diff --git a/.gitattributes b/.gitattributes index ec6a0371..e5112367 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1,2 +1,4 @@ bundle/** linguist-generated=true bundle.Dockerfile linguist-generated=true +config/crd/bases/** linguist-generated=true +docs/api-reference/reference.asciidoc linguist-generated=true diff --git a/Makefile b/Makefile index 7319ba22..707bb788 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 0.13.0-alpha.1 +VERSION ?= 0.13.0-alpha.2 # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") @@ -231,7 +231,7 @@ $(CONTROLLER_GEN): $(LOCALBIN) .PHONY: envtest envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. $(ENVTEST): $(LOCALBIN) - test -s $(ENVTEST) || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest + test -s $(ENVTEST) || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@release-0.17 .PHONY: ginkgo ginkgo: $(GINKGO) ## Download ginkgo locally if necessary diff --git a/apis/marin3r/v1alpha1/envoyconfig_webhook.go b/apis/marin3r/v1alpha1/envoyconfig_webhook.go index 46fe5696..2cb1b80d 100644 --- a/apis/marin3r/v1alpha1/envoyconfig_webhook.go +++ b/apis/marin3r/v1alpha1/envoyconfig_webhook.go @@ -93,8 +93,8 @@ func (r *EnvoyConfig) ValidateResources() error { switch res.Type { case envoy.Secret: - if res.GenerateFromTlsSecret == nil { - errList = append(errList, fmt.Errorf("'generateFromTlsSecret' cannot be empty for type '%s'", envoy.Secret)) + if res.GenerateFromTlsSecret == nil && res.GenerateFromOpaqueSecret == nil { + errList = append(errList, fmt.Errorf("one of 'generateFromTlsSecret', 'generateFromOpaqueSecret' must be set for type '%s'", envoy.Secret)) } if res.Value != nil { errList = append(errList, fmt.Errorf("'value' cannot be used for type '%s'", envoy.Secret)) diff --git a/apis/marin3r/v1alpha1/resources.go b/apis/marin3r/v1alpha1/resources.go index 6e05bba2..ce84dab5 100644 --- a/apis/marin3r/v1alpha1/resources.go +++ b/apis/marin3r/v1alpha1/resources.go @@ -43,6 +43,11 @@ type Resource struct { // +operator-sdk:csv:customresourcedefinitions:type=spec // +optional GenerateFromTlsSecret *string `json:"generateFromTlsSecret,omitempty"` + // The name of a Kubernetes Secret of type "Opaque". It will generate an + // envoy "generic secret" proto. + // +operator-sdk:csv:customresourcedefinitions:type=spec + // +optional + GenerateFromOpaqueSecret *SecretKeySelector `json:"generateFromOpaqueSecret,omitempty"` // Specifies a label selector to watch for EndpointSlices that will // be used to generate the endpoint resource // +operator-sdk:csv:customresourcedefinitions:type=spec @@ -63,6 +68,27 @@ func (r *Resource) GetBlueprint() Blueprint { return defaultBlueprint } +func (r *Resource) SecretRef() (string, error) { + if r.Type != envoy.Secret { + return "", fmt.Errorf("not a secret type") + } + if r.GenerateFromOpaqueSecret != nil { + return r.GenerateFromOpaqueSecret.Name, nil + } else if r.GenerateFromTlsSecret != nil { + return *r.GenerateFromTlsSecret, nil + } + return "", fmt.Errorf("secret reference not set") +} + +type SecretKeySelector struct { + // The name of the secret in the pod's namespace to select from. + Name string `json:"name"` + // The key of the secret to select from. Must be a valid secret key. + Key string `json:"key"` + // A unique name to refer to the name:key combination + Alias string `json:"alias"` +} + type GenerateFromEndpointSlices struct { Selector *metav1.LabelSelector `json:"selector"` ClusterName string `json:"clusterName"` diff --git a/apis/marin3r/v1alpha1/zz_generated.deepcopy.go b/apis/marin3r/v1alpha1/zz_generated.deepcopy.go index 6dc6e0e0..659213cb 100644 --- a/apis/marin3r/v1alpha1/zz_generated.deepcopy.go +++ b/apis/marin3r/v1alpha1/zz_generated.deepcopy.go @@ -464,6 +464,11 @@ func (in *Resource) DeepCopyInto(out *Resource) { *out = new(string) **out = **in } + if in.GenerateFromOpaqueSecret != nil { + in, out := &in.GenerateFromOpaqueSecret, &out.GenerateFromOpaqueSecret + *out = new(SecretKeySelector) + **out = **in + } if in.GenerateFromEndpointSlices != nil { in, out := &in.GenerateFromEndpointSlices, &out.GenerateFromEndpointSlices *out = new(GenerateFromEndpointSlices) @@ -486,6 +491,21 @@ func (in *Resource) DeepCopy() *Resource { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretKeySelector. +func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { + if in == nil { + return nil + } + out := new(SecretKeySelector) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VersionTracker) DeepCopyInto(out *VersionTracker) { *out = *in diff --git a/bundle/manifests/marin3r.3scale.net_envoyconfigrevisions.yaml b/bundle/manifests/marin3r.3scale.net_envoyconfigrevisions.yaml index c2ace5c5..2ba67f40 100644 --- a/bundle/manifests/marin3r.3scale.net_envoyconfigrevisions.yaml +++ b/bundle/manifests/marin3r.3scale.net_envoyconfigrevisions.yaml @@ -349,6 +349,26 @@ spec: - selector - targetPort type: object + generateFromOpaqueSecret: + description: The name of a Kubernetes Secret of type "Opaque". + It will generate an envoy "generic secret" proto. + properties: + alias: + description: A unique name to refer to the name:key combination + type: string + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: The name of the secret in the pod's namespace + to select from. + type: string + required: + - alias + - key + - name + type: object generateFromTlsSecret: description: The name of a Kubernetes Secret of type "kubernetes.io/tls" type: string diff --git a/bundle/manifests/marin3r.3scale.net_envoyconfigs.yaml b/bundle/manifests/marin3r.3scale.net_envoyconfigs.yaml index 29290839..da730ad7 100644 --- a/bundle/manifests/marin3r.3scale.net_envoyconfigs.yaml +++ b/bundle/manifests/marin3r.3scale.net_envoyconfigs.yaml @@ -342,6 +342,26 @@ spec: - selector - targetPort type: object + generateFromOpaqueSecret: + description: The name of a Kubernetes Secret of type "Opaque". + It will generate an envoy "generic secret" proto. + properties: + alias: + description: A unique name to refer to the name:key combination + type: string + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: The name of the secret in the pod's namespace + to select from. + type: string + required: + - alias + - key + - name + type: object generateFromTlsSecret: description: The name of a Kubernetes Secret of type "kubernetes.io/tls" type: string diff --git a/bundle/manifests/marin3r.clusterserviceversion.yaml b/bundle/manifests/marin3r.clusterserviceversion.yaml index 8a68cb7c..35240745 100644 --- a/bundle/manifests/marin3r.clusterserviceversion.yaml +++ b/bundle/manifests/marin3r.clusterserviceversion.yaml @@ -173,14 +173,14 @@ metadata: categories: Networking certified: "false" containerImage: quay.io/3scale/marin3r - createdAt: "2024-03-21T15:45:14Z" + createdAt: "2024-03-22T17:37:16Z" description: Lighweight, CRD based Envoy control plane for Kubernetes operators.operatorframework.io/builder: operator-sdk-v1.28.0 operators.operatorframework.io/internal-objects: '["envoyconfigrevisions.marin3r.3scale.net","discoveryservicecertificates.operator.marin3r.3scale.net"]' operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 repository: https://github.com/3scale-ops/marin3r support: Red Hat, Inc. - name: marin3r.v0.13.0-alpha.1 + name: marin3r.v0.13.0-alpha.2 namespace: placeholder spec: apiservicedefinitions: {} @@ -453,6 +453,10 @@ spec: be used to generate the endpoint resource displayName: Generate From Endpoint Slices path: resources[0].generateFromEndpointSlices + - description: The name of a Kubernetes Secret of type "Opaque". It will generate + an envoy "generic secret" proto. + displayName: Generate From Opaque Secret + path: resources[0].generateFromOpaqueSecret - description: The name of a Kubernetes Secret of type "kubernetes.io/tls" displayName: Generate From Tls Secret path: resources[0].generateFromTlsSecret @@ -635,6 +639,10 @@ spec: be used to generate the endpoint resource displayName: Generate From Endpoint Slices path: resources[0].generateFromEndpointSlices + - description: The name of a Kubernetes Secret of type "Opaque". It will generate + an envoy "generic secret" proto. + displayName: Generate From Opaque Secret + path: resources[0].generateFromOpaqueSecret - description: The name of a Kubernetes Secret of type "kubernetes.io/tls" displayName: Generate From Tls Secret path: resources[0].generateFromTlsSecret @@ -919,7 +927,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - image: quay.io/3scale/marin3r:v0.13.0-alpha.1 + image: quay.io/3scale/marin3r:v0.13.0-alpha.2 livenessProbe: httpGet: path: /healthz @@ -977,7 +985,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - image: quay.io/3scale/marin3r:v0.13.0-alpha.1 + image: quay.io/3scale/marin3r:v0.13.0-alpha.2 livenessProbe: httpGet: path: /healthz @@ -1284,7 +1292,7 @@ spec: maturity: alpha provider: name: Red Hat - version: 0.13.0-alpha.1 + version: 0.13.0-alpha.2 webhookdefinitions: - admissionReviewVersions: - v1 diff --git a/config/crd/bases/marin3r.3scale.net_envoyconfigrevisions.yaml b/config/crd/bases/marin3r.3scale.net_envoyconfigrevisions.yaml index b030f7db..27ede99e 100644 --- a/config/crd/bases/marin3r.3scale.net_envoyconfigrevisions.yaml +++ b/config/crd/bases/marin3r.3scale.net_envoyconfigrevisions.yaml @@ -350,6 +350,26 @@ spec: - selector - targetPort type: object + generateFromOpaqueSecret: + description: The name of a Kubernetes Secret of type "Opaque". + It will generate an envoy "generic secret" proto. + properties: + alias: + description: A unique name to refer to the name:key combination + type: string + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: The name of the secret in the pod's namespace + to select from. + type: string + required: + - alias + - key + - name + type: object generateFromTlsSecret: description: The name of a Kubernetes Secret of type "kubernetes.io/tls" type: string diff --git a/config/crd/bases/marin3r.3scale.net_envoyconfigs.yaml b/config/crd/bases/marin3r.3scale.net_envoyconfigs.yaml index 95bba8c3..826b0e16 100644 --- a/config/crd/bases/marin3r.3scale.net_envoyconfigs.yaml +++ b/config/crd/bases/marin3r.3scale.net_envoyconfigs.yaml @@ -343,6 +343,26 @@ spec: - selector - targetPort type: object + generateFromOpaqueSecret: + description: The name of a Kubernetes Secret of type "Opaque". + It will generate an envoy "generic secret" proto. + properties: + alias: + description: A unique name to refer to the name:key combination + type: string + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: The name of the secret in the pod's namespace + to select from. + type: string + required: + - alias + - key + - name + type: object generateFromTlsSecret: description: The name of a Kubernetes Secret of type "kubernetes.io/tls" type: string diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 0a38a50f..47500572 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,7 +13,7 @@ kind: Kustomization images: - name: controller newName: quay.io/3scale/marin3r - newTag: v0.13.0-alpha.1 + newTag: v0.13.0-alpha.2 patchesStrategicMerge: - custom/manager_patch.yaml diff --git a/config/manifests/bases/marin3r.clusterserviceversion.yaml b/config/manifests/bases/marin3r.clusterserviceversion.yaml index c6e89d9a..db12c2f4 100644 --- a/config/manifests/bases/marin3r.clusterserviceversion.yaml +++ b/config/manifests/bases/marin3r.clusterserviceversion.yaml @@ -359,6 +359,10 @@ spec: be used to generate the endpoint resource displayName: Generate From Endpoint Slices path: resources[0].generateFromEndpointSlices + - description: The name of a Kubernetes Secret of type "Opaque". It will generate + an envoy "generic secret" proto. + displayName: Generate From Opaque Secret + path: resources[0].generateFromOpaqueSecret - description: The name of a Kubernetes Secret of type "kubernetes.io/tls" displayName: Generate From Tls Secret path: resources[0].generateFromTlsSecret @@ -541,6 +545,10 @@ spec: be used to generate the endpoint resource displayName: Generate From Endpoint Slices path: resources[0].generateFromEndpointSlices + - description: The name of a Kubernetes Secret of type "Opaque". It will generate + an envoy "generic secret" proto. + displayName: Generate From Opaque Secret + path: resources[0].generateFromOpaqueSecret - description: The name of a Kubernetes Secret of type "kubernetes.io/tls" displayName: Generate From Tls Secret path: resources[0].generateFromTlsSecret diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml index 22a5c77a..ac0ad2e7 100644 --- a/config/webhook/kustomization.yaml +++ b/config/webhook/kustomization.yaml @@ -10,7 +10,7 @@ kind: Kustomization images: - name: controller newName: quay.io/3scale/marin3r - newTag: v0.13.0-alpha.1 + newTag: v0.13.0-alpha.2 # [CUSTOM: pod mutating webhook config] This patch adds a label selector to the MutatingWebhookConfig patchesStrategicMerge: diff --git a/controllers/marin3r/envoyconfigrevision_controller.go b/controllers/marin3r/envoyconfigrevision_controller.go index 49587a48..aa6cafa3 100644 --- a/controllers/marin3r/envoyconfigrevision_controller.go +++ b/controllers/marin3r/envoyconfigrevision_controller.go @@ -199,7 +199,7 @@ func (r *EnvoyConfigRevisionReconciler) SecretsEventHandler() handler.EventHandl &marin3rv1alpha1.EnvoyConfigRevisionList{}, func(event client.Object, o client.Object) bool { secret := event.(*corev1.Secret) - if secret.Type != corev1.SecretTypeTLS { + if secret.Type != corev1.SecretTypeTLS && secret.Type != corev1.SecretTypeOpaque { return false } ecr := o.(*marin3rv1alpha1.EnvoyConfigRevision) @@ -207,7 +207,8 @@ func (r *EnvoyConfigRevisionReconciler) SecretsEventHandler() handler.EventHandl // check if the k8s Secret is relevant for this EnvoyConfigRevision for _, s := range ecr.Spec.Resources { if s.Type == envoy.Secret { - if *s.GenerateFromTlsSecret == secret.GetName() { + if (s.GenerateFromTlsSecret != nil && *s.GenerateFromTlsSecret == secret.GetName()) || + (s.GenerateFromOpaqueSecret != nil && s.GenerateFromOpaqueSecret.Name == secret.GetName()) { return true } } diff --git a/docs/api-reference/reference.asciidoc b/docs/api-reference/reference.asciidoc index 5abaf0d3..bf6e4785 100644 --- a/docs/api-reference/reference.asciidoc +++ b/docs/api-reference/reference.asciidoc @@ -318,11 +318,31 @@ Resource holds serialized representation of an envoy resource | *`type`* __Type__ | Type is the type url for the protobuf message | *`value`* __RawExtension__ | Value is the protobufer message that configures the resource. The proto must match the envoy configuration API v3 specification for the given resource type (https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol#resource-types) | *`generateFromTlsSecret`* __string__ | The name of a Kubernetes Secret of type "kubernetes.io/tls" +| *`generateFromOpaqueSecret`* __xref:{anchor_prefix}-github-com-3scale-ops-marin3r-apis-marin3r-v1alpha1-secretkeyselector[$$SecretKeySelector$$]__ | The name of a Kubernetes Secret of type "Opaque". It will generate an envoy "generic secret" proto. | *`generateFromEndpointSlices`* __xref:{anchor_prefix}-github-com-3scale-ops-marin3r-apis-marin3r-v1alpha1-generatefromendpointslices[$$GenerateFromEndpointSlices$$]__ | Specifies a label selector to watch for EndpointSlices that will be used to generate the endpoint resource | *`blueprint`* __xref:{anchor_prefix}-github-com-3scale-ops-marin3r-apis-marin3r-v1alpha1-blueprint[$$Blueprint$$]__ | Blueprint specifies a template to generate a configuration proto. It is currently only supported to generate secret configuration resources from k8s Secrets |=== +[id="{anchor_prefix}-github-com-3scale-ops-marin3r-apis-marin3r-v1alpha1-secretkeyselector"] +==== SecretKeySelector + + + +.Appears In: +**** +- xref:{anchor_prefix}-github-com-3scale-ops-marin3r-apis-marin3r-v1alpha1-resource[$$Resource$$] +**** + +[cols="25a,75a", options="header"] +|=== +| Field | Description +| *`name`* __string__ | The name of the secret in the pod's namespace to select from. +| *`key`* __string__ | The key of the secret to select from. Must be a valid secret key. +| *`alias`* __string__ | A unique name to refer to the name:key combination +|=== + + [id="{anchor_prefix}-github-com-3scale-ops-marin3r-apis-marin3r-v1alpha1-versiontracker"] ==== VersionTracker diff --git a/examples/e2e/deployment/v0.11.1/discoveryservice.yaml b/examples/k8s/envoydeployment/v0.11.1/discoveryservice.yaml similarity index 100% rename from examples/e2e/deployment/v0.11.1/discoveryservice.yaml rename to examples/k8s/envoydeployment/v0.11.1/discoveryservice.yaml diff --git a/examples/e2e/deployment/v0.11.1/discoveryservicecertificate.yaml b/examples/k8s/envoydeployment/v0.11.1/discoveryservicecertificate.yaml similarity index 100% rename from examples/e2e/deployment/v0.11.1/discoveryservicecertificate.yaml rename to examples/k8s/envoydeployment/v0.11.1/discoveryservicecertificate.yaml diff --git a/examples/e2e/deployment/v0.11.1/envoyconfig.yaml b/examples/k8s/envoydeployment/v0.11.1/envoyconfig.yaml similarity index 100% rename from examples/e2e/deployment/v0.11.1/envoyconfig.yaml rename to examples/k8s/envoydeployment/v0.11.1/envoyconfig.yaml diff --git a/examples/e2e/deployment/v0.11.1/envoydeployment.yaml b/examples/k8s/envoydeployment/v0.11.1/envoydeployment.yaml similarity index 100% rename from examples/e2e/deployment/v0.11.1/envoydeployment.yaml rename to examples/k8s/envoydeployment/v0.11.1/envoydeployment.yaml diff --git a/examples/e2e/deployment/v0.11.1/kuard.yaml b/examples/k8s/envoydeployment/v0.11.1/kuard.yaml similarity index 100% rename from examples/e2e/deployment/v0.11.1/kuard.yaml rename to examples/k8s/envoydeployment/v0.11.1/kuard.yaml diff --git a/examples/e2e/deployment/v0.12.0/discoveryservice.yaml b/examples/k8s/envoydeployment/v0.12.0/discoveryservice.yaml similarity index 100% rename from examples/e2e/deployment/v0.12.0/discoveryservice.yaml rename to examples/k8s/envoydeployment/v0.12.0/discoveryservice.yaml diff --git a/examples/e2e/deployment/v0.12.0/discoveryservicecertificate.yaml b/examples/k8s/envoydeployment/v0.12.0/discoveryservicecertificate.yaml similarity index 100% rename from examples/e2e/deployment/v0.12.0/discoveryservicecertificate.yaml rename to examples/k8s/envoydeployment/v0.12.0/discoveryservicecertificate.yaml diff --git a/examples/e2e/deployment/v0.12.0/envoyconfig.yaml b/examples/k8s/envoydeployment/v0.12.0/envoyconfig.yaml similarity index 100% rename from examples/e2e/deployment/v0.12.0/envoyconfig.yaml rename to examples/k8s/envoydeployment/v0.12.0/envoyconfig.yaml diff --git a/examples/e2e/deployment/v0.12.0/envoydeployment.yaml b/examples/k8s/envoydeployment/v0.12.0/envoydeployment.yaml similarity index 100% rename from examples/e2e/deployment/v0.12.0/envoydeployment.yaml rename to examples/k8s/envoydeployment/v0.12.0/envoydeployment.yaml diff --git a/examples/e2e/deployment/v0.12.0/kuard.yaml b/examples/k8s/envoydeployment/v0.12.0/kuard.yaml similarity index 100% rename from examples/e2e/deployment/v0.12.0/kuard.yaml rename to examples/k8s/envoydeployment/v0.12.0/kuard.yaml diff --git a/examples/k8s/oauth2/README.md b/examples/k8s/oauth2/README.md new file mode 100644 index 00000000..a598d30c --- /dev/null +++ b/examples/k8s/oauth2/README.md @@ -0,0 +1,28 @@ +# OAUTH EXAMPLE + +## How to use + +* Set the values for your oauth account and redirect url in `oauth-config.env` and `oauth-secrets.env` +* Deploy the resources + +```bash +❯ kustomize build examples/k8s/oauth2 | kubectl apply -f - +configmap/oauth-config created +secret/oauth-secrets created +service/kuard created +deployment.apps/kuard created +envoyconfig.marin3r.3scale.net/kuard created +discoveryservice.operator.marin3r.3scale.net/instance created +discoveryservicecertificate.operator.marin3r.3scale.net/kuard created +envoydeployment.operator.marin3r.3scale.net/kuard created +``` + +* Execute port-forward to access the EnvoyDeployment pod in localhost + +```bash +❯ kubectl port-forward svc/oauth-proxy 8443:8443 +Forwarding from 127.0.0.1:8443 -> 8443 +Forwarding from [::1]:8443 -> 8443 +``` + +* Open a browser and access `https://127.0.0.1.nip.io:8443/`, this will initiate the oauth flow. diff --git a/examples/k8s/oauth2/discoveryservice.yaml b/examples/k8s/oauth2/discoveryservice.yaml new file mode 100644 index 00000000..10de085a --- /dev/null +++ b/examples/k8s/oauth2/discoveryservice.yaml @@ -0,0 +1,8 @@ +apiVersion: operator.marin3r.3scale.net/v1alpha1 +kind: DiscoveryService +metadata: + name: instance +spec: + debug: true + + diff --git a/examples/e2e/sidecars/discoveryservicecertificate.yaml b/examples/k8s/oauth2/discoveryservicecertificate.yaml similarity index 100% rename from examples/e2e/sidecars/discoveryservicecertificate.yaml rename to examples/k8s/oauth2/discoveryservicecertificate.yaml diff --git a/examples/k8s/oauth2/envoyconfig.yaml b/examples/k8s/oauth2/envoyconfig.yaml new file mode 100644 index 00000000..57260459 --- /dev/null +++ b/examples/k8s/oauth2/envoyconfig.yaml @@ -0,0 +1,128 @@ +apiVersion: marin3r.3scale.net/v1alpha1 +kind: EnvoyConfig +metadata: + name: oauth-proxy +spec: + nodeID: oauth-proxy + resources: + - type: listener + value: + name: https + address: + socket_address: + address: 0.0.0.0 + port_value: 8443 + filter_chains: + - filters: + - name: envoy.filters.network.http_connection_manager + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager + stat_prefix: ingress_http + rds: + route_config_name: "kuard" + config_source: + ads: {} + resource_api_version: "V3" + http_filters: + - name: envoy.filters.http.oauth2 + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2 + config: + token_endpoint: + uri: https://github.com/login/oauth/access_token + cluster: oauth + timeout: 10s + authorization_endpoint: https://github.com/login/oauth/authorize + redirect_uri: + default_expires_in: 3600s + redirect_path_matcher: + path: + exact: /callback + signout_path: + path: + exact: /signout + credentials: + client_id: + token_secret: + name: oauth_client_secret + sds_config: + ads: {} + resource_api_version: "V3" + hmac_secret: + name: oauth_hmac + sds_config: + ads: {} + resource_api_version: "V3" + - name: envoy.filters.http.router + typed_config: + "@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext + common_tls_context: + tls_certificate_sds_secret_configs: + - name: kuard + sds_config: + ads: {} + resource_api_version: "V3" + - type: secret + generateFromTlsSecret: kuard + - type: secret + generateFromOpaqueSecret: + name: oauth-secrets + key: client_secret + alias: oauth_client_secret + - type: secret + generateFromOpaqueSecret: + name: oauth-secrets + key: hmac + alias: oauth_hmac + - type: route + value: + name: kuard + virtual_hosts: + - name: all + domains: ["*"] + routes: + - match: + prefix: "/" + route: + cluster: "kuard" + - type: cluster + value: + name: oauth + connect_timeout: 5s + type: LOGICAL_DNS + lb_policy: ROUND_ROBIN + load_assignment: + cluster_name: oauth + endpoints: + - lb_endpoints: + - endpoint: + address: + socket_address: + address: github.com + port_value: 443 + transport_socket: + name: envoy.transport_sockets.tls + typed_config: + "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + sni: github.com + - type: cluster + value: + name: kuard + connect_timeout: 0.010s + type: EDS + lb_policy: ROUND_ROBIN + eds_cluster_config: + eds_config: + ads: {} + resource_api_version: "V3" + - type: endpoint + generateFromEndpointSlices: + selector: + matchLabels: + kubernetes.io/service-name: kuard + clusterName: kuard + targetPort: http diff --git a/examples/k8s/oauth2/envoydeployment.yaml b/examples/k8s/oauth2/envoydeployment.yaml new file mode 100644 index 00000000..b01fbbee --- /dev/null +++ b/examples/k8s/oauth2/envoydeployment.yaml @@ -0,0 +1,55 @@ +apiVersion: operator.marin3r.3scale.net/v1alpha1 +kind: EnvoyDeployment +metadata: + name: oauth-proxy +spec: + discoveryServiceRef: instance + envoyConfigRef: oauth-proxy + ports: + - name: https + port: 8443 + extraArgs: + # - --component-log-level + # - http:debug + - --log-level + - debug + adminAccessLogPath: /dev/stdout + resources: + requests: + memory: "64Mi" + cpu: "100m" + limits: + memory: "128Mi" + cpu: "500m" + replicas: + dynamic: + minReplicas: 1 + maxReplicas: 10 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 50 + podDisruptionBudget: + minAvailable: 1 + shutdownManager: + image: quay.io/3scale/marin3r:test + initManager: + image: quay.io/3scale/marin3r:test + +--- +apiVersion: v1 +kind: Service +metadata: + name: oauth-proxy +spec: + selector: + app.kubernetes.io/component: envoy-deployment + app.kubernetes.io/instance: oauth-proxy + app.kubernetes.io/name: marin3r + ports: + - protocol: TCP + port: 8443 + targetPort: 8443 \ No newline at end of file diff --git a/examples/k8s/oauth2/kuard.yaml b/examples/k8s/oauth2/kuard.yaml new file mode 100644 index 00000000..29f77138 --- /dev/null +++ b/examples/k8s/oauth2/kuard.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: kuard + labels: + app: kuard +spec: + replicas: 1 + selector: + matchLabels: + app: kuard + template: + metadata: + labels: + app: kuard + spec: + containers: + - name: kuard + image: gcr.io/kuar-demo/kuard-amd64:blue + ports: + - containerPort: 8080 + name: http + protocol: TCP + +--- +apiVersion: v1 +kind: Service +metadata: + name: kuard + labels: + app: kuard +spec: + clusterIP: None + selector: + app: kuard + ports: + - name: http + protocol: TCP + port: 8080 + targetPort: http \ No newline at end of file diff --git a/examples/k8s/oauth2/kustomization.yaml b/examples/k8s/oauth2/kustomization.yaml new file mode 100644 index 00000000..0263c68e --- /dev/null +++ b/examples/k8s/oauth2/kustomization.yaml @@ -0,0 +1,48 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: default +resources: + - discoveryservice.yaml + - discoveryservicecertificate.yaml + - envoyconfig.yaml + - envoydeployment.yaml + - kuard.yaml + +secretGenerator: + - name: oauth-secrets + behavior: create + options: + disableNameSuffixHash: true + type: Opaque + envs: + - oauth-secrets.env + +configMapGenerator: + - name: oauth-config + behavior: create + options: + disableNameSuffixHash: true + envs: + - oauth-config.env + +replacements: + - source: + kind: ConfigMap + name: oauth-config + fieldPath: data.client_id + targets: + - select: + kind: EnvoyConfig + name: oauth-proxy + fieldPaths: + - spec.resources.0.value.filter_chains.0.filters.0.typed_config.http_filters.0.typed_config.config.credentials.client_id + - source: + kind: ConfigMap + name: oauth-config + fieldPath: data.redirect_uri + targets: + - select: + kind: EnvoyConfig + name: oauth-proxy + fieldPaths: + - spec.resources.0.value.filter_chains.0.filters.0.typed_config.http_filters.0.typed_config.config.redirect_uri diff --git a/examples/k8s/oauth2/oauth-config.env b/examples/k8s/oauth2/oauth-config.env new file mode 100644 index 00000000..6c93101b --- /dev/null +++ b/examples/k8s/oauth2/oauth-config.env @@ -0,0 +1,2 @@ +client_id= +redirect_uri=https://127.0.0.1.nip.io:8443/callback diff --git a/examples/k8s/oauth2/oauth-secrets.env b/examples/k8s/oauth2/oauth-secrets.env new file mode 100644 index 00000000..1c9ee219 --- /dev/null +++ b/examples/k8s/oauth2/oauth-secrets.env @@ -0,0 +1,2 @@ +client_secret= +hmac=some-random-string diff --git a/examples/e2e/olm/catalogsource.yaml b/examples/k8s/olm/catalogsource.yaml similarity index 100% rename from examples/e2e/olm/catalogsource.yaml rename to examples/k8s/olm/catalogsource.yaml diff --git a/examples/e2e/olm/namespace.yaml b/examples/k8s/olm/namespace.yaml similarity index 100% rename from examples/e2e/olm/namespace.yaml rename to examples/k8s/olm/namespace.yaml diff --git a/examples/e2e/olm/operator-group.yaml b/examples/k8s/olm/operator-group.yaml similarity index 100% rename from examples/e2e/olm/operator-group.yaml rename to examples/k8s/olm/operator-group.yaml diff --git a/examples/e2e/olm/subscription.yaml b/examples/k8s/olm/subscription.yaml similarity index 100% rename from examples/e2e/olm/subscription.yaml rename to examples/k8s/olm/subscription.yaml diff --git a/examples/e2e/sidecars/discoveryservice.yaml b/examples/k8s/sidecars/discoveryservice.yaml similarity index 100% rename from examples/e2e/sidecars/discoveryservice.yaml rename to examples/k8s/sidecars/discoveryservice.yaml diff --git a/examples/k8s/sidecars/discoveryservicecertificate.yaml b/examples/k8s/sidecars/discoveryservicecertificate.yaml new file mode 100644 index 00000000..15f16784 --- /dev/null +++ b/examples/k8s/sidecars/discoveryservicecertificate.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: operator.marin3r.3scale.net/v1alpha1 +kind: DiscoveryServiceCertificate +metadata: + name: kuard +spec: + commonName: kuard.test1.svc + validFor: 3600 + signer: + selfSigned: {} + secretRef: + name: kuard diff --git a/examples/e2e/sidecars/envoyconfig.yaml b/examples/k8s/sidecars/envoyconfig.yaml similarity index 100% rename from examples/e2e/sidecars/envoyconfig.yaml rename to examples/k8s/sidecars/envoyconfig.yaml diff --git a/examples/e2e/sidecars/kuard.yaml b/examples/k8s/sidecars/kuard.yaml similarity index 100% rename from examples/e2e/sidecars/kuard.yaml rename to examples/k8s/sidecars/kuard.yaml diff --git a/generators/pkg-envoy-proto/main.go b/generators/pkg-envoy-proto/main.go index 668857da..6f039669 100644 --- a/generators/pkg-envoy-proto/main.go +++ b/generators/pkg-envoy-proto/main.go @@ -3,15 +3,14 @@ package main import ( "bufio" "fmt" - "io/ioutil" "log" "os" "path/filepath" + "regexp" "sort" "strings" . "github.com/dave/jennifer/jen" - git "github.com/go-git/go-git/v5" "github.com/go-git/go-git/v5/plumbing" "github.com/go-git/go-git/v5/plumbing/object" @@ -56,46 +55,69 @@ func main() { } func generate() { - version := inspectVersion() + version, isPseudoVersion := inspectVersion() log.Printf("generating for %s@%s", sourceModuleName, version) - list := listProtoPackages(version) + list := listProtoPackages(version, isPseudoVersion) writePackageFile(packagFile, list) } -func inspectVersion() string { - body, err := ioutil.ReadFile(gomodFile) +func inspectVersion() (string, bool) { + body, err := os.ReadFile(gomodFile) checkIfError(err) gomod, err := modfile.Parse(gomodFile, body, nil) checkIfError(err) + var present bool + var isPseudoVersion bool + var ref string + for _, m := range gomod.Require { if m.Mod.Path == sourceModuleName { - return m.Mod.Version + ref = m.Mod.Version + present = true } } - log.Fatal(fmt.Sprintf("%s module not found in modules file", sourceModuleName)) - return "" + if !present { + log.Fatalf(fmt.Sprintf("%s module not found in modules file", sourceModuleName)) + return "", false + } + + exp := regexp.MustCompile(`.*-([0-9a-f]{12})$`) + if match := exp.FindStringSubmatch(ref); len(match) != 0 { + // it's a pseudoversion + ref = match[1] + isPseudoVersion = true + } + + return ref, isPseudoVersion + } -func listProtoPackages(version string) []string { +func listProtoPackages(ref string, isPseudoVersion bool) []string { var list []string repo, err := git.Clone(memory.NewStorage(), nil, &git.CloneOptions{ URL: "https://" + sourceModuleName, - Depth: 1, - ReferenceName: plumbing.NewTagReferenceName(version), + ReferenceName: plumbing.NewBranchReferenceName("main"), SingleBranch: true, }) checkIfError(err) // Get tree for the given tag - h, err := repo.ResolveRevision(plumbing.Revision(plumbing.NewTagReferenceName(version))) + var revision plumbing.Revision + if isPseudoVersion { + revision = plumbing.Revision(ref) + } else { + revision = plumbing.Revision(plumbing.NewTagReferenceName(ref)) + } + log.Printf("revision: %s", revision.String()) + h, err := repo.ResolveRevision(revision) checkIfError(err) commit, err := repo.CommitObject(*h) checkIfError(err) diff --git a/go.mod b/go.mod index e2aafd8f..3a7c9ad9 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/3scale-ops/basereconciler v0.5.1 github.com/MakeNowJust/heredoc v1.0.0 github.com/davecgh/go-spew v1.1.1 - github.com/envoyproxy/go-control-plane v0.12.0 + github.com/envoyproxy/go-control-plane v0.12.1-0.20240322070637-7f2a24dc63aa github.com/ghodss/yaml v1.0.0 github.com/go-logr/logr v1.4.1 github.com/go-test/deep v1.1.0 @@ -19,8 +19,8 @@ require ( github.com/prometheus/client_golang v1.18.0 github.com/prometheus/common v0.45.0 github.com/spf13/cobra v1.8.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d - google.golang.org/grpc v1.58.3 + google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 + google.golang.org/grpc v1.62.1 google.golang.org/protobuf v1.33.0 k8s.io/api v0.29.2 k8s.io/apimachinery v0.29.2 @@ -36,9 +36,9 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect - github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 // indirect + github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/envoyproxy/protoc-gen-validate v1.0.2 // indirect + github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.8.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect @@ -49,11 +49,11 @@ require ( github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20230309165930-d61513b1440d // indirect - github.com/google/uuid v1.3.0 // indirect + github.com/google/uuid v1.6.0 // indirect github.com/imdario/mergo v0.3.13 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -68,24 +68,25 @@ require ( github.com/nsf/jsondiff v0.0.0-20230430225905-43f6cf3098c1 // indirect github.com/ohler55/ojg v1.20.3 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_model v0.5.0 // indirect + github.com/planetscale/vtprotobuf v0.5.1-0.20231212170721-e7d721933795 // indirect + github.com/prometheus/client_model v0.6.0 // indirect github.com/prometheus/procfs v0.12.0 // indirect github.com/spf13/pflag v1.0.5 // indirect go.opentelemetry.io/proto/otlp v1.0.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e // indirect - golang.org/x/net v0.19.0 // indirect - golang.org/x/oauth2 v0.12.0 // indirect + golang.org/x/net v0.20.0 // indirect + golang.org/x/oauth2 v0.16.0 // indirect golang.org/x/sys v0.16.0 // indirect - golang.org/x/term v0.15.0 // indirect + golang.org/x/term v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.16.1 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e // indirect + google.golang.org/appengine v1.6.8 // indirect + google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index ed4186a7..028eac07 100644 --- a/go.sum +++ b/go.sum @@ -1,20 +1,16 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/3scale-ops/basereconciler v0.5.1 h1:0CaK3CyBAbO+HzrxnEQWIiKurvXebXjflqQNiv8iSfY= github.com/3scale-ops/basereconciler v0.5.1/go.mod h1:bLk2Jn6trasK88DBCAROnVs67wXP3/qxfY3AGbohHhw= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= -github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ= +github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -22,12 +18,10 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.12.0 h1:4X+VP1GHd1Mhj6IB5mMeGbLCleqxjletLK6K0rbxyZI= -github.com/envoyproxy/go-control-plane v0.12.0/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= +github.com/envoyproxy/go-control-plane v0.12.1-0.20240322070637-7f2a24dc63aa h1:XL3zOdVWwNqLn/yXCAhqfIv8Y5NsFN6SHgQ6N0qizFA= +github.com/envoyproxy/go-control-plane v0.12.1-0.20240322070637-7f2a24dc63aa/go.mod h1:YtsM9q/kVkKyvmemY+BF/ZK7I93OWsx4uk4Do2Mr/OA= +github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= +github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= @@ -53,19 +47,14 @@ github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= @@ -75,8 +64,8 @@ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/pprof v0.0.0-20230309165930-d61513b1440d h1:um9/pc7tKMINFfP1eE7Wv6PRGXlcCSJkVajF7KJw3uQ= github.com/google/pprof v0.0.0-20230309165930-d61513b1440d/go.mod h1:79YE0hCXdHag9sBkw2o+N/YnZtTkXi0UT9Nnixa5eYk= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e h1:XmA6L9IPRdUr28a+SK/oMchGgQy159wvzXA5tJ7l+40= github.com/goombaio/namegenerator v0.0.0-20181006234301-989e774b106e/go.mod h1:AFIo+02s+12CEg8Gzz9kzhCbmbq6JcKNrhHffCGA9z4= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -125,13 +114,14 @@ github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1H github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/planetscale/vtprotobuf v0.5.1-0.20231212170721-e7d721933795 h1:pH+U6pJP0BhxqQ4njBUjOg0++WMMvv3eByWzB+oATBY= +github.com/planetscale/vtprotobuf v0.5.1-0.20231212170721-e7d721933795/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= +github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= @@ -150,9 +140,10 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -163,56 +154,52 @@ go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e h1:+WEEuIdZHnUeJJmEUjyYC2gfUMj69yZXw17EnHg/otA= golang.org/x/exp v0.0.0-20220722155223-a9213eeb770e/go.mod h1:Kr81I6Kryrl9sr8s2FK3vxD90NdsKWRuOIl2O4CvYbA= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= -golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.12.0 h1:smVPGxink+n1ZI5pkQa8y6fZT0RW0MgCO5bFpepy4B4= -golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= +golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -221,23 +208,16 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g= -google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8= -google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e h1:z3vDksarJxsAKM5dmEGv0GHwE2hKJ096wZra71Vs4sw= -google.golang.org/genproto/googleapis/api v0.0.0-20230726155614-23370e0ffb3e/go.mod h1:rsr7RhLuwsDKL7RmgDDCUc6yaGr1iqceVb5Wv6f6YvQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d h1:uvYuEyMHKNt+lT4K3bN6fGswmK8qSvcreM3BwjDh+y4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.58.3 h1:BjnpXut1btbtgN/6sp+brB2Kbm2LjNXnidYujAVbSoQ= -google.golang.org/grpc v1.58.3/go.mod h1:tgX3ZQDlNJGU96V6yHh1T/JeoBQ2TXdr43YbYSsCJk0= +google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= +google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= +google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= +google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= +google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU= +google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= +google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= +google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= @@ -254,8 +234,6 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0= diff --git a/pkg/envoy/bootstrap/v3/bootstrap.go b/pkg/envoy/bootstrap/v3/bootstrap.go index 59b01f3d..fc965d47 100644 --- a/pkg/envoy/bootstrap/v3/bootstrap.go +++ b/pkg/envoy/bootstrap/v3/bootstrap.go @@ -220,7 +220,7 @@ func (c *Config) GenerateStatic() (string, error) { func (c *Config) GenerateSdsResources() (map[string]string, error) { generator := envoy_resources.NewGenerator(envoy.APIv3) - secret := generator.NewSecretFromPath("xds_client_certificate", c.Options.XdsClientCertificatePath, c.Options.XdsClientCertificateKeyPath) + secret := generator.NewTlsSecretFromPath("xds_client_certificate", c.Options.XdsClientCertificatePath, c.Options.XdsClientCertificateKeyPath) a, err := anypb.New(secret) if err != nil { diff --git a/pkg/envoy/protos/v3/zz_generated.go b/pkg/envoy/protos/v3/zz_generated.go index 41849480..2ab0872a 100644 --- a/pkg/envoy/protos/v3/zz_generated.go +++ b/pkg/envoy/protos/v3/zz_generated.go @@ -6,6 +6,7 @@ import ( _ "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/filters/network/client_ssl_auth/v3" _ "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/filters/network/generic_proxy/action/v3" _ "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/filters/network/generic_proxy/codecs/dubbo/v3" + _ "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/filters/network/generic_proxy/codecs/http1/v3" _ "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/filters/network/generic_proxy/codecs/kafka/v3" _ "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/filters/network/generic_proxy/matcher/v3" _ "github.com/envoyproxy/go-control-plane/contrib/envoy/extensions/filters/network/generic_proxy/router/v3" @@ -39,6 +40,7 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/data/tap/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/filters/cel/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/fluentd/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/open_telemetry/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/stream/v3" @@ -108,6 +110,7 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/oauth2/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/on_demand/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/original_src/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/proto_message_logging/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rate_limit_quota/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" @@ -197,6 +200,8 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/extensions/network/dns_resolver/cares/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/network/dns_resolver/getaddrinfo/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/network/socket_interface/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/outlier_detection_monitors/common/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/outlier_detection_monitors/consecutive_errors/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/path/match/uri_template/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/path/rewrite/uri_template/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/quic/connection_id_generator/v3" @@ -219,6 +224,7 @@ import ( _ "github.com/envoyproxy/go-control-plane/envoy/extensions/stat_sinks/graphite_statsd/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/stat_sinks/open_telemetry/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/stat_sinks/wasm/v3" + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/string_matcher/lua/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/opentelemetry/resource_detectors/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/tracers/opentelemetry/samplers/v3" _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/alts/v3" diff --git a/pkg/envoy/resources/generator.go b/pkg/envoy/resources/generator.go index d8f48ed6..49b66340 100644 --- a/pkg/envoy/resources/generator.go +++ b/pkg/envoy/resources/generator.go @@ -11,7 +11,8 @@ type Generator interface { New(rType envoy.Type) envoy.Resource NewTlsCertificateSecret(string, string, string) envoy.Resource NewValidationContextSecret(string, string) envoy.Resource - NewSecretFromPath(string, string, string) envoy.Resource + NewGenericSecret(string, string) envoy.Resource + NewTlsSecretFromPath(string, string, string) envoy.Resource NewClusterLoadAssignment(string, ...envoy.UpstreamHost) envoy.Resource } diff --git a/pkg/envoy/resources/v3/resources.go b/pkg/envoy/resources/v3/resources.go index 94f03d85..7b311336 100644 --- a/pkg/envoy/resources/v3/resources.go +++ b/pkg/envoy/resources/v3/resources.go @@ -82,9 +82,21 @@ func (g Generator) NewValidationContextSecret(name, certificateChain string) env } } +func (g Generator) NewGenericSecret(name string, value string) envoy.Resource { + return &envoy_extensions_transport_sockets_tls_v3.Secret{ + Name: name, + Type: &envoy_extensions_transport_sockets_tls_v3.Secret_GenericSecret{ + GenericSecret: &envoy_extensions_transport_sockets_tls_v3.GenericSecret{ + Secret: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{InlineBytes: []byte(value)}}, + }, + }, + } +} + // NewSecretFromPath returns an envoy secret that uses path sds to get the certificate from // a path and reload it whenever the certificate files change -func (g Generator) NewSecretFromPath(name, certificateChainPath, privateKeyPath string) envoy.Resource { +func (g Generator) NewTlsSecretFromPath(name, certificateChainPath, privateKeyPath string) envoy.Resource { return &envoy_extensions_transport_sockets_tls_v3.Secret{ Name: name, diff --git a/pkg/image/zz_generated.go b/pkg/image/zz_generated.go index 3cbb1d5c..bfc58792 100644 --- a/pkg/image/zz_generated.go +++ b/pkg/image/zz_generated.go @@ -1,5 +1,5 @@ package image const ( - image string = "quay.io/3scale/marin3r:v0.13.0-alpha.1" + image string = "quay.io/3scale/marin3r:v0.13.0-alpha.2" ) diff --git a/pkg/reconcilers/marin3r/envoyconfig/reconcile_revisions_test.go b/pkg/reconcilers/marin3r/envoyconfig/reconcile_revisions_test.go index e1c27a4d..f26e5a7f 100644 --- a/pkg/reconcilers/marin3r/envoyconfig/reconcile_revisions_test.go +++ b/pkg/reconcilers/marin3r/envoyconfig/reconcile_revisions_test.go @@ -778,18 +778,18 @@ func TestRevisionReconciler_newRevisionForCurrentResources(t *testing.T) { ), want: &marin3rv1alpha1.EnvoyConfigRevision{ ObjectMeta: metav1.ObjectMeta{ - Name: "node-v3-6b64fb99b6", + Name: "node-v3-85cdf4df4", Namespace: "test", Labels: map[string]string{ filters.EnvoyAPITag: envoy.APIv3.String(), filters.NodeIDTag: "node", - filters.VersionTag: "6b64fb99b6", + filters.VersionTag: "85cdf4df4", }, }, Spec: marin3rv1alpha1.EnvoyConfigRevisionSpec{ NodeID: "node", EnvoyAPI: pointer.New(envoy.APIv3), - Version: "6b64fb99b6", + Version: "85cdf4df4", Resources: []marin3rv1alpha1.Resource{ { Type: "endpoint", diff --git a/pkg/reconcilers/marin3r/envoyconfigrevision/cache.go b/pkg/reconcilers/marin3r/envoyconfigrevision/cache.go index df75b4f9..2d631fc3 100644 --- a/pkg/reconcilers/marin3r/envoyconfigrevision/cache.go +++ b/pkg/reconcilers/marin3r/envoyconfigrevision/cache.go @@ -10,6 +10,7 @@ import ( envoy_resources "github.com/3scale-ops/marin3r/pkg/envoy/resources" envoy_serializer "github.com/3scale-ops/marin3r/pkg/envoy/serializer" "github.com/3scale-ops/marin3r/pkg/reconcilers/marin3r/envoyconfigrevision/discover" + "github.com/davecgh/go-spew/spew" "github.com/go-logr/logr" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" @@ -157,18 +158,18 @@ func (r *CacheReconciler) GenerateSnapshot(req types.NamespacedName, resources [ listeners = append(listeners, res) case envoy.Secret: + var res envoy.Resource s := &corev1.Secret{} - // The webhook will ensure this pointer is set - name := *resourceDefinition.GenerateFromTlsSecret - key := types.NamespacedName{Name: name, Namespace: req.Namespace} - if err := r.client.Get(r.ctx, key, s); err != nil { - return nil, fmt.Errorf("%s", err.Error()) - } - - // Validate secret holds a certificate - if s.Type == "kubernetes.io/tls" { - var res envoy.Resource + if resourceDefinition.GenerateFromTlsSecret != nil { + name := *resourceDefinition.GenerateFromTlsSecret + key := types.NamespacedName{Name: name, Namespace: req.Namespace} + if err := r.client.Get(r.ctx, key, s); err != nil { + return nil, fmt.Errorf("%s", err.Error()) + } + if s.Type != corev1.SecretTypeTLS { + return nil, fmt.Errorf("expected Secret of '%s' type", corev1.SecretTypeTLS) + } switch resourceDefinition.GetBlueprint() { case marin3rv1alpha1.TlsCertificate: res = r.generator.NewTlsCertificateSecret(name, string(s.Data[secretPrivateKey]), string(s.Data[secretCertificate])) @@ -176,17 +177,31 @@ func (r *CacheReconciler) GenerateSnapshot(req types.NamespacedName, resources [ res = r.generator.NewValidationContextSecret(name, string(s.Data[secretCertificate])) } - secrets = append(secrets, res) + } else if resourceDefinition.GenerateFromOpaqueSecret != nil { + name := resourceDefinition.GenerateFromOpaqueSecret.Name + key := types.NamespacedName{Name: name, Namespace: req.Namespace} + if err := r.client.Get(r.ctx, key, s); err != nil { + return nil, fmt.Errorf("%s", err.Error()) + } + if s.Type != corev1.SecretTypeOpaque { + return nil, fmt.Errorf("expected Secret of '%s' type", corev1.SecretTypeOpaque) + } + res = r.generator.NewGenericSecret(resourceDefinition.GenerateFromOpaqueSecret.Alias, string(s.Data[resourceDefinition.GenerateFromOpaqueSecret.Key])) + m := envoy_serializer.NewResourceMarshaller(envoy_serializer.YAML, envoy.APIv3) + yaml, _ := m.Marshal(res) + fmt.Println("###################################") + spew.Dump(yaml) + fmt.Println("###################################") } else { - err := resourceLoaderError( - req, name, field.NewPath("spec", "resources").Index(idx).Child("ref"), - "Only 'kubernetes.io/tls' type secrets allowed", + return nil, resourceLoaderError( + req, resourceDefinition, field.NewPath("spec", "resources").Index(idx), + "one of 'generateFromOpaqueSecret', 'generateFromTlsSecret' must be set", ) - return nil, fmt.Errorf("%s", err.Error()) - } + secrets = append(secrets, res) + case envoy.Runtime: res := r.generator.New(envoy.Runtime) if err := r.decoder.Unmarshal(string(resourceDefinition.Value.Raw), res); err != nil { diff --git a/pkg/version/zz_generated.go b/pkg/version/zz_generated.go index 83dc3824..ee868332 100644 --- a/pkg/version/zz_generated.go +++ b/pkg/version/zz_generated.go @@ -1,5 +1,5 @@ package version const ( - version string = "v0.13.0-alpha.1" + version string = "v0.13.0-alpha.2" )