.0.0.100", 9100), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("127.0.0.200", 9200), - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + Address: envoy_v3.SocketAddress("127.0.0.200", 9200), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("whatever.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "use proxy proto": { @@ -720,29 +719,29 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.ProxyProtocol(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.ProxyProtocol(), ), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.ProxyProtocol(), - envoy_v2.TLSInspector(), + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.ProxyProtocol(), + envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("whatever.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "--envoy-http-access-log": { @@ -795,36 +794,36 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress(DEFAULT_HTTP_LISTENER_ADDRESS, DEFAULT_HTTP_LISTENER_PORT), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy("/tmp/http_access.log"), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress(DEFAULT_HTTP_LISTENER_ADDRESS, DEFAULT_HTTP_LISTENER_PORT), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy("/tmp/http_access.log"), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress(DEFAULT_HTTPS_LISTENER_ADDRESS, DEFAULT_HTTPS_LISTENER_PORT), - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + Address: envoy_v3.SocketAddress(DEFAULT_HTTPS_LISTENER_ADDRESS, DEFAULT_HTTPS_LISTENER_PORT), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(envoy_v2.HTTPConnectionManagerBuilder(). - AddFilter(envoy_v2.FilterMisdirectedRequests("whatever.example.com")). + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + AddFilter(envoy_v3.FilterMisdirectedRequests("whatever.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "whatever.example.com")). - AccessLoggers(envoy_v2.FileAccessLogEnvoy("/tmp/https_access.log")). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/tmp/https_access.log")). Get()), }}, - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "tls-min-protocol-version from config": { ListenerConfig: ListenerConfig{ - MinimumTLSVersion: envoy_api_v2_auth.TlsParameters_TLSv1_3, + MinimumTLSVersion: envoy_tls_v3.TlsParameters_TLSv1_3, }, objs: []interface{}{ &v1beta1.Ingress{ @@ -871,30 +870,30 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_3, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("whatever.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_3, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "tls-min-protocol-version from config overridden by annotation": { ListenerConfig: ListenerConfig{ - MinimumTLSVersion: envoy_api_v2_auth.TlsParameters_TLSv1_3, + MinimumTLSVersion: envoy_tls_v3.TlsParameters_TLSv1_3, }, objs: []interface{}{ &v1beta1.Ingress{ @@ -944,30 +943,30 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_3, "h2", "http/1.1"), // note, cannot downgrade from the configured version - Filters: envoy_v2.Filters(httpsFilterFor("whatever.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_3, "h2", "http/1.1"), // note, cannot downgrade from the configured version + Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "tls-min-protocol-version from config overridden by legacy annotation": { ListenerConfig: ListenerConfig{ - MinimumTLSVersion: envoy_api_v2_auth.TlsParameters_TLSv1_3, + MinimumTLSVersion: envoy_tls_v3.TlsParameters_TLSv1_3, }, objs: []interface{}{ &v1beta1.Ingress{ @@ -1017,30 +1016,30 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_3, "h2", "http/1.1"), // note, cannot downgrade from the configured version - Filters: envoy_v2.Filters(httpsFilterFor("whatever.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_3, "h2", "http/1.1"), // note, cannot downgrade from the configured version + Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "tls-min-protocol-version from config overridden by httpproxy": { ListenerConfig: ListenerConfig{ - MinimumTLSVersion: envoy_api_v2_auth.TlsParameters_TLSv1_3, + MinimumTLSVersion: envoy_tls_v3.TlsParameters_TLSv1_3, }, objs: []interface{}{ &contour_api_v1.HTTPProxy{ @@ -1086,25 +1085,25 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_3, "h2", "http/1.1"), // note, cannot downgrade from the configured version - Filters: envoy_v2.Filters(httpsFilterFor("www.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_3, "h2", "http/1.1"), // note, cannot downgrade from the configured version + Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "httpproxy with fallback certificate": { @@ -1168,32 +1167,32 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("www.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }, { - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(fallbackCertFilter), + TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(fallbackCertFilter), Name: "fallback-certificate", }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "multiple httpproxies with fallback certificate": { @@ -1282,41 +1281,41 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{ { - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.another.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("www.another.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("www.another.com")), }, { - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("www.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }, { - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(fallbackCertFilter), + TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(fallbackCertFilter), Name: "fallback-certificate", }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "httpproxy with fallback certificate - no cert passed": { @@ -1427,25 +1426,25 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG), 0)), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(httpsFilterFor("www.example.com")), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "httpproxy with connection idle timeout set in visitor config": { @@ -1487,19 +1486,19 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains( - envoy_v2.HTTPConnectionManagerBuilder(). + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains( + envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). DefaultFilters(). ConnectionIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "httpproxy with stream idle timeout set in visitor config": { @@ -1541,19 +1540,19 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains( - envoy_v2.HTTPConnectionManagerBuilder(). + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains( + envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). DefaultFilters(). StreamIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "httpproxy with max connection duration set in visitor config": { @@ -1595,19 +1594,19 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains( - envoy_v2.HTTPConnectionManagerBuilder(). + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains( + envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). DefaultFilters(). MaxConnectionDuration(timeout.DurationSetting(90 * time.Second)). Get(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "httpproxy with connection shutdown grace period set in visitor config": { @@ -1649,19 +1648,19 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains( - envoy_v2.HTTPConnectionManagerBuilder(). + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains( + envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). DefaultFilters(). ConnectionShutdownGracePeriod(timeout.DurationSetting(90 * time.Second)). Get(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "httpsproxy with secret with connection idle timeout set in visitor config": { @@ -1711,39 +1710,39 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManagerBuilder(). + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). DefaultFilters(). ConnectionIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(envoy_v2.HTTPConnectionManagerBuilder(). - AddFilter(envoy_v2.FilterMisdirectedRequests("www.example.com")). + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). ConnectionIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get()), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "httpsproxy with secret with stream idle timeout set in visitor config": { @@ -1793,39 +1792,39 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManagerBuilder(). + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). DefaultFilters(). StreamIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(envoy_v2.HTTPConnectionManagerBuilder(). - AddFilter(envoy_v2.FilterMisdirectedRequests("www.example.com")). + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). StreamIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get()), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "httpsproxy with secret with max connection duration set in visitor config": { @@ -1875,39 +1874,39 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManagerBuilder(). + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). DefaultFilters(). MaxConnectionDuration(timeout.DurationSetting(90 * time.Second)). Get(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(envoy_v2.HTTPConnectionManagerBuilder(). - AddFilter(envoy_v2.FilterMisdirectedRequests("www.example.com")). + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). MaxConnectionDuration(timeout.DurationSetting(90 * time.Second)). Get()), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, "httpsproxy with secret with connection shutdown grace period set in visitor config": { @@ -1957,39 +1956,39 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: listenermap(&envoy_api_v2.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v2.FilterChains(envoy_v2.HTTPConnectionManagerBuilder(). + Address: envoy_v3.SocketAddress("0.0.0.0", 8080), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). DefaultFilters(). ConnectionShutdownGracePeriod(timeout.DurationSetting(90 * time.Second)). Get(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), - }, &envoy_api_v2.Listener{ + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2, "h2", "http/1.1"), - Filters: envoy_v2.Filters(envoy_v2.HTTPConnectionManagerBuilder(). - AddFilter(envoy_v2.FilterMisdirectedRequests("www.example.com")). + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG)). ConnectionShutdownGracePeriod(timeout.DurationSetting(90 * time.Second)). Get()), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }), }, } @@ -2003,7 +2002,7 @@ func TestListenerVisit(t *testing.T) { } } -func transportSocket(secretname string, tlsMinProtoVersion envoy_api_v2_auth.TlsParameters_TlsProtocol, alpnprotos ...string) *envoy_api_v2_core.TransportSocket { +func transportSocket(secretname string, tlsMinProtoVersion envoy_tls_v3.TlsParameters_TlsProtocol, alpnprotos ...string) *envoy_core_v3.TransportSocket { secret := &dag.Secret{ Object: &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ @@ -2014,13 +2013,13 @@ func transportSocket(secretname string, tlsMinProtoVersion envoy_api_v2_auth.Tls Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, } - return envoy_v2.DownstreamTLSTransportSocket( - envoy_v2.DownstreamTLSContext(secret, tlsMinProtoVersion, nil, alpnprotos...), + return envoy_v3.DownstreamTLSTransportSocket( + envoy_v3.DownstreamTLSContext(secret, tlsMinProtoVersion, nil, alpnprotos...), ) } -func listenermap(listeners ...*envoy_api_v2.Listener) map[string]*envoy_api_v2.Listener { - m := make(map[string]*envoy_api_v2.Listener) +func listenermap(listeners ...*envoy_config_listener_v3.Listener) map[string]*envoy_config_listener_v3.Listener { + m := make(map[string]*envoy_config_listener_v3.Listener) for _, l := range listeners { m[l.Name] = l } diff --git a/internal/xdscache/v3/route.go b/internal/xdscache/v3/route.go index d92d945ca75..287700e481e 100644 --- a/internal/xdscache/v3/route.go +++ b/internal/xdscache/v3/route.go @@ -11,21 +11,20 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "path" "sort" "sync" - envoy_api_v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" - resource "github.com/envoyproxy/go-control-plane/pkg/resource/v2" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/golang/protobuf/proto" "github.com/golang/protobuf/ptypes/any" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" - envoy_v2 "github.com/projectcontour/contour/internal/envoy/v2" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" ) @@ -33,12 +32,12 @@ import ( // RouteCache manages the contents of the gRPC RDS cache. type RouteCache struct { mu sync.Mutex - values map[string]*envoy_api_v2.RouteConfiguration + values map[string]*envoy_config_route_v3.RouteConfiguration contour.Cond } // Update replaces the contents of the cache with the supplied map. -func (c *RouteCache) Update(v map[string]*envoy_api_v2.RouteConfiguration) { +func (c *RouteCache) Update(v map[string]*envoy_config_route_v3.RouteConfiguration) { c.mu.Lock() defer c.mu.Unlock() @@ -51,7 +50,7 @@ func (c *RouteCache) Contents() []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_api_v2.RouteConfiguration + var values []*envoy_config_route_v3.RouteConfiguration for _, v := range c.values { values = append(values, v) } @@ -65,7 +64,7 @@ func (c *RouteCache) Query(names []string) []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_api_v2.RouteConfiguration + var values []*envoy_config_route_v3.RouteConfiguration for _, n := range names { v, ok := c.values[n] if !ok { @@ -74,7 +73,7 @@ func (c *RouteCache) Query(names []string) []proto.Message { // not the same as returning nil, we're choosing to // say "the configuration you asked for _does exists_, // but it contains no useful information. - v = &envoy_api_v2.RouteConfiguration{ + v = &envoy_config_route_v3.RouteConfiguration{ Name: n, } } @@ -95,18 +94,18 @@ func (c *RouteCache) OnChange(root *dag.DAG) { } type routeVisitor struct { - routes map[string]*envoy_api_v2.RouteConfiguration + routes map[string]*envoy_config_route_v3.RouteConfiguration } -func visitRoutes(root dag.Vertex) map[string]*envoy_api_v2.RouteConfiguration { +func visitRoutes(root dag.Vertex) map[string]*envoy_config_route_v3.RouteConfiguration { // Collect the route configurations for all the routes we can // find. For HTTP hosts, the routes will all be collected on the // well-known ENVOY_HTTP_LISTENER, but for HTTPS hosts, we will // generate a per-vhost collection. This lets us keep different // SNI names disjoint when we later configure the listener. rv := routeVisitor{ - routes: map[string]*envoy_api_v2.RouteConfiguration{ - ENVOY_HTTP_LISTENER: envoy_v2.RouteConfiguration(ENVOY_HTTP_LISTENER), + routes: map[string]*envoy_config_route_v3.RouteConfiguration{ + ENVOY_HTTP_LISTENER: envoy_v3.RouteConfiguration(ENVOY_HTTP_LISTENER), }, } @@ -120,7 +119,7 @@ func visitRoutes(root dag.Vertex) map[string]*envoy_api_v2.RouteConfiguration { } func (v *routeVisitor) onVirtualHost(vh *dag.VirtualHost) { - var routes []*envoy_api_v2_route.Route + var routes []*envoy_config_route_v3.Route vh.Visit(func(v dag.Vertex) { route, ok := v.(*dag.Route) @@ -132,21 +131,21 @@ func (v *routeVisitor) onVirtualHost(vh *dag.VirtualHost) { // TODO(dfc) if we ensure the builder never returns a dag.Route connected // to a SecureVirtualHost that requires upgrade, this logic can move to // envoy.RouteRoute. - routes = append(routes, &envoy_api_v2_route.Route{ - Match: envoy_v2.RouteMatch(route), - Action: envoy_v2.UpgradeHTTPS(), + routes = append(routes, &envoy_config_route_v3.Route{ + Match: envoy_v3.RouteMatch(route), + Action: envoy_v3.UpgradeHTTPS(), }) } else { - rt := &envoy_api_v2_route.Route{ - Match: envoy_v2.RouteMatch(route), - Action: envoy_v2.RouteRoute(route), + rt := &envoy_config_route_v3.Route{ + Match: envoy_v3.RouteMatch(route), + Action: envoy_v3.RouteRoute(route), } if route.RequestHeadersPolicy != nil { - rt.RequestHeadersToAdd = envoy_v2.HeaderValueList(route.RequestHeadersPolicy.Set, false) + rt.RequestHeadersToAdd = envoy_v3.HeaderValueList(route.RequestHeadersPolicy.Set, false) rt.RequestHeadersToRemove = route.RequestHeadersPolicy.Remove } if route.ResponseHeadersPolicy != nil { - rt.ResponseHeadersToAdd = envoy_v2.HeaderValueList(route.ResponseHeadersPolicy.Set, false) + rt.ResponseHeadersToAdd = envoy_v3.HeaderValueList(route.ResponseHeadersPolicy.Set, false) rt.ResponseHeadersToRemove = route.ResponseHeadersPolicy.Remove } routes = append(routes, rt) @@ -156,11 +155,11 @@ func (v *routeVisitor) onVirtualHost(vh *dag.VirtualHost) { if len(routes) > 0 { sortRoutes(routes) - var evh *envoy_api_v2_route.VirtualHost - if cp := envoy_v2.CORSPolicy(vh.CORSPolicy); cp != nil { - evh = envoy_v2.CORSVirtualHost(vh.Name, cp, routes...) + var evh *envoy_config_route_v3.VirtualHost + if cp := envoy_v3.CORSPolicy(vh.CORSPolicy); cp != nil { + evh = envoy_v3.CORSVirtualHost(vh.Name, cp, routes...) } else { - evh = envoy_v2.VirtualHost(vh.Name, routes...) + evh = envoy_v3.VirtualHost(vh.Name, routes...) } v.routes[ENVOY_HTTP_LISTENER].VirtualHosts = append(v.routes[ENVOY_HTTP_LISTENER].VirtualHosts, evh) @@ -168,7 +167,7 @@ func (v *routeVisitor) onVirtualHost(vh *dag.VirtualHost) { } func (v *routeVisitor) onSecureVirtualHost(svh *dag.SecureVirtualHost) { - var routes []*envoy_api_v2_route.Route + var routes []*envoy_config_route_v3.Route svh.Visit(func(v dag.Vertex) { route, ok := v.(*dag.Route) @@ -176,16 +175,16 @@ func (v *routeVisitor) onSecureVirtualHost(svh *dag.SecureVirtualHost) { return } - rt := &envoy_api_v2_route.Route{ - Match: envoy_v2.RouteMatch(route), - Action: envoy_v2.RouteRoute(route), + rt := &envoy_config_route_v3.Route{ + Match: envoy_v3.RouteMatch(route), + Action: envoy_v3.RouteRoute(route), } if route.RequestHeadersPolicy != nil { - rt.RequestHeadersToAdd = envoy_v2.HeaderValueList(route.RequestHeadersPolicy.Set, false) + rt.RequestHeadersToAdd = envoy_v3.HeaderValueList(route.RequestHeadersPolicy.Set, false) rt.RequestHeadersToRemove = route.RequestHeadersPolicy.Remove } if route.ResponseHeadersPolicy != nil { - rt.ResponseHeadersToAdd = envoy_v2.HeaderValueList(route.ResponseHeadersPolicy.Set, false) + rt.ResponseHeadersToAdd = envoy_v3.HeaderValueList(route.ResponseHeadersPolicy.Set, false) rt.ResponseHeadersToRemove = route.ResponseHeadersPolicy.Remove } @@ -194,12 +193,12 @@ func (v *routeVisitor) onSecureVirtualHost(svh *dag.SecureVirtualHost) { // Apply per-route authorization policy modifications. if route.AuthDisabled { rt.TypedPerFilterConfig = map[string]*any.Any{ - "envoy.filters.http.ext_authz": envoy_v2.RouteAuthzDisabled(), + "envoy.filters.http.ext_authz": envoy_v3.RouteAuthzDisabled(), } } else { if len(route.AuthContext) > 0 { rt.TypedPerFilterConfig = map[string]*any.Any{ - "envoy.filters.http.ext_authz": envoy_v2.RouteAuthzContext(route.AuthContext), + "envoy.filters.http.ext_authz": envoy_v3.RouteAuthzContext(route.AuthContext), } } } @@ -214,14 +213,14 @@ func (v *routeVisitor) onSecureVirtualHost(svh *dag.SecureVirtualHost) { name := path.Join("https", svh.VirtualHost.Name) if _, ok := v.routes[name]; !ok { - v.routes[name] = envoy_v2.RouteConfiguration(name) + v.routes[name] = envoy_v3.RouteConfiguration(name) } - var evh *envoy_api_v2_route.VirtualHost - if cp := envoy_v2.CORSPolicy(svh.CORSPolicy); cp != nil { - evh = envoy_v2.CORSVirtualHost(svh.VirtualHost.Name, cp, routes...) + var evh *envoy_config_route_v3.VirtualHost + if cp := envoy_v3.CORSPolicy(svh.CORSPolicy); cp != nil { + evh = envoy_v3.CORSVirtualHost(svh.VirtualHost.Name, cp, routes...) } else { - evh = envoy_v2.VirtualHost(svh.VirtualHost.Name, routes...) + evh = envoy_v3.VirtualHost(svh.VirtualHost.Name, routes...) } v.routes[name].VirtualHosts = append(v.routes[name].VirtualHosts, evh) @@ -232,14 +231,14 @@ func (v *routeVisitor) onSecureVirtualHost(svh *dag.SecureVirtualHost) { if svh.FallbackCertificate != nil { // Add fallback route if not already if _, ok := v.routes[ENVOY_FALLBACK_ROUTECONFIG]; !ok { - v.routes[ENVOY_FALLBACK_ROUTECONFIG] = envoy_v2.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG) + v.routes[ENVOY_FALLBACK_ROUTECONFIG] = envoy_v3.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG) } - var fvh *envoy_api_v2_route.VirtualHost - if cp := envoy_v2.CORSPolicy(svh.CORSPolicy); cp != nil { - fvh = envoy_v2.CORSVirtualHost(svh.Name, cp, routes...) + var fvh *envoy_config_route_v3.VirtualHost + if cp := envoy_v3.CORSPolicy(svh.CORSPolicy); cp != nil { + fvh = envoy_v3.CORSVirtualHost(svh.Name, cp, routes...) } else { - fvh = envoy_v2.VirtualHost(svh.Name, routes...) + fvh = envoy_v3.VirtualHost(svh.Name, routes...) } v.routes[ENVOY_FALLBACK_ROUTECONFIG].VirtualHosts = append(v.routes[ENVOY_FALLBACK_ROUTECONFIG].VirtualHosts, fvh) @@ -271,7 +270,7 @@ func (v *routeVisitor) visit(vertex dag.Vertex) { // first by longest prefix (or regex), then by the length of the // HeaderMatch slice (if any). The HeaderMatch slice is also ordered // by the matching header name. -func sortRoutes(routes []*envoy_api_v2_route.Route) { +func sortRoutes(routes []*envoy_config_route_v3.Route) { for _, r := range routes { sort.Stable(sorter.For(r.Match.Headers)) } diff --git a/internal/xdscache/v3/route_test.go b/internal/xdscache/v3/route_test.go index 3eba8071e14..9a160ea73f6 100644 --- a/internal/xdscache/v3/route_test.go +++ b/internal/xdscache/v3/route_test.go @@ -11,21 +11,20 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "testing" "time" - envoy_api_v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - envoy_api_v2_route "github.com/envoyproxy/go-control-plane/envoy/api/v2/route" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" "github.com/golang/protobuf/proto" "github.com/golang/protobuf/ptypes/wrappers" contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" - envoy_v2 "github.com/projectcontour/contour/internal/envoy/v2" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" v1 "k8s.io/api/core/v1" "k8s.io/api/networking/v1beta1" @@ -36,7 +35,7 @@ import ( func TestRouteCacheContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_api_v2.RouteConfiguration + contents map[string]*envoy_config_route_v3.RouteConfiguration want []proto.Message }{ "empty": { @@ -44,7 +43,7 @@ func TestRouteCacheContents(t *testing.T) { want: nil, }, "simple": { - contents: map[string]*envoy_api_v2.RouteConfiguration{ + contents: map[string]*envoy_config_route_v3.RouteConfiguration{ "ingress_http": { Name: "ingress_http", }, @@ -53,10 +52,10 @@ func TestRouteCacheContents(t *testing.T) { }, }, want: []proto.Message{ - &envoy_api_v2.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "ingress_http", }, - &envoy_api_v2.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "ingress_https", }, }, @@ -75,48 +74,48 @@ func TestRouteCacheContents(t *testing.T) { func TestRouteCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_api_v2.RouteConfiguration + contents map[string]*envoy_config_route_v3.RouteConfiguration query []string want []proto.Message }{ "exact match": { - contents: map[string]*envoy_api_v2.RouteConfiguration{ + contents: map[string]*envoy_config_route_v3.RouteConfiguration{ "ingress_http": { Name: "ingress_http", }, }, query: []string{"ingress_http"}, want: []proto.Message{ - &envoy_api_v2.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "ingress_http", }, }, }, "partial match": { - contents: map[string]*envoy_api_v2.RouteConfiguration{ + contents: map[string]*envoy_config_route_v3.RouteConfiguration{ "ingress_http": { Name: "ingress_http", }, }, query: []string{"stats-handler", "ingress_http"}, want: []proto.Message{ - &envoy_api_v2.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "ingress_http", }, - &envoy_api_v2.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "stats-handler", }, }, }, "no match": { - contents: map[string]*envoy_api_v2.RouteConfiguration{ + contents: map[string]*envoy_config_route_v3.RouteConfiguration{ "ingress_http": { Name: "ingress_http", }, }, query: []string{"stats-handler"}, want: []proto.Message{ - &envoy_api_v2.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "stats-handler", }, }, @@ -137,12 +136,12 @@ func TestRouteVisit(t *testing.T) { tests := map[string]struct { objs []interface{} fallbackCertificate *types.NamespacedName - want map[string]*envoy_api_v2.RouteConfiguration + want map[string]*envoy_config_route_v3.RouteConfiguration }{ "nothing": { objs: nil, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http"), + envoy_v3.RouteConfiguration("ingress_http"), ), }, "one http only ingress with service": { @@ -171,9 +170,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -219,9 +218,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routeRegex("/[^/]+/invoices(/.*|/?)"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -263,9 +262,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/80/da39a3ee5e"), }, @@ -311,9 +310,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -372,17 +371,17 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, ), ), - envoy_v2.RouteConfiguration("https/www.example.com", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("https/www.example.com", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -439,13 +438,13 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -453,9 +452,9 @@ func TestRouteVisit(t *testing.T) { }, ), ), - envoy_v2.RouteConfiguration("https/www.example.com", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("https/www.example.com", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/8080/da39a3ee5e"), }, @@ -517,10 +516,10 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http"), - envoy_v2.RouteConfiguration("https/www.example.com", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http"), + envoy_v3.RouteConfiguration("https/www.example.com", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -582,13 +581,13 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -596,9 +595,9 @@ func TestRouteVisit(t *testing.T) { }, ), ), - envoy_v2.RouteConfiguration("https/www.example.com", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("https/www.example.com", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -655,13 +654,13 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/ws1"), Action: websocketroute("default/kuard/8080/da39a3ee5e"), }, - &envoy_api_v2_route.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -698,9 +697,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -737,9 +736,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routetimeout("default/kuard/8080/da39a3ee5e", 0), }, @@ -776,9 +775,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routetimeout("default/kuard/8080/da39a3ee5e", 90*time.Second), }, @@ -826,9 +825,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("my-very-very-long-service-host-name.subdomain.boring-dept.my.company", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("my-very-very-long-service-host-name.subdomain.boring-dept.my.company", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, @@ -865,9 +864,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeretry("default/kuard/8080/da39a3ee5e", "5xx,gateway-error", 0, 0), }, @@ -905,9 +904,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeretry("default/kuard/8080/da39a3ee5e", "5xx,gateway-error", 7, 0), }, @@ -946,9 +945,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeretry("default/kuard/8080/da39a3ee5e", "5xx,gateway-error", 7, 0), }, @@ -986,9 +985,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeretry("default/kuard/8080/da39a3ee5e", "5xx,gateway-error", 0, 150*time.Millisecond), }, @@ -1026,9 +1025,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("*", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("*", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeretry("default/kuard/8080/da39a3ee5e", "5xx,gateway-error", 0, 150*time.Millisecond), }, @@ -1090,14 +1089,14 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -1166,14 +1165,14 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 0), weightedCluster("default/backendtwo/80/da39a3ee5e", 50), @@ -1243,14 +1242,14 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 22), weightedCluster("default/backendtwo/80/da39a3ee5e", 50), @@ -1297,7 +1296,7 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http"), // should be blank, no fqdn defined. + envoy_v3.RouteConfiguration("ingress_http"), // should be blank, no fqdn defined. ), }, "httpproxy with pathPrefix": { @@ -1353,14 +1352,14 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -1429,9 +1428,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withMirrorPolicy(routecluster("default/backend/80/da39a3ee5e"), "default/backendtwo/80/da39a3ee5e"), }, @@ -1503,13 +1502,13 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -1517,14 +1516,14 @@ func TestRouteVisit(t *testing.T) { }, ), ), - envoy_v2.RouteConfiguration("https/www.example.com", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("https/www.example.com", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -1628,18 +1627,18 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/blog/info"), Action: routecluster("teama/backend/80/da39a3ee5e"), }, - &envoy_api_v2_route.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -1692,9 +1691,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.CORSVirtualHost("www.example.com", - &envoy_api_v2_route.CorsPolicy{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.CORSVirtualHost("www.example.com", + &envoy_config_route_v3.CorsPolicy{ AllowCredentials: &wrappers.BoolValue{Value: false}, AllowOriginStringMatch: []*matcher.StringMatcher{{ MatchPattern: &matcher.StringMatcher_Exact{ @@ -1704,7 +1703,7 @@ func TestRouteVisit(t *testing.T) { }}, AllowMethods: "GET, PUT, POST", }, - &envoy_api_v2_route.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/80/da39a3ee5e"), }, @@ -1761,9 +1760,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.CORSVirtualHost("www.example.com", - &envoy_api_v2_route.CorsPolicy{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.CORSVirtualHost("www.example.com", + &envoy_config_route_v3.CorsPolicy{ AllowCredentials: &wrappers.BoolValue{Value: false}, AllowOriginStringMatch: []*matcher.StringMatcher{{ MatchPattern: &matcher.StringMatcher_Exact{ @@ -1773,11 +1772,11 @@ func TestRouteVisit(t *testing.T) { }}, AllowMethods: "GET, PUT, POST", }, - &envoy_api_v2_route.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -1785,9 +1784,9 @@ func TestRouteVisit(t *testing.T) { }, ), ), - envoy_v2.RouteConfiguration("https/www.example.com", - envoy_v2.CORSVirtualHost("www.example.com", - &envoy_api_v2_route.CorsPolicy{ + envoy_v3.RouteConfiguration("https/www.example.com", + envoy_v3.CORSVirtualHost("www.example.com", + &envoy_config_route_v3.CorsPolicy{ AllowCredentials: &wrappers.BoolValue{Value: false}, AllowOriginStringMatch: []*matcher.StringMatcher{{ MatchPattern: &matcher.StringMatcher_Exact{ @@ -1797,7 +1796,7 @@ func TestRouteVisit(t *testing.T) { }}, AllowMethods: "GET, PUT, POST", }, - &envoy_api_v2_route.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/80/da39a3ee5e"), }, @@ -1846,9 +1845,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -1904,9 +1903,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -1963,9 +1962,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -2022,9 +2021,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -2081,9 +2080,9 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/", dag.HeaderMatchCondition{ Name: "x-header", MatchType: "present", @@ -2148,19 +2147,19 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/backend/80/da39a3ee5e", }, }, }, - RequestHeadersToAdd: []*envoy_api_v2_core.HeaderValueOption{{ - Header: &envoy_api_v2_core.HeaderValue{ + RequestHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "In-Foo", Value: "bar", }, @@ -2169,8 +2168,8 @@ func TestRouteVisit(t *testing.T) { }, }}, RequestHeadersToRemove: []string{"In-Baz"}, - ResponseHeadersToAdd: []*envoy_api_v2_core.HeaderValueOption{{ - Header: &envoy_api_v2_core.HeaderValue{ + ResponseHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "Out-Foo", Value: "bar", }, @@ -2261,13 +2260,13 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -2275,14 +2274,14 @@ func TestRouteVisit(t *testing.T) { }, ), ), - envoy_v2.RouteConfiguration("https/www.example.com", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("https/www.example.com", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2294,14 +2293,14 @@ func TestRouteVisit(t *testing.T) { }, }, )), - envoy_v2.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG, - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG, + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2419,25 +2418,25 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("projectcontour.io", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("projectcontour.io", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, }, }, ), - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -2445,14 +2444,14 @@ func TestRouteVisit(t *testing.T) { }, ), ), - envoy_v2.RouteConfiguration("https/projectcontour.io", - envoy_v2.VirtualHost("projectcontour.io", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("https/projectcontour.io", + envoy_v3.VirtualHost("projectcontour.io", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2464,14 +2463,14 @@ func TestRouteVisit(t *testing.T) { }, }, )), - envoy_v2.RouteConfiguration("https/www.example.com", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("https/www.example.com", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2483,14 +2482,14 @@ func TestRouteVisit(t *testing.T) { }, }, )), - envoy_v2.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG, - envoy_v2.VirtualHost("projectcontour.io", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG, + envoy_v3.VirtualHost("projectcontour.io", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2608,25 +2607,25 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("projectcontour.io", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("projectcontour.io", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, }, }, ), - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -2634,14 +2633,14 @@ func TestRouteVisit(t *testing.T) { }, ), ), - envoy_v2.RouteConfiguration("https/projectcontour.io", - envoy_v2.VirtualHost("projectcontour.io", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("https/projectcontour.io", + envoy_v3.VirtualHost("projectcontour.io", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2653,14 +2652,14 @@ func TestRouteVisit(t *testing.T) { }, }, )), - envoy_v2.RouteConfiguration("https/www.example.com", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("https/www.example.com", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2672,14 +2671,14 @@ func TestRouteVisit(t *testing.T) { }, }, )), - envoy_v2.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG, - envoy_v2.VirtualHost("projectcontour.io", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG, + envoy_v3.VirtualHost("projectcontour.io", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2690,13 +2689,13 @@ func TestRouteVisit(t *testing.T) { }, }, }, - ), envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + ), envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2786,7 +2785,7 @@ func TestRouteVisit(t *testing.T) { }, }, }, - want: routeConfigurations(envoy_v2.RouteConfiguration("ingress_http")), + want: routeConfigurations(envoy_v3.RouteConfiguration("ingress_http")), }, "httpproxy with fallback certificate - no fqdn enabled": { fallbackCertificate: &types.NamespacedName{ @@ -2865,13 +2864,13 @@ func TestRouteVisit(t *testing.T) { }, }, want: routeConfigurations( - envoy_v2.RouteConfiguration("ingress_http", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("ingress_http", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Redirect{ - Redirect: &envoy_api_v2_route.RedirectAction{ - SchemeRewriteSpecifier: &envoy_api_v2_route.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -2879,14 +2878,14 @@ func TestRouteVisit(t *testing.T) { }, ), ), - envoy_v2.RouteConfiguration("https/www.example.com", - envoy_v2.VirtualHost("www.example.com", - &envoy_api_v2_route.Route{ + envoy_v3.RouteConfiguration("https/www.example.com", + envoy_v3.VirtualHost("www.example.com", + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_api_v2_route.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2913,42 +2912,42 @@ func TestRouteVisit(t *testing.T) { func TestSortLongestRouteFirst(t *testing.T) { tests := map[string]struct { - routes []*envoy_api_v2_route.Route - want []*envoy_api_v2_route.Route + routes []*envoy_config_route_v3.Route + want []*envoy_config_route_v3.Route }{ "two prefixes": { - routes: []*envoy_api_v2_route.Route{{ + routes: []*envoy_config_route_v3.Route{{ Match: routePrefix("/"), }, { Match: routePrefix("/longer"), }}, - want: []*envoy_api_v2_route.Route{{ + want: []*envoy_config_route_v3.Route{{ Match: routePrefix("/longer"), }, { Match: routePrefix("/"), }}, }, "two regexes": { - routes: []*envoy_api_v2_route.Route{{ + routes: []*envoy_config_route_v3.Route{{ Match: routeRegex("/v2"), }, { Match: routeRegex("/v1/.+"), }}, - want: []*envoy_api_v2_route.Route{{ + want: []*envoy_config_route_v3.Route{{ Match: routeRegex("/v2"), }, { Match: routeRegex("/v1/.+"), }}, }, "regex sorts before prefix": { - routes: []*envoy_api_v2_route.Route{{ + routes: []*envoy_config_route_v3.Route{{ Match: routeRegex("/api/v?"), }, { Match: routePrefix("/"), }, { Match: routeRegex(".*"), }}, - want: []*envoy_api_v2_route.Route{{ + want: []*envoy_config_route_v3.Route{{ Match: routeRegex("/api/v?"), }, { Match: routeRegex(".*"), @@ -2957,7 +2956,7 @@ func TestSortLongestRouteFirst(t *testing.T) { }}, }, "more headers sort before less": { - routes: []*envoy_api_v2_route.Route{{ + routes: []*envoy_config_route_v3.Route{{ Match: routePrefix("/"), }, { Match: routePrefix("/", dag.HeaderMatchCondition{ @@ -2965,7 +2964,7 @@ func TestSortLongestRouteFirst(t *testing.T) { MatchType: "present", }), }}, - want: []*envoy_api_v2_route.Route{{ + want: []*envoy_config_route_v3.Route{{ Match: routePrefix("/", dag.HeaderMatchCondition{ Name: "x-request-id", MatchType: "present", @@ -2983,7 +2982,7 @@ func TestSortLongestRouteFirst(t *testing.T) { // allows us to avoid comparing the header matches // unless necessary. "longest path before longest headers": { - routes: []*envoy_api_v2_route.Route{{ + routes: []*envoy_config_route_v3.Route{{ Match: routePrefix("/", dag.HeaderMatchCondition{ Name: "x-request-id", MatchType: "present", @@ -2991,7 +2990,7 @@ func TestSortLongestRouteFirst(t *testing.T) { }, { Match: routePrefix("/longest/path/match"), }}, - want: []*envoy_api_v2_route.Route{{ + want: []*envoy_config_route_v3.Route{{ Match: routePrefix("/longest/path/match"), }, { Match: routePrefix("/", dag.HeaderMatchCondition{ @@ -3004,7 +3003,7 @@ func TestSortLongestRouteFirst(t *testing.T) { // The path and the length of header condition list are equal, // so we should order lexicographically by header name. "headers sort stably by name": { - routes: []*envoy_api_v2_route.Route{{ + routes: []*envoy_config_route_v3.Route{{ Match: routePrefix("/", dag.HeaderMatchCondition{Name: "zzz-2", MatchType: "present"}, dag.HeaderMatchCondition{Name: "zzz-1", MatchType: "present"}, @@ -3015,7 +3014,7 @@ func TestSortLongestRouteFirst(t *testing.T) { dag.HeaderMatchCondition{Name: "aaa-1", MatchType: "present"}, ), }}, - want: []*envoy_api_v2_route.Route{{ + want: []*envoy_config_route_v3.Route{{ Match: routePrefix("/", dag.HeaderMatchCondition{Name: "aaa-1", MatchType: "present"}, dag.HeaderMatchCondition{Name: "aaa-2", MatchType: "present"}, @@ -3031,7 +3030,7 @@ func TestSortLongestRouteFirst(t *testing.T) { // If we have multiple conditions on the same header, ensure // that we order on the match type too. "headers order by match type": { - routes: []*envoy_api_v2_route.Route{{ + routes: []*envoy_config_route_v3.Route{{ Match: routePrefix("/"), }, { Match: routePrefix("/", @@ -3040,7 +3039,7 @@ func TestSortLongestRouteFirst(t *testing.T) { dag.HeaderMatchCondition{Name: "x-request-1", MatchType: "exact", Value: "foo"}, ), }}, - want: []*envoy_api_v2_route.Route{{ + want: []*envoy_config_route_v3.Route{{ Match: routePrefix("/", dag.HeaderMatchCondition{Name: "x-request-1", MatchType: "exact", Value: "foo"}, dag.HeaderMatchCondition{Name: "x-request-1", MatchType: "present"}, @@ -3055,14 +3054,14 @@ func TestSortLongestRouteFirst(t *testing.T) { // we don't need to compare the header conditions to // order multiple routes with the same prefix. "headers order in single route": { - routes: []*envoy_api_v2_route.Route{{ + routes: []*envoy_config_route_v3.Route{{ Match: routePrefix("/", dag.HeaderMatchCondition{Name: "x-request-1", MatchType: "present"}, dag.HeaderMatchCondition{Name: "x-request-2", MatchType: "present", Invert: true}, dag.HeaderMatchCondition{Name: "x-request-1", MatchType: "exact", Value: "foo"}, ), }}, - want: []*envoy_api_v2_route.Route{{ + want: []*envoy_config_route_v3.Route{{ Match: routePrefix("/", dag.HeaderMatchCondition{Name: "x-request-1", MatchType: "exact", Value: "foo"}, dag.HeaderMatchCondition{Name: "x-request-1", MatchType: "present"}, @@ -3074,17 +3073,17 @@ func TestSortLongestRouteFirst(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := append([]*envoy_api_v2_route.Route{}, tc.routes...) // shallow copy + got := append([]*envoy_config_route_v3.Route{}, tc.routes...) // shallow copy sortRoutes(got) protobuf.ExpectEqual(t, tc.want, got) }) } } -func routecluster(cluster string) *envoy_api_v2_route.Route_Route { - return &envoy_api_v2_route.Route_Route{ - Route: &envoy_api_v2_route.RouteAction{ - ClusterSpecifier: &envoy_api_v2_route.RouteAction_Cluster{ +func routecluster(cluster string) *envoy_config_route_v3.Route_Route { + return &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: cluster, }, }, @@ -3092,25 +3091,25 @@ func routecluster(cluster string) *envoy_api_v2_route.Route_Route { } -func websocketroute(c string) *envoy_api_v2_route.Route_Route { +func websocketroute(c string) *envoy_config_route_v3.Route_Route { r := routecluster(c) r.Route.UpgradeConfigs = append(r.Route.UpgradeConfigs, - &envoy_api_v2_route.RouteAction_UpgradeConfig{ + &envoy_config_route_v3.RouteAction_UpgradeConfig{ UpgradeType: "websocket", }, ) return r } -func routetimeout(cluster string, timeout time.Duration) *envoy_api_v2_route.Route_Route { +func routetimeout(cluster string, timeout time.Duration) *envoy_config_route_v3.Route_Route { r := routecluster(cluster) r.Route.Timeout = protobuf.Duration(timeout) return r } -func routeretry(cluster string, retryOn string, numRetries uint32, perTryTimeout time.Duration) *envoy_api_v2_route.Route_Route { +func routeretry(cluster string, retryOn string, numRetries uint32, perTryTimeout time.Duration) *envoy_config_route_v3.Route_Route { r := routecluster(cluster) - r.Route.RetryPolicy = &envoy_api_v2_route.RetryPolicy{ + r.Route.RetryPolicy = &envoy_config_route_v3.RetryPolicy{ RetryOn: retryOn, } if numRetries > 0 { @@ -3122,8 +3121,8 @@ func routeretry(cluster string, retryOn string, numRetries uint32, perTryTimeout return r } -func routeRegex(regex string, headers ...dag.HeaderMatchCondition) *envoy_api_v2_route.RouteMatch { - return envoy_v2.RouteMatch(&dag.Route{ +func routeRegex(regex string, headers ...dag.HeaderMatchCondition) *envoy_config_route_v3.RouteMatch { + return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.RegexMatchCondition{ Regex: regex, }, @@ -3131,8 +3130,8 @@ func routeRegex(regex string, headers ...dag.HeaderMatchCondition) *envoy_api_v2 }) } -func routePrefix(prefix string, headers ...dag.HeaderMatchCondition) *envoy_api_v2_route.RouteMatch { - return envoy_v2.RouteMatch(&dag.Route{ +func routePrefix(prefix string, headers ...dag.HeaderMatchCondition) *envoy_config_route_v3.RouteMatch { + return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.PrefixMatchCondition{ Prefix: prefix, }, @@ -3140,27 +3139,27 @@ func routePrefix(prefix string, headers ...dag.HeaderMatchCondition) *envoy_api_ }) } -func weightedClusters(first, second *envoy_api_v2_route.WeightedCluster_ClusterWeight, rest ...*envoy_api_v2_route.WeightedCluster_ClusterWeight) []*envoy_api_v2_route.WeightedCluster_ClusterWeight { - return append([]*envoy_api_v2_route.WeightedCluster_ClusterWeight{first, second}, rest...) +func weightedClusters(first, second *envoy_config_route_v3.WeightedCluster_ClusterWeight, rest ...*envoy_config_route_v3.WeightedCluster_ClusterWeight) []*envoy_config_route_v3.WeightedCluster_ClusterWeight { + return append([]*envoy_config_route_v3.WeightedCluster_ClusterWeight{first, second}, rest...) } -func weightedCluster(name string, weight uint32) *envoy_api_v2_route.WeightedCluster_ClusterWeight { - return &envoy_api_v2_route.WeightedCluster_ClusterWeight{ +func weightedCluster(name string, weight uint32) *envoy_config_route_v3.WeightedCluster_ClusterWeight { + return &envoy_config_route_v3.WeightedCluster_ClusterWeight{ Name: name, Weight: protobuf.UInt32(weight), } } -func routeConfigurations(rcs ...*envoy_api_v2.RouteConfiguration) map[string]*envoy_api_v2.RouteConfiguration { - m := make(map[string]*envoy_api_v2.RouteConfiguration) +func routeConfigurations(rcs ...*envoy_config_route_v3.RouteConfiguration) map[string]*envoy_config_route_v3.RouteConfiguration { + m := make(map[string]*envoy_config_route_v3.RouteConfiguration) for _, rc := range rcs { m[rc.Name] = rc } return m } -func withMirrorPolicy(route *envoy_api_v2_route.Route_Route, mirror string) *envoy_api_v2_route.Route_Route { - route.Route.RequestMirrorPolicies = []*envoy_api_v2_route.RouteAction_RequestMirrorPolicy{{ +func withMirrorPolicy(route *envoy_config_route_v3.Route_Route, mirror string) *envoy_config_route_v3.Route_Route { + route.Route.RequestMirrorPolicies = []*envoy_config_route_v3.RouteAction_RequestMirrorPolicy{{ Cluster: mirror, }} return route diff --git a/internal/xdscache/v3/secret.go b/internal/xdscache/v3/secret.go index 7aa3bc19164..811f1f5f154 100644 --- a/internal/xdscache/v3/secret.go +++ b/internal/xdscache/v3/secret.go @@ -11,19 +11,19 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "sort" "sync" - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - resource "github.com/envoyproxy/go-control-plane/pkg/resource/v2" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/golang/protobuf/proto" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" - envoy_v2 "github.com/projectcontour/contour/internal/envoy/v2" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" ) @@ -31,12 +31,12 @@ import ( // SecretCache manages the contents of the gRPC SDS cache. type SecretCache struct { mu sync.Mutex - values map[string]*envoy_api_v2_auth.Secret + values map[string]*envoy_tls_v3.Secret contour.Cond } // Update replaces the contents of the cache with the supplied map. -func (c *SecretCache) Update(v map[string]*envoy_api_v2_auth.Secret) { +func (c *SecretCache) Update(v map[string]*envoy_tls_v3.Secret) { c.mu.Lock() defer c.mu.Unlock() @@ -48,7 +48,7 @@ func (c *SecretCache) Update(v map[string]*envoy_api_v2_auth.Secret) { func (c *SecretCache) Contents() []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_api_v2_auth.Secret + var values []*envoy_tls_v3.Secret for _, v := range c.values { values = append(values, v) } @@ -59,7 +59,7 @@ func (c *SecretCache) Contents() []proto.Message { func (c *SecretCache) Query(names []string) []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_api_v2_auth.Secret + var values []*envoy_tls_v3.Secret for _, n := range names { // we can only return secrets where their value is // known. if the secret is not registered in the cache @@ -80,13 +80,13 @@ func (c *SecretCache) OnChange(root *dag.DAG) { } type secretVisitor struct { - secrets map[string]*envoy_api_v2_auth.Secret + secrets map[string]*envoy_tls_v3.Secret } -// visitSecrets produces a map of *envoy_api_v2_auth.Secret -func visitSecrets(root dag.Vertex) map[string]*envoy_api_v2_auth.Secret { +// visitSecrets produces a map of *envoy_tls_v3.Secret +func visitSecrets(root dag.Vertex) map[string]*envoy_tls_v3.Secret { sv := secretVisitor{ - secrets: make(map[string]*envoy_api_v2_auth.Secret), + secrets: make(map[string]*envoy_tls_v3.Secret), } sv.visit(root) return sv.secrets @@ -95,7 +95,7 @@ func visitSecrets(root dag.Vertex) map[string]*envoy_api_v2_auth.Secret { func (v *secretVisitor) addSecret(s *dag.Secret) { name := envoy.Secretname(s) if _, ok := v.secrets[name]; !ok { - envoySecret := envoy_v2.Secret(s) + envoySecret := envoy_v3.Secret(s) v.secrets[envoySecret.Name] = envoySecret } } diff --git a/internal/xdscache/v3/secret_test.go b/internal/xdscache/v3/secret_test.go index 3ae3b4ef78b..f0beb10dd54 100644 --- a/internal/xdscache/v3/secret_test.go +++ b/internal/xdscache/v3/secret_test.go @@ -11,13 +11,13 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "testing" - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/golang/protobuf/proto" contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" @@ -32,7 +32,7 @@ import ( func TestSecretCacheContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_api_v2_auth.Secret + contents map[string]*envoy_tls_v3.Secret want []proto.Message }{ "empty": { @@ -61,7 +61,7 @@ func TestSecretCacheContents(t *testing.T) { func TestSecretCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_api_v2_auth.Secret + contents map[string]*envoy_tls_v3.Secret query []string want []proto.Message }{ @@ -106,18 +106,18 @@ func TestSecretCacheQuery(t *testing.T) { func TestSecretVisit(t *testing.T) { tests := map[string]struct { objs []interface{} - want map[string]*envoy_api_v2_auth.Secret + want map[string]*envoy_tls_v3.Secret }{ "nothing": { objs: nil, - want: map[string]*envoy_api_v2_auth.Secret{}, + want: map[string]*envoy_tls_v3.Secret{}, }, "unassociated secrets": { objs: []interface{}{ tlssecret("default", "secret-a", secretdata(CERTIFICATE, RSA_PRIVATE_KEY)), tlssecret("default", "secret-b", secretdata(CERTIFICATE_2, RSA_PRIVATE_KEY_2)), }, - want: map[string]*envoy_api_v2_auth.Secret{}, + want: map[string]*envoy_tls_v3.Secret{}, }, "simple ingress with secret": { objs: []interface{}{ @@ -519,26 +519,26 @@ func buildDAGFallback(t *testing.T, fallbackCertificate *types.NamespacedName, o return builder.Build() } -func secretmap(secrets ...*envoy_api_v2_auth.Secret) map[string]*envoy_api_v2_auth.Secret { - m := make(map[string]*envoy_api_v2_auth.Secret) +func secretmap(secrets ...*envoy_tls_v3.Secret) map[string]*envoy_tls_v3.Secret { + m := make(map[string]*envoy_tls_v3.Secret) for _, s := range secrets { m[s.Name] = s } return m } -func secret(name string, data map[string][]byte) *envoy_api_v2_auth.Secret { - return &envoy_api_v2_auth.Secret{ +func secret(name string, data map[string][]byte) *envoy_tls_v3.Secret { + return &envoy_tls_v3.Secret{ Name: name, - Type: &envoy_api_v2_auth.Secret_TlsCertificate{ - TlsCertificate: &envoy_api_v2_auth.TlsCertificate{ - CertificateChain: &envoy_api_v2_core.DataSource{ - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + Type: &envoy_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_tls_v3.TlsCertificate{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: data[v1.TLSCertKey], }, }, - PrivateKey: &envoy_api_v2_core.DataSource{ - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: data[v1.TLSPrivateKeyKey], }, }, diff --git a/internal/xdscache/v3/server_test.go b/internal/xdscache/v3/server_test.go index 2c15e4f54ec..4c835b4bc57 100644 --- a/internal/xdscache/v3/server_test.go +++ b/internal/xdscache/v3/server_test.go @@ -11,7 +11,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "context" @@ -20,15 +20,18 @@ import ( "testing" "time" - "github.com/projectcontour/contour/internal/xds" - - envoy_api_v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - discovery "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v2" - resource "github.com/envoyproxy/go-control-plane/pkg/resource/v2" + envoy_service_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/service/cluster/v3" + discovery "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_service_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/service/endpoint/v3" + envoy_service_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/service/listener/v3" + envoy_service_route_v3 "github.com/envoyproxy/go-control-plane/envoy/service/route/v3" + envoy_service_secret_v3 "github.com/envoyproxy/go-control-plane/envoy/service/secret/v3" + resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/fixture" - contour_xds_v2 "github.com/projectcontour/contour/internal/xds/v2" + "github.com/projectcontour/contour/internal/xds" + contour_xds_v3 "github.com/projectcontour/contour/internal/xds/v3" "github.com/projectcontour/contour/internal/xdscache" "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" @@ -65,7 +68,7 @@ func TestGRPC(t *testing.T) { }, }) - sds := envoy_api_v2.NewClusterDiscoveryServiceClient(cc) + sds := envoy_service_cluster_v3.NewClusterDiscoveryServiceClient(cc) ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond) defer cancel() stream, err := sds.StreamClusters(ctx) @@ -92,7 +95,7 @@ func TestGRPC(t *testing.T) { }}, }) - eds := envoy_api_v2.NewEndpointDiscoveryServiceClient(cc) + eds := envoy_service_endpoint_v3.NewEndpointDiscoveryServiceClient(cc) ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond) defer cancel() stream, err := eds.StreamEndpoints(ctx) @@ -125,7 +128,7 @@ func TestGRPC(t *testing.T) { }, }) - lds := envoy_api_v2.NewListenerDiscoveryServiceClient(cc) + lds := envoy_service_listener_v3.NewListenerDiscoveryServiceClient(cc) ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond) defer cancel() stream, err := lds.StreamListeners(ctx) @@ -157,7 +160,7 @@ func TestGRPC(t *testing.T) { }, }) - rds := envoy_api_v2.NewRouteDiscoveryServiceClient(cc) + rds := envoy_service_route_v3.NewRouteDiscoveryServiceClient(cc) ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond) defer cancel() stream, err := rds.StreamRoutes(ctx) @@ -178,7 +181,7 @@ func TestGRPC(t *testing.T) { }, }) - sds := discovery.NewSecretDiscoveryServiceClient(cc) + sds := envoy_service_secret_v3.NewSecretDiscoveryServiceClient(cc) ctx, cancel := context.WithTimeout(context.Background(), 100*time.Millisecond) defer cancel() stream, err := sds.StreamSecrets(ctx) @@ -209,7 +212,7 @@ func TestGRPC(t *testing.T) { } srv := xds.NewServer(nil) - contour_xds_v2.RegisterServer(contour_xds_v2.NewContourServer(log, xdscache.ResourcesOf(resources)...), srv) + contour_xds_v3.RegisterServer(contour_xds_v3.NewContourServer(log, xdscache.ResourcesOf(resources)...), srv) l, err := net.Listen("tcp", "127.0.0.1:0") require.NoError(t, err) done := make(chan error, 1) @@ -233,17 +236,17 @@ func TestGRPC(t *testing.T) { } func sendreq(t *testing.T, stream interface { - Send(*envoy_api_v2.DiscoveryRequest) error + Send(*discovery.DiscoveryRequest) error }, typeurl string) { t.Helper() - err := stream.Send(&envoy_api_v2.DiscoveryRequest{ + err := stream.Send(&discovery.DiscoveryRequest{ TypeUrl: typeurl, }) require.NoError(t, err) } func checkrecv(t *testing.T, stream interface { - Recv() (*envoy_api_v2.DiscoveryResponse, error) + Recv() (*discovery.DiscoveryResponse, error) }) { t.Helper() _, err := stream.Recv() @@ -251,7 +254,7 @@ func checkrecv(t *testing.T, stream interface { } func checktimeout(t *testing.T, stream interface { - Recv() (*envoy_api_v2.DiscoveryResponse, error) + Recv() (*discovery.DiscoveryResponse, error) }) { t.Helper() _, err := stream.Recv() diff --git a/internal/xdscache/v3/visitor_test.go b/internal/xdscache/v3/visitor_test.go index 472f8591e47..421a6b48cd2 100644 --- a/internal/xdscache/v3/visitor_test.go +++ b/internal/xdscache/v3/visitor_test.go @@ -11,17 +11,17 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v2 +package v3 import ( "testing" - envoy_api_v2 "github.com/envoyproxy/go-control-plane/envoy/api/v2" - envoy_api_v2_auth "github.com/envoyproxy/go-control-plane/envoy/api/v2/auth" - envoy_api_v2_core "github.com/envoyproxy/go-control-plane/envoy/api/v2/core" - envoy_api_v2_listener "github.com/envoyproxy/go-control-plane/envoy/api/v2/listener" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_api_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/projectcontour/contour/internal/dag" - envoy_v2 "github.com/projectcontour/contour/internal/envoy/v2" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -31,7 +31,7 @@ import ( func TestVisitClusters(t *testing.T) { tests := map[string]struct { root dag.Vertex - want map[string]*envoy_api_v2.Cluster + want map[string]*envoy_config_cluster_v3.Cluster }{ "TCPService forward": { root: &dag.Listener{ @@ -62,12 +62,12 @@ func TestVisitClusters(t *testing.T) { ), }, want: clustermap( - &envoy_api_v2.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/example/443/da39a3ee5e", AltStatName: "default_example_443", - ClusterDiscoveryType: envoy_v2.ClusterDiscoveryType(envoy_api_v2.Cluster_EDS), - EdsClusterConfig: &envoy_api_v2.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v2.ConfigSource("contour"), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ + EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/example", }, }, @@ -103,7 +103,7 @@ func TestVisitListeners(t *testing.T) { tests := map[string]struct { root dag.Vertex - want map[string]*envoy_api_v2.Listener + want map[string]*envoy_config_listener_v3.Listener }{ "TCPService forward": { root: &dag.Listener{ @@ -123,25 +123,25 @@ func TestVisitListeners(t *testing.T) { Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, }, - MinTLSVersion: envoy_api_v2_auth.TlsParameters_TLSv1_2, + MinTLSVersion: "1.2", }, ), }, want: listenermap( - &envoy_api_v2.Listener{ + &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, - Address: envoy_v2.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_api_v2_listener.FilterChain{{ - FilterChainMatch: &envoy_api_v2_listener.FilterChainMatch{ + Address: envoy_v3.SocketAddress("0.0.0.0", 8443), + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"tcpproxy.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_api_v2_auth.TlsParameters_TLSv1_2), - Filters: envoy_v2.Filters(envoy_v2.TCPProxy(ENVOY_HTTPS_LISTENER, p1, envoy_v2.FileAccessLogEnvoy(DEFAULT_HTTPS_ACCESS_LOG))), + TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2), + Filters: envoy_v3.Filters(envoy_v3.TCPProxy(ENVOY_HTTPS_LISTENER, p1, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTPS_ACCESS_LOG))), }}, - ListenerFilters: envoy_v2.ListenerFilters( - envoy_v2.TLSInspector(), + ListenerFilters: envoy_v3.ListenerFilters( + envoy_v3.TLSInspector(), ), - SocketOptions: envoy_v2.TCPKeepaliveSocketOptions(), + SocketOptions: envoy_v3.TCPKeepaliveSocketOptions(), }, ), }, @@ -158,7 +158,7 @@ func TestVisitListeners(t *testing.T) { func TestVisitSecrets(t *testing.T) { tests := map[string]struct { root dag.Vertex - want map[string]*envoy_api_v2_auth.Secret + want map[string]*envoy_tls_v3.Secret }{ "TCPService forward": { root: &dag.Listener{ @@ -196,17 +196,17 @@ func TestVisitSecrets(t *testing.T) { }, ), }, - want: secretmap(&envoy_api_v2_auth.Secret{ + want: secretmap(&envoy_tls_v3.Secret{ Name: "default/secret/735ad571c1", - Type: &envoy_api_v2_auth.Secret_TlsCertificate{ - TlsCertificate: &envoy_api_v2_auth.TlsCertificate{ - PrivateKey: &envoy_api_v2_core.DataSource{ - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + Type: &envoy_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_tls_v3.TlsCertificate{ + PrivateKey: &envoy_api_core_v3.DataSource{ + Specifier: &envoy_api_core_v3.DataSource_InlineBytes{ InlineBytes: []byte("key"), }, }, - CertificateChain: &envoy_api_v2_core.DataSource{ - Specifier: &envoy_api_v2_core.DataSource_InlineBytes{ + CertificateChain: &envoy_api_core_v3.DataSource{ + Specifier: &envoy_api_core_v3.DataSource_InlineBytes{ InlineBytes: []byte("certificate"), }, },